| |
| |||||||
Log-Analyse und Auswertung: Windows7, Spybot findet multiple MalwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.10.2013, 19:30
| #1 |
 |  Windows7, Spybot findet multiple Malware Hallo Zusammen, Nach längerer Zeit habe ich nun erstmals mein Spybot über mein System laufen lassen. Leider zeigten sich unzählige Viren bzw. Malware, woraufhin ich hiermit Eure Hilfe ersuche. Wie empfohlen liess ich die angegeben Programme über mein System laufen. Hier folgend liste ich die entsprechenden Logfiles auf: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Dirka (ATTENTION: The logged in user is not administrator) on DIRKA-THINK on 08-10-2013 19:47:05
Running from C:\Users\Dirka\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [PoivY] - "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Runonce: [Del704687] - cmd.exe /Q /D /c del "C:\Users\Dirka\AppData\Local\Temp\0.del"
MountPoints2: {5ed9dc6f-5da2-11e0-a292-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [534880 2011-06-24] (Spigot, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-12-06] (Bandoo Media, inc)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll [1791384 2011-12-06] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll [1233816 2011-12-06] (Bandoo Media, inc)
Lsa: [Notification Packages] scecli ACGina
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL =
SearchScopes: HKCU - {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.searchqu.com/406
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\Dirka\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Searchqu Toolbar - C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: No Name - C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (Avira Toolbar) - C:\Users\Dirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.13.38650_0
CHR Extension: (Skype Click to Call) - C:\Users\Dirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-26] (Avira Operations GmbH & Co. KG)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:45 - 2013-10-08 19:46 - 01954124 _____ (Farbar) C:\Users\Dirka\Downloads\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:40 - 2013-10-08 19:40 - 00001121 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-10-08 19:40 - 2013-10-08 19:40 - 00000292 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\DigitalSite
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-08 19:39 - 2013-10-08 19:39 - 00749248 _____ C:\Users\Dirka\Downloads\ZipExtractorSetup.exe
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-09-12 19:33 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 19:33 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 19:33 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 19:33 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 19:33 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 19:33 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 19:33 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 19:33 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 19:33 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 19:33 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 19:33 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 19:33 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 08:51 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 08:51 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:51 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 08:51 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 08:51 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 08:51 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 08:51 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 08:51 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:51 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 08:51 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 08:51 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:51 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:51 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 08:51 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 08:51 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 08:51 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 08:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 17:25 - 2013-09-08 18:26 - 00000000 ____D C:\Users\Dirka\Desktop\Auswahl Schlafzimmer
2013-09-08 17:20 - 2013-09-08 17:20 - 00001117 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-09-08 17:19 - 2013-09-08 17:19 - 14965064 _____ (Google Inc.) C:\Users\Dirka\Downloads\picasa39-setup_3.9.136.20.exe
==================== One Month Modified Files and Folders =======
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:46 - 2013-10-08 19:45 - 01954124 _____ (Farbar) C:\Users\Dirka\Downloads\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2011-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-08 19:43 - 2011-07-22 11:08 - 00000000 ____D C:\Users\Save
2013-10-08 19:43 - 2011-04-03 05:58 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-08 19:41 - 2012-11-24 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 19:40 - 2013-10-08 19:40 - 00001121 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-10-08 19:40 - 2013-10-08 19:40 - 00000292 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\DigitalSite
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-08 19:39 - 2013-10-08 19:39 - 00749248 _____ C:\Users\Dirka\Downloads\ZipExtractorSetup.exe
2013-10-08 19:36 - 2011-04-03 05:58 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-08 19:36 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 19:36 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 19:34 - 2011-04-03 05:31 - 01062959 _____ C:\Windows\WindowsUpdate.log
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-08 19:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 19:28 - 2009-07-14 06:51 - 00141730 _____ C:\Windows\setupact.log
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-10-03 15:04 - 2011-07-21 22:09 - 00000000 ____D C:\Users\Dirka
2013-10-03 15:03 - 2011-12-12 12:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-20 21:55 - 2011-04-03 15:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-20 21:55 - 2011-04-03 15:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-20 21:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 21:42 - 2012-11-24 20:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 21:42 - 2011-07-22 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-14 23:48 - 2011-07-23 13:55 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\Skype
2013-09-13 07:41 - 2013-05-18 00:48 - 00000000 ____D C:\Users\Dirka\AppData\Local\Mozilla Firefox
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 00:29 - 2009-07-14 06:45 - 00460216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:34 - 2011-08-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 19:33 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 19:30 - 2011-07-22 17:37 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-08 18:26 - 2013-09-08 17:25 - 00000000 ____D C:\Users\Dirka\Desktop\Auswahl Schlafzimmer
2013-09-08 18:12 - 2013-09-07 16:38 - 00000000 ____D C:\Users\Dirka\Desktop\gui y christian
2013-09-08 17:53 - 2013-08-29 16:03 - 00000000 ____D C:\Users\Dirka\Desktop\100_PANA
2013-09-08 17:20 - 2013-09-08 17:20 - 00001117 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-09-08 17:20 - 2011-08-18 16:24 - 00000000 ____D C:\Users\Dirka\AppData\Local\Google
2013-09-08 17:20 - 2011-08-10 14:29 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 17:19 - 2013-09-08 17:19 - 14965064 _____ (Google Inc.) C:\Users\Dirka\Downloads\picasa39-setup_3.9.136.20.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Dirka at 2013-10-08 19:48:48
Running from C:\Users\Dirka\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Registry Patch to arrange icons in Device and Printers folder of Windows 7 (Version: 1.00)
Access Help (x32 Version: 3.00)
Adobe AIR (x32 Version: 3.5.0.880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.4.5 (x32 Version: 9.4.5)
Anzeige am Bildschirm (Version: 6.10.01)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.5.0.3661)
Cisco AnyConnect VPN Client (x32 Version: 2.5.2019)
Create Recovery Media (x32 Version: 1.20.0.00)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
DirectX 9 Runtime (x32 Version: 1.00.0000)
EndNote X5 (x32 Version: 15.0.0.5478)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.00.0000)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
JMicron Flash Media Controller Driver (x32 Version: 1.00.29.02)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo System Interface Driver (Version: 1.02)
Lenovo ThinkVantage Toolbox (Version: 6.0.5717.21)
Lenovo Welcome (x32 Version: 2.02.003.0)
Malwarebytes' Anti-Malware Version 1.51.1.1800 (x32 Version: 1.51.1.1800)
Message Center Plus (x32 Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Hotmail Connector 64-Bit (Version: 14.0.5118.5000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Broadband (x32 Version: 3.6.0006)
Mozilla Firefox 21.0 (x86 de) (HKCU Version: 21.0)
Mozilla Firefox 6.0 (x86 de) (x32 Version: 6.0)
Mozilla Thunderbird (3.1.16) (x32 Version: 3.1.16 (en-GB))
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero Burning ROM 11 (x32 Version: 11.0.10500)
Nero Burning ROM 11 (x32 Version: 11.0.12500.24.100)
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300)
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Core Components 11 (x32 Version: 11.0.15600.1.17)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.11500.28.0)
nero.prerequisites.msi (x32 Version: 11.0.20008)
Open It! (x32 Version: 1.1.1)
PASW Smartreader 18 (x32 Version: 18.0.1)
PDFCreator (x32 Version: 1.2.2)
pdfforge Toolbar v4.5 (x32 Version: 4.5)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.30.0025.00)
ResearchSoft Direct Export Helper (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio Central Audio (x32 Version: 3.8.0)
Roxio Central Copy (x32 Version: 3.8.0)
Roxio Central Core (x32 Version: 3.8.0)
Roxio Central Data (x32 Version: 3.8.0)
Roxio Central Tools (x32 Version: 3.8.0)
Roxio Creator Small Business Edition (x32 Version: 10.3)
Roxio Creator Small Business Edition (x32 Version: 10.3.081)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Saal Design Software (x32 Version: 3.1.26)
Secunia PSI (2.0.0.3003) (x32)
Secure Download Manager (x32 Version: 3.0.0)
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Sonic Icons for Lenovo (x32 Version: 2.0.0)
SPSS SmartViewer 15G (x32 Version: 15.0.1)
Spybot - Search & Destroy (x32 Version: 1.6.2)
System Update (x32 Version: 4.00.0032)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.0.9600)
ThinkPad Energie-Manager (x32 Version: 3.30)
ThinkPad FullScreen Magnifier (Version: 2.15)
ThinkPad Power Management Driver (Version: 1.60.0.4)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkVantage Access Connections (x32 Version: 5.72)
ThinkVantage Communications Utility (Version: 1.42)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.72)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Zip Extractor (HKCU)
VD64Inst (Version: 1.00.0000)
Verizon Wireless Mobile Broadband Self Activation (x32 Version: 3.1.4)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Wartung Samsung CLP-320 Series (x32)
Windows iLivid Toolbar (x32 Version: 3.0.0.118320)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Intel (iaStor) hdc (01/15/2010 9.5.7.1002) (Version: 01/15/2010 9.5.7.1002)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)
==================== Restore Points =========================
Could not list Restore Points.
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Dirka\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => ?
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => ?
==================== Loaded Modules (whitelisted) =============
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-04-03 05:43 - 2010-08-24 20:30 - 00047616 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Dirka\Desktop\10x15 (2).JPG:Roxio EMC Stream
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/08/2013 07:15:48 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11d0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (10/07/2013 09:29:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x1158
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/20/2013 07:21:42 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11f0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/18/2013 09:32:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/16/2013 06:07:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11d4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/14/2013 10:29:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11a0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/13/2013 11:03:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x128c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6302
Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6302
Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%0
Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/07/2013 09:29:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/07/2013 09:29:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (10/07/2013 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/07/2013 09:29:56 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5
Error: (10/07/2013 07:13:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (10/07/2013 07:13:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Service erreicht.
Microsoft Office Sessions:
=========================
Error: (10/08/2013 07:15:48 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711d001cec3e5695b6bd1C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeb07cce28-2fd8-11e3-b8f4-60eb69fcc3ee
Error: (10/07/2013 09:29:46 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487115801cec3938b7875b1C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exed2a8204a-2f86-11e3-b45b-60eb69fcc3ee
Error: (09/20/2013 07:21:42 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711f001ceb5c140c3248eC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe87dd62c4-21b4-11e3-a293-60eb69fcc3ee
Error: (09/18/2013 09:32:17 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711e401ceb4a5bf2a4783C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe06506c9b-2099-11e3-ae4a-60eb69fcc3ee
Error: (09/16/2013 06:07:54 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711d401ceb2f6dd311490C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe244b52c6-1eea-11e3-a64a-60eb69fcc3ee
Error: (09/14/2013 10:29:21 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711a001ceb1890e36868bC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe559cf0ca-1d7c-11e3-81b1-60eb69fcc3ee
Error: (09/13/2013 11:03:44 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487128c01ceb0c4b10f6ba7C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exef925bd42-1cb7-11e3-9857-60eb69fcc3ee
Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6302
Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6302
Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 41%
Total physical RAM: 3932.86 MB
Available physical RAM: 2307.86 MB
Total Pagefile: 7863.91 MB
Available Pagefile: 5900.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:298.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.91 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-08 20:13:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PC4Z 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Save\AppData\Local\Temp\kglcipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Secunia\PSI\sua.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[1568] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[1568] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077871465 2 bytes [87, 77]
.text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778714bb 2 bytes [87, 77]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9de5ed2
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9de5ed2 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Gruss, Peter Pan. |
|
08.10.2013, 20:48
| #2 |
| /// the machine /// TB-Ausbilder    | Windows7, Spybot findet multiple Malware hi,
__________________Logfile von Spybot?
__________________ |
|
09.10.2013, 06:31
| #3 |
| | Windows7, Spybot findet multiple Malware Hallo nochmal,
__________________Vielen Dank für die Bearbeitung. Folgendes müsste die Spybot-logfile sein, wnen ich´s richtig verstehe: (die logfile wird als zu gross erkannt, daher splitte ich sie in zwei Teile) Teil 1: Code:
ATTFilter --- Search result list ---
Widgi.Toolbar: [SBI $21855786] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $BA954ED7] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $59BF3ADB] Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $DABAA047] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420
Widgi.Toolbar: [SBI $DABAA047] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420
Widgi.Toolbar: [SBI $885BB76E] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Application Updater
Widgi.Toolbar: [SBI $CD244338] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $EECF060A] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420
Widgi.Toolbar: [SBI $66BF948F] IE toolbar (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $16C3A07B] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\
Widgi.Toolbar: [SBI $000389AB] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\
Widgi.Toolbar: [SBI $1E14509F] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res\
Widgi.Toolbar: [SBI $E1F050EF] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\
Widgi.Toolbar: [SBI $03E18DB3] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\IE\
Widgi.Toolbar: [SBI $60A6F1DA] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\Res\
Widgi.Toolbar: [SBI $65C7C8B1] Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
Widgi.Toolbar: [SBI $65C7C8B1] System file (File, nothing done)
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
Properties.size=393112
Properties.md5=2C6DEF132CC6CF5A9DEF7B7EB35A7756
Properties.filedate=1308929448
Properties.filedatetext=2011-06-24 17:30:48
Widgi.Toolbar: [SBI $5AE37010] Shared DLL (1 apps) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Widgi.Toolbar: [SBI $5AE37010] System file (File, nothing done)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Properties.size=534880
Properties.md5=DA40D166282A6D3D78CE182E3E2F9B71
Properties.filedate=1308932560
Properties.filedatetext=2011-06-24 18:22:40
Widgi.Toolbar: [SBI $0B12F9B5] Program directory (Directory, nothing done)
C:\Program Files (x86)\Application Updater\
Widgi.Toolbar: [SBI $B5E507B2] Text file (File, nothing done)
C:\Program Files (x86)\Application Updater\config.ini
Properties.size=85
Properties.md5=9E44EB00BBA056FA9B8440EF1D6C356E
Properties.filedate=1313656301
Properties.filedatetext=2011-08-18 10:31:40
Widgi.Toolbar: [SBI $05E59E37] Program directory (Directory, nothing done)
C:\Program Files (x86)\Common Files\Spigot\
Widgi.Toolbar: [SBI $9DDBABD2] Program directory (Directory, nothing done)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\
Widgi.Toolbar: [SBI $10B6A612] Data (File, nothing done)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini
Properties.size=45
Properties.md5=DD9603D0052E892266D2C9AE59062A4B
Properties.filedate=1313656301
Properties.filedatetext=2011-08-18 10:31:40
Widgi.Toolbar: [SBI $2CCE143F] Program directory (Directory, nothing done)
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res\
Widgi.Toolbar: [SBI $E91FEAE1] Program directory (Directory, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\
Widgi.Toolbar: [SBI $D23DEEBB] Program directory (Directory, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\IE\
Widgi.Toolbar: [SBI $47F603E8] Program directory (Directory, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\amazon.gif
Properties.size=976
Properties.md5=2113CCD1843F1BEFF79E9E5013CB1F45
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\ebay.gif
Properties.size=920
Properties.md5=6184113E3CEA69ED84DEBF9EBC15614D
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\icon_settings.gif
Properties.size=941
Properties.md5=934612DB06B052027E26EA362B5FC57B
Properties.filedate=1308926332
Properties.filedatetext=2011-06-24 16:38:52
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_branding.gif
Properties.size=1365
Properties.md5=651B9292689487D15DF55F6AD14A2057
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_branding_hover.gif
Properties.size=1462
Properties.md5=312F2B09641BA1003A9F1EE14EE79F6A
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_icon.gif
Properties.size=1027
Properties.md5=299A1911C0C28C39556F9C7D1B219A7D
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_portal_logo.gif
Properties.size=2695
Properties.md5=7FA0C2F788B637949004F892263BDDFE
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search-button-hover.gif
Properties.size=1029
Properties.md5=4922C75F4D9975F847E2CAE95D69BC09
Properties.filedate=1308926332
Properties.filedatetext=2011-06-24 16:38:52
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search-button.gif
Properties.size=1037
Properties.md5=4950662A97FB05D1C5DCE6A2192ADB8E
Properties.filedate=1308926332
Properties.filedatetext=2011-06-24 16:38:52
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search-chevron-hover.gif
Properties.size=948
Properties.md5=03D6C15A2D04370DB72FC1D43F92B3E6
Properties.filedate=1308926332
Properties.filedatetext=2011-06-24 16:38:52
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search-chevron.gif
Properties.size=846
Properties.md5=4FE6D25A5D981847730E75DA391B66DC
Properties.filedate=1308926332
Properties.filedatetext=2011-06-24 16:38:52
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search_amazon.gif
Properties.size=1004
Properties.md5=2329A190840620B30D80C7E8F4B4C51C
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search_ebay.gif
Properties.size=929
Properties.md5=69286ABD58F84241A321A06D14A3B1BE
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $0C74B726] Picture (File, nothing done)
C:\Program Files (x86)\pdfforge Toolbar\Res\search_yahoo.gif
Properties.size=941
Properties.md5=7C8E1580C8FFDD48909C6BE4FAABE2DA
Properties.filedate=1308926330
Properties.filedatetext=2011-06-24 16:38:50
Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater
Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater
Widgi.Toolbar: [SBI $B9464833] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Application Updater
Widgi.Toolbar: [SBI $B9464833] System Service (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Application Updater
Widgi.Toolbar: [SBI $E4808FA3] Settings (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Application Updater\
Delta.Toolbar: [SBI $20319BF7] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\DataMngr
Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr
Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr
Delta.Toolbar: [SBI $6BE91D8E] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\DataMngr_Toolbar
ilivid.Toolbar: [SBI $C587F2AD] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $16402865] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
ilivid.Toolbar: [SBI $16402865] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader
ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1
ilivid.Toolbar: [SBI $321DA5BC] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $321DA5BC] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1
ilivid.Toolbar: [SBI $321DA5BC] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $321DA5BC] Browser helper object (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader
ilivid.Toolbar: [SBI $96F49016] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $96F49016] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}
ilivid.Toolbar: [SBI $AA2E574B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
ilivid.Toolbar: [SBI $AA2E574B] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
ilivid.Toolbar: [SBI $D6ADF7FF] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
ilivid.Toolbar: [SBI $D6ADF7FF] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
ilivid.Toolbar: [SBI $731A7BA1] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
ilivid.Toolbar: [SBI $731A7BA1] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
ilivid.Toolbar: [SBI $78A06FCC] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
ilivid.Toolbar: [SBI $78A06FCC] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
ilivid.Toolbar: [SBI $78A06FCC] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
ilivid.Toolbar: [SBI $78A06FCC] Class ID (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}
ilivid.Toolbar: [SBI $E1BC31E6] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
ilivid.Toolbar: [SBI $E1BC31E6] Root class (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
ilivid.Toolbar: [SBI $AE815289] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
ilivid.Toolbar: [SBI $AE815289] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
ilivid.Toolbar: [SBI $79F07338] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
ilivid.Toolbar: [SBI $79F07338] Settings (Registry key, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
ilivid.Toolbar: [SBI $02FE75BF] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
ilivid.Toolbar: [SBI $02FE75BF] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
ilivid.Toolbar: [SBI $AD51DBF4] Program directory (Directory, nothing done)
C:\Users\Dirka\AppData\LocalLow\DataMngr\
Widgi.Toolbar: [SBI $371BD888] Autorun settings (SearchSettings) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings
Ask.MyGlobalSearch: [SBI $115DC360] User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\Ask.com
Ask.MyGlobalSearch: [SBI $115DC360] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\Ask.com
Ask.MyGlobalSearch: [SBI $9FA3D6C1] User settings (Registry key, nothing done)
HKEY_USERS\.DEFAULT\Software\AskToolbar
Ask.MyGlobalSearch: [SBI $9FA3D6C1] User settings (Registry key, nothing done)
HKEY_USERS\S-1-5-18\Software\AskToolbar
MediaPlex: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
FastClick: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-02-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-09-10 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-02 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-01 Includes\TrojansC-03.sbi (*)
2013-09-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-09-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 937920
MD5: 47C1DE0A890613FFCFF1D67648EEDF90
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 69169586EFAD19F53C2012FFD8FDCF45
Located: HK_LM:Run, ApnTBMon
command: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
file: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
size: 1558480
MD5: 3FD2D921EA76F7B64D4F362612B569E1
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59720
MD5: 61E4289E91E88C90478D7F4BEB10DCF7
Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 347192
MD5: 99DA1D6BB12C09D06B627AE0F1753789
Located: HK_LM:Run, DATAMNGR
command: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
file: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
size: 1694608
MD5: D8B3EB0A5B5FDBC1609E4E2B66CE3F93
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 152392
MD5: A9F9D081518AC03A51C1195986076F42
Located: HK_LM:Run, Message Center Plus
command: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
file: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
size: 49976
MD5: 3B376496187AB240FAC6ECD7BD1251F6
Located: HK_LM:Run, PWMTRV
command: rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
file: C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL
size: 1129832
MD5: 8F9D8F68DD4892AF17EB3996FE03689A
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 9ACCBC5891BA51B5B29C1A88F80D4CE3
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
file: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
size: 244208
MD5: AA2D2B5663D5227E6BE5849E6D7DA882
Located: HK_LM:Run, Samsung PanelMgr
command: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
file: C:\Windows\Samsung\PanelMgr\SSMMgr.exe
size: 688128
MD5: 1ED7FD4B342AE1CA57969B0C01667D85
Located: HK_LM:Run, SearchSettings
command: "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
file: C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
size: 534880
MD5: DA40D166282A6D3D78CE182E3E2F9B71
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
Located: HK_CU:RunOnce, SPReview
where: .DEFAULT...
command: "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
file: C:\Windows\System32\SPReview\SPReview.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, msnmsgr
where: S-1-5-21-2504536262-671961439-3406205668-1001...
command: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, PoivY
where: S-1-5-21-2504536262-671961439-3406205668-1001...
command: "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
file: C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Sidebar
where: S-1-5-21-2504536262-671961439-3406205668-1001...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3
Located: HK_CU:RunOnce, SPReview
where: S-1-5-18...
command: "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
file: C:\Windows\System32\SPReview\SPReview.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Bluetooth.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
file: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (common), Secunia PSI Tray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
file: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
size: 291896
MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 22.09.2010 18:04:14
Date (last access): 22.07.2011 18:24:56
Date (last write): 22.09.2010 18:04:14
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195
{41564952-412D-5637-00A7-7A786E7484D7} (Avira SearchFree Toolbar plus Web Protection BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Avira SearchFree Toolbar plus Web Protection BHO
CLSID name: Avira SearchFree Toolbar plus Web Protection
Path: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\
Long name: Passport.dll"
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 16.08.2012 06:43:44
Date (last access): 16.11.2012 00:45:46
Date (last write): 16.08.2012 06:43:44
Filesize: 4171424
Attributes: archive
MD5: 660C8E78B94F483E44B0243A774A4746
CRC32: AA836D07
Version: 14.0.6126.5000
{99079a25-328f-4bd4-be04-00955acaa0a7} (Searchqu Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Searchqu Toolbar
CLSID name: Searchqu Toolbar
Path: C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\
Long name: searchqudtx.dll
Short name: SEARCH~2.DLL
Date (created): 31.10.2011 15:37:30
Date (last access): 04.02.2012 19:51:44
Date (last write): 31.10.2011 15:37:30
Filesize: 88976
Attributes: archive
MD5: AD14E447F7CED4CA987B91B379EAF952
CRC32: 03993075
Version: 1.0.0.20
{9D717F81-9148-4f12-8568-69135F087DB0} (DataMngr)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: DataMngr
Path: C:\PROGRA~2\WI3C8A~1\Datamngr\
Long name: BrowserConnection.dll
Short name: BROWSE~1.DLL
Date (created): 04.02.2012 19:51:48
Date (last access): 04.02.2012 19:51:48
Date (last write): 06.12.2011 12:18:06
Filesize: 101272
Attributes: archive
MD5: F56B3F868CE3AE9A4A81B5AEA7C8806E
CRC32: E54D795B
Version: 3.5.0.0
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: SkypeIEPluginBHO
CLSID name: Skype Browser Helper
Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
Long name: skypeieplugin.dll
Short name: SKYPEI~1.DLL
Date (created): 17.01.2012 11:43:46
Date (last access): 22.04.2012 16:02:04
Date (last write): 17.01.2012 11:43:46
Filesize: 3855520
Attributes: archive
MD5: 70CE1DA6684A7043B0008C2F2E286E27
CRC32: 146CBAA3
Version: 5.9.0.9216
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 21.12.2010 02:05:22
Date (last access): 29.11.2011 11:13:44
Date (last write): 21.12.2010 02:05:22
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{B922D405-6D13-4A2B-AE89-08A030DA4402} (pdfforge Toolbar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: pdfforge Toolbar
Path: C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\
Long name: pdfforgeToolbarIE.dll
Short name: PDFFOR~1.DLL
Date (created): 24.06.2011 18:22:38
Date (last access): 18.08.2011 10:31:42
Date (last write): 24.06.2011 18:22:38
Filesize: 734048
Attributes: archive
MD5: 808CA0E4D7B62E5B3B2D5AC278D3BF8E
CRC32: 90BB5742
Version: 4.5.0.2
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
Date (last write): 22.07.2011 17:32:58
Filesize: 42272
Attributes: archive
MD5: E7D55E121FF1951CB86C7E0DC6A33877
CRC32: 0EA0302A
Version: 6.0.260.3
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
Date (last write): 22.07.2011 17:32:58
Filesize: 112416
Attributes: archive
MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
CRC32: 18200451
Version: 6.0.260.3
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
Date (last write): 22.07.2011 17:32:58
Filesize: 112416
Attributes: archive
MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
CRC32: 18200451
Version: 6.0.260.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_26.dll
Short name: NPJPI1~1.DLL
Date (created): 22.07.2011 17:33:00
Date (last access): 22.07.2011 17:33:00
Date (last write): 22.07.2011 17:33:00
Filesize: 141088
Attributes: archive
MD5: 9210B3BC2BC4FF4F4281F7D7C294233A
CRC32: B23F2824
Version: 6.0.260.3
--- Process list ---
PID: 0 ( 0) [System]
PID: 3028 (1692) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
size: 78272
MD5: 61EEA3608B65D6750B4BE7838679C861
PID: 3324 ( 720) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
size: 402792
MD5: EA0547A5917CC00AA669E8303D83533F
PID: 3408 (1496) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
size: 69560
MD5: 385ABC29C668B9B469FAD0F7CE00094D
PID: 3544 (3408) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
size: 176056
MD5: 508970745C2E5749C65B86C6FBC6A710
PID: 3588 (3408) C:\Program Files\Lenovo\Zoom\TpScrex.exe
size: 144824
MD5: 9C4721B9D7300B0D79E46BAA25EBC56A
PID: 3604 (1496) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
size: 62312
MD5: FD334D8C75FA3AD04B0211E4F99BDDFD
PID: 3852 (1496) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
size: 291896
MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7
PID: 4044 (3776) C:\Windows\SysWOW64\rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 4060 (3776) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
size: 49976
MD5: 3B376496187AB240FAC6ECD7BD1251F6
PID: 4084 (3776) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
PID: 2488 (3776) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
size: 534880
MD5: DA40D166282A6D3D78CE182E3E2F9B71
PID: 2776 (3776) C:\Windows\Samsung\PanelMgr\SSMMgr.exe
size: 688128
MD5: 1ED7FD4B342AE1CA57969B0C01667D85
PID: 3296 (3776) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
size: 1694608
MD5: D8B3EB0A5B5FDBC1609E4E2B66CE3F93
PID: 3504 (3776) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 152392
MD5: A9F9D081518AC03A51C1195986076F42
PID: 3444 (3776) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 347192
MD5: 99DA1D6BB12C09D06B627AE0F1753789
PID: 1304 (3776) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
size: 1558480
MD5: 3FD2D921EA76F7B64D4F362612B569E1
PID: 4120 (1496) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5324 (1496) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
size: 924632
MD5: 2DE2B92C4EFEF841CEAA9752FC8FA91F
PID: 1300 (5324) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: D414B8313C8BFC99C438E178B35D821C
PID: 6032 (1300) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
size: 1862024
MD5: 18F20138A715E0677A24A0986BC9AEA2
PID: 6000 (6032) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
size: 1862024
MD5: 18F20138A715E0677A24A0986BC9AEA2
PID: 3380 ( 720) C:\Windows\SysWOW64\DllHost.exe
size: 7168
MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID: 4 ( 0) System
PID: 336 ( 4) smss.exe
PID: 488 ( 476) csrss.exe
PID: 536 ( 476) wininit.exe
size: 96256
PID: 544 ( 528) csrss.exe
PID: 584 ( 536) services.exe
PID: 608 ( 536) lsass.exe
PID: 616 ( 536) lsm.exe
PID: 720 ( 584) svchost.exe
size: 20992
PID: 764 ( 528) winlogon.exe
PID: 832 ( 584) ibmpmsvc.exe
PID: 892 ( 584) svchost.exe
size: 20992
PID: 948 ( 584) svchost.exe
size: 20992
PID: 996 ( 584) svchost.exe
size: 20992
PID: 356 ( 584) svchost.exe
size: 20992
PID: 480 ( 584) svchost.exe
size: 20992
PID: 528 ( 948) audiodg.exe
PID: 1064 ( 584) RtkAudioService64.exe
PID: 1088 (1064) RAVBg64.exe
PID: 1104 ( 584) vpnagent.exe
PID: 1136 ( 584) svchost.exe
size: 20992
PID: 1228 ( 996) wlanext.exe
size: 77312
PID: 1236 ( 488) conhost.exe
PID: 1408 ( 584) spoolsv.exe
PID: 1464 ( 584) sched.exe
PID: 1588 ( 584) svchost.exe
size: 20992
PID: 1692 ( 584) TPHKSVC.exe
PID: 1732 ( 584) AcPrfMgrSvc.exe
PID: 1800 (1692) tpnumlk.exe
PID: 1888 ( 584) apnmcp.exe
PID: 1924 ( 584) AppleMobileDeviceService.exe
PID: 1976 ( 584) ApplicationUpdater.exe
PID: 2000 ( 584) mDNSResponder.exe
PID: 2040 ( 584) EvtEng.exe
PID: 1444 ( 584) svchost.exe
size: 20992
PID: 1008 ( 584) PresentationFontCache.exe
PID: 2228 ( 584) CamMute.exe
PID: 2252 ( 584) micmute.exe
PID: 2276 ( 584) TPKNRSVC.exe
PID: 2304 ( 584) lvvsst.exe
PID: 2384 ( 584) RegSrvc.exe
PID: 2424 ( 584) psia.exe
PID: 2532 ( 584) svchost.exe
size: 20992
PID: 2616 ( 584) AcSvc.exe
PID: 2752 ( 584) SDWinSec.exe
PID: 2888 ( 584) C:\Windows\System32\taskhost.exe
PID: 2928 (2304) virtscrl.exe
PID: 3064 ( 996) C:\Windows\System32\dwm.exe
PID: 1496 (2968) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 2372 ( 720) unsecapp.exe
PID: 2196 ( 720) WmiPrvSE.exe
PID: 3420 (1496) C:\Windows\System32\TpShocks.exe
PID: 3456 (1496) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 11049576
MD5: 21DABCD4A7AF0F0F33CB6DD5BE640391
PID: 3520 (1496) C:\Windows\System32\hkcmd.exe
PID: 3528 (1496) C:\Windows\System32\igfxpers.exe
PID: 3596 ( 720) C:\Windows\System32\igfxsrvc.exe
PID: 3624 (2616) SvcGuiHlpr.exe
PID: 3732 (1496) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 2097960
MD5: E24810944B2EB49862D835CA5B7E6E43
PID: 3760 (1496) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1475584
MD5: E3BF29CED96790CDAAFA981FFDDF53A3
PID: 3812 (1496) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
size: 1079584
MD5: AA26F685222B5F1D87CF9860D4FA2A34
PID: 4004 (3732) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 146216
MD5: 1F1E89A31CF9CDCDADA81EFAEB303948
PID: 2608 (4044) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 3512 (2776) C:\Windows\Samsung\PanelMgr\caller64.exe
size: 306688
MD5: EC57F3164C58640D13F6F544BD5DB853
PID: 2188 ( 720) C:\Windows\System32\igfxext.exe
PID: 4932 ( 584) avguard.exe
PID: 5052 ( 584) iPodService.exe
PID: 5096 ( 584) sua.exe
PID: 1944 (4932) avshadow.exe
PID: 4772 ( 584) avwebgrd.exe
PID: 4844 ( 584) SearchIndexer.exe
size: 427520
PID: 4700 (3732) SynTPHelper.exe
PID: 4472 ( 584) btwdins.exe
PID: 4440 ( 584) iviRegMgr.exe
PID: 3392 ( 584) NASvc.exe
PID: 4424 ( 584) SUService.exe
PID: 108 ( 584) tvt_reg_monitor_svc.exe
PID: 680 ( 584) svchost.exe
size: 20992
PID: 4972 ( 584) wmpnetwk.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 07.10.2013 21:52:09
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://lenovo.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://lenovo.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: AVSDA over [MSAFD-Tcpip [TCP/IP]]
GUID: {F8E8D1E1-492E-4AC2-B830-1E0F6BB22D23}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 1: AVSDA over [MSAFD-Tcpip [UDP/IP]]
GUID: {B428C49F-5C05-43F8-AEED-476CA1E76595}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 2: AVSDA over [MSAFD-Tcpip [TCP/IPv6]]
GUID: {B74A360A-37D1-4E17-B569-F71995F11424}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 3: AVSDA over [MSAFD-Tcpip [UDP/IPv6]]
GUID: {955B220A-C24F-4BA4-8143-96C16047BD30}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 4: AVSDA over [RSVP-TCPv6-Dienstanbieter]
GUID: {5AEBD619-6AF2-425A-89EA-66877A3E6795}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 5: AVSDA over [RSVP-TCP-Dienstanbieter]
GUID: {4FBDE27C-B8AE-47BA-A63D-40B1E00BD42F}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 6: AVSDA over [RSVP-UDPv6-Dienstanbieter]
GUID: {9635B786-7A00-4427-92E2-FDF25A5013F0}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 7: AVSDA over [RSVP-UDP-Dienstanbieter]
GUID: {A413B60A-CFF5-44C8-BD4E-09D4C78A53D4}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 19: AVSDA
GUID: {14072000-1136-5503-4156-504F504C5350}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
--- Uninstall list ---
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): 1394ohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OHCI-konformer 1394-Hostcontroller
Image path: \SystemRoot\system32\drivers\1394ohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI-Treiber
Image path: system32\drivers\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): AcpiPmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ACPI-Energieanzeigetreiber
Image path: \SystemRoot\system32\drivers\acpipmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AcPrfMgrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
Image size: 124264
Image MD5: 40C186D35C0E307240D6BCA399332B24
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): AcSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
Image size: 259432
Image MD5: 51E12E36BDEB10C0D9DBDB1FA4914800
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,winmgmt
Service (registry key): AdobeFlashPlayerUpdateSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe Flash Player Update Service
Description: Mit diesem Dienst ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes.
Object name: LocalSystem
Image path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Image size: 257416
Image MD5: 24A0876D07EF356DCBC1D7A7929354AB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\afd.sys,-1000
Description: @%systemroot%\system32\drivers\afd.sys,-1000
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP-Bus-Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AmdPPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdsata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdsbs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdxata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\amdxata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): AntiVirSchedulerService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira Planer
Description: Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
Image size: 84024
Image MD5: 3EC77A3849350B40D2D9002BA560E554
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira Echtzeit-Scanner
Description: Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
Image size: 108088
Image MD5: 1D6D44493488923CF6E82339E189EAD6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AntiVirWebService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira Browser-Schutz
Description: Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
Image size: 815160
Image MD5: 6C5595EC0F009EF7D73EBBE11AA33C3D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: AntiVirService
Service (registry key): APNMCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ask Aktualisierungsdienst
Description: Der Ask Aktualisierungsdienst bringt die Ask Toolbar-Software immer auf den neuesten Stand.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
Image size: 168400
Image MD5: D41231AECFEE88973D56AEC2EE5B962D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): AppID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-102
Description: @%systemroot%\system32\appidsvc.dll,-103
Image path: \SystemRoot\system32\drivers\appid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: FltMgr,DisCache
Service (registry key): AppIDSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-100
Description: @%systemroot%\system32\appidsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,AppID,CryptSvc
Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc
Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Image size: 57008
Image MD5: 4FE5C6D40664AE07BE5105874357D2ED
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): Application Updater
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Application Updater
Description: Automatically downloads and installs application updates.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
Image size: 393112
Image MD5: 2C6DEF132CC6CF5A9DEF7B7EB35A7756
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE-Kanal
Image path: system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS
Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira mini-filter driver
Image path: system32\DRIVERS\avgntflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira Security Enhancement Driver
Image path: system32\DRIVERS\avipbb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): avkmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avkmgr
Description: Avira Manager Driver
Image path: system32\DRIVERS\avkmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AxInstSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
Description: @%SystemRoot%\system32\AxInstSV.dll,-104
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): b06bdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II VBD
Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): b57nd60a
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Image path: system32\DRIVERS\b57nd60a.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): BDESVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bdesvc.dll,-100
Description: @%SystemRoot%\system32\bdesvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem
Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Dienst "Bonjour"
Description: Damit können Hardwaregeräte und Softwaredienste im Netzwerk eine automatische Selbstkonfiguration durchführen und ihre Verfügbarkeit anzeigen.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 462184
Image MD5: EBBCD5DFBB1DE70E8F4AF8FA59E401FD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-102
Description: @%systemroot%\system32\browser.dll,-103
Image path: system32\DRIVERS\bowser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\System32\Drivers\Brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BthEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Anforderungsblocktreiber
Image path: \SystemRoot\system32\drivers\BthEnum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BthPan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Image path: system32\DRIVERS\bthpan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Porttreiber
Image path: \SystemRoot\System32\Drivers\BTHport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): bthserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Description: @%SystemRoot%\System32\bthserv.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): BTHUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Treiber für Bluetooth-Funkgerät
Image path: \SystemRoot\System32\Drivers\BTHUSB.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Audiogerät
Image path: system32\drivers\btwaudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwavdt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth AVDT
Image path: system32\DRIVERS\btwavdt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwdins
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Service
Description: Dient zum Installieren und Entfernen von Bluetooth-Geräten.
Object name: LocalSystem
Image path: C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
Image size: 864032
Image MD5: D65AA164ACD0F6706DBCFBBCC9731584
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): btwl2cap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth L2CAP Service
Image path: system32\DRIVERS\btwl2cap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwrchid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\btwrchid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM-Laufwerktreiber
Image path: \SystemRoot\system32\drivers\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\DRIVERS\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\clfs.sys,-100
Description: @%SystemRoot%\system32\clfs.sys,-101
Image path: System32\CLFS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66384
Image MD5: D88040F816FDA31C3B466F0FA0918F29
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v2.0.50727_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Image size: 89920
Image MD5: D1CEEA2B47CB998321C579651CE3E4F8
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v4.0.30319_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Image size: 130384
Image MD5: C5A75EB48E2344ABDC162BDA79E16841
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v4.0.30319_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Image size: 138576
Image MD5: C6F9AF94DCD58122A4D7E89DB6BED29D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku
Image path: system32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): CNG
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\cng.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery-Treiber
Image path: system32\DRIVERS\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): CompositeBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Busenumeratortreiber für Verbundgeräte
Image path: \SystemRoot\system32\drivers\CompositeBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS
Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): defragsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\defragsvc.dll,-101
Description: @%SystemRoot%\system32\defragsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup
Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
Description: @%SystemRoot%\system32\dhcpcore.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd
Service (registry key): discache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\discache.sys,-102
Description: @%systemroot%\system32\drivers\discache.sys,-101
Image path: System32\drivers\discache.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Laufwerktreiber
Image path: system32\DRIVERS\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx,nsi
Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost
Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Trusted Audio Drivers
Image path: system32\drivers\drmkaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso
Service (registry key): ebdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II 10 GigE VBD
Image path: \SystemRoot\system32\DRIVERS\evbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): EFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\efssvc.dll,-100
Description: @%SystemRoot%\system32\efssvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 696832
Image MD5: C4002B6B41975F057D98C439030CEA07
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 127488
Image MD5: 4705E8EF9934482C5BB488CE28AFC681
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Hardwarefehler-Gerätetreiber
Image path: \SystemRoot\system32\drivers\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): EvtEng
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Event Log
Description: Manages the event trace messages for all the Intel® PROSet/Wireless Software components.
Object name: LocalSystem
Image path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Image size: 1420560
Image MD5: 51643EE2712D9212E1E53CA7E8D8EB4A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fxsresm.dll,-118
Description: @%systemroot%\system32\fxsresm.dll,-122
Object name: NT AUTHORITY\NetworkService
Image path: %systemroot%\system32\fxssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: \SystemRoot\system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http
Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http
Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
Image path: system32\drivers\fileinfo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr
Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
Image path: system32\drivers\filetrace.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
Image path: system32\drivers\fltmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3
Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Image size: 42856
Image MD5: A8B7F3818AB65695E3A0BB3279F6DCE6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): FsDepends
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
Image path: System32\drivers\FsDepends.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 3
Depends On services: fltmgr
Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 8
Error Control: 0
Service (registry key): fvevol
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Image path: System32\DRIVERS\fvevol.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: system32\DRIVERS\GEARAspiWDM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Mup
Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 136120
Image MD5: C1B577B2169900F4CF7190C39F085794
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): hcw85cir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Hauppauge Consumer Infrared Receiver
Image path: \SystemRoot\system32\drivers\hcw85cir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst
Image path: \SystemRoot\system32\drivers\HdAudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-UAA-Bustreiber für High Definition Audio
Image path: \SystemRoot\system32\drivers\HDAudBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HidBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID UPS Battery Driver
Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\DRIVERS\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class-Treiber
Image path: \SystemRoot\system32\drivers\hidusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HomeGroupListener
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\ListSvc.dll,-100
Description: @%SystemRoot%\System32\ListSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanServer
Service (registry key): HomeGroupProvider
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\provsvc.dll,-100
Description: @%SystemRoot%\System32\provsvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: netprofm,fdrespub,fdphost
Service (registry key): HpSAMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\HpSAMD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-2
Image path: system32\drivers\HTTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): hwpolicy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
Image path: System32\drivers\hwpolicy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042-Tastatur- und PS/2-Mausanschluss-Treiber
Image path: \SystemRoot\system32\drivers\i8042prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): iaStor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AHCI Controller
Image path: system32\DRIVERS\iaStor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID-Controller Windows 7
Image path: \SystemRoot\system32\drivers\iaStorV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IBMPMDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ibmpmdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): IBMPMSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkPad PM Service
Object name: LocalSystem
Image path: %SystemRoot%\system32\ibmpmsvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: DAF66902F08796F9C694901660E5A64A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 856400
Image MD5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): igfx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\igdkmd64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: BFE
Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHD64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IntcHdmiAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) High Definition Audio HDMI
Image path: system32\drivers\IntcHdmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel-Prozessortreiber
Image path: system32\DRIVERS\intelppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost
Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi
Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Image path: System32\drivers\ipnat.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod-Dienst
Description: iPod-Hardwareverwaltungsdienste
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 641352
Image MD5: 0FF335D687C85097725A53458160E81E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
Image path: system32\drivers\irenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort-Treiber
Image path: \SystemRoot\system32\drivers\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IviRegMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IviRegMgr
Description: InterVideo Register Manager
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
Image size: 112152
Image MD5: 213822072085B5BBAD9AF30AB577D817
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): JMCR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\jmcr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastaturklassentreiber
Image path: \SystemRoot\system32\drivers\kbdclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastatur-HID-Treiber
Image path: \SystemRoot\system32\drivers\kbdhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): KSecPkg
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecpkg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): ksthunk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Streaming Thunks
Image path: \SystemRoot\system32\drivers\ksthunk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv
Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI
Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LENOVO.CAMMUTE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Camera Mute
Object name: LocalSystem
Image path: C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
Image size: 50536
Image MD5: CAB9C6C37FD0F9612B269349116504B6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): LENOVO.MICMUTE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Microphone Mute
Object name: LocalSystem
Image path: C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
Image size: 45496
Image MD5: C88EB33793420A79F601FB5E33E2EDD9
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: TPHKSVC
Service (registry key): lenovo.smi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo System Interface Driver
Image path: system32\DRIVERS\smiifx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): LENOVO.TPKNRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Keyboard Noise Reduction
Object name: LocalSystem
Image path: C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
Image size: 74088
Image MD5: 04B5F7F44CCB2FAB615C67ED0E6C8323
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
|
|
09.10.2013, 06:39
| #4 |
| | Windows7, Spybot findet multiple Malware und hier noch Teil 2 des Logs (wird vom System als zu groß angesehen): Code:
ATTFilter Service (registry key): Lenovo.VIRTSCRLSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Auto Scroll
Object name: LocalSystem
Image path: C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
Image size: 93032
Image MD5: 6F2CC57EB5836D2AC9BD37F3554D55F8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio
Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SAS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\luafv.sys,-100
Description: @%systemroot%\system32\drivers\luafv.sys,-101
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost
Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MegaSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Microsoft SharePoint Workspace Audit Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft SharePoint Workspace Audit Service
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
Image size: 50899608
Image MD5: 358DBCEAED372DD6C4C61AE8E5CAD195
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor-Klassenfunktionstreiber-Dienst
Image path: system32\DRIVERS\monitor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mausklassentreiber
Image path: \SystemRoot\system32\drivers\mouclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Maus-HID-Treiber
Image path: system32\DRIVERS\mouhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): mountmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
Image path: System32\drivers\mountmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multipfad-Bustreiber
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe
Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-104
Description: @%systemroot%\system32\webclnt.dll,-105
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss
Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1002
Description: @%systemroot%\system32\wkssvc.dll,-1003
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss
Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1004
Description: @%systemroot%\system32\wkssvc.dll,-1005
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb
Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1006
Description: @%systemroot%\system32\wkssvc.dll,-1007
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb
Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multipfadgeräte-spezifisches Modul
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): MSDTC Bridge 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): mshidkmdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msisadrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 73216
Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Proxy für Streaming Clock
Image path: system32\drivers\MSPCLOCK.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Proxy für Streaming Quality Manager
Image path: system32\drivers\MSPQM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Systemverwaltungs-BIOS-Treiber
Image path: \SystemRoot\system32\drivers\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung
Image path: system32\drivers\MSTEE.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MTConfig
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Input Configuration Driver
Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\mup.sys,-101
Description: @%systemroot%\system32\drivers\mup.sys,-102
Image path: System32\Drivers\mup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NAUpdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200
Description: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-201
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
Image size: 687400
Image MD5: 934BB0D23A25C8C136570800A5A149B6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
Image path: system32\drivers\ndis.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): NdisCap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Capture LightWeight Filter
Description: NDIS Capture LightWeight Filter
Image path: system32\DRIVERS\ndiscap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
Image path: System32\DRIVERS\netbt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip
Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %systemroot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi
Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprofm.dll,-202
Description: @%SystemRoot%\system32\netprofm.dll,-203
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc
Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 116560
Image MD5: 3E5A36127E201DDF663176B66828FAFE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): NETw5s64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit
Image path: system32\DRIVERS\NETw5s64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): netw5v64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
Image path: system32\DRIVERS\netw5v64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp
Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy
Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
Image path: system32\drivers\nsiproxy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP-Busfilter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OHCI-konformer 1394-Hostcontroller (alt)
Image path: \SystemRoot\system32\drivers\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ose64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office 64 Source Engine
Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist zum Herunterladen von Setup-Updates und Watson-Fehlerberichten erforderlich.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 174440
Image MD5: 4965B005492CBA7719E82B71E3245495
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): osppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office Software Protection Platform
Description: Office Software Protection Platform Service (unlocalized description)
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Image size: 4925184
Image MD5: 61BFFB5F57AD12F83AB64B7181829B34
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Outlook
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc
Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
Image path: System32\drivers\partmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): PCDSRVC{127174DC-C366ED8B-06020101}_0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver
Image path: \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI-Bus-Treiber
Image path: system32\drivers\pci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): pcw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counters for Windows Driver
Image path: System32\drivers\pcw.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\sysWow64\perfhost.exe,-2
Description: @%systemroot%\SysWow64\perfhost.exe,-1
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\SysWow64\perfhost.exe
Image size: 20992
Image MD5: E495E408C93141E8FC72DC0C6046DDFA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc
Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc
Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe
Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Power
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpo.dll,-100
Description: @%SystemRoot%\system32\umpo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Power Manager DBC Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Power Manager DBC Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
Image size: 75112
Image MD5: BAC02775CF629E5FE80BEA952F4448EF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: SENS
Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32006
Description: @%systemroot%\system32\rascfg.dll,-32006
Image path: system32\DRIVERS\raspptp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\DRIVERS\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): psadd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Parties Service Access Device Driver
Image path: system32\DRIVERS\psadd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Psched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): PSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PSI
Description: PSI mini-filter driver
Image path: system32\DRIVERS\psi_mf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): PxHlpa64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHlpa64
Image path: System32\Drivers\PxHlpa64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO
Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAgileVpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Image path: system32\DRIVERS\AgileVpn.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,TapiSrv,RasAcd
Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32005
Description: @%systemroot%\system32\rascfg.dll,-32005
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc
Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1000
Description: @%systemroot%\system32\wkssvc.dll,-1001
Image path: system32\DRIVERS\rdbss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup
Service (registry key): rdpbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Device Redirector Bus Driver
Image path: \SystemRoot\system32\DRIVERS\rdpbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
Image path: system32\drivers\rdpencdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPREFMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
Image path: system32\drivers\rdprefmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): rdyboost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: ReadyBoost
Image path: System32\drivers\rdyboost.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): RegSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Registry Service
Description: Provides registry access to all Intel® PROSet/Wireless Software components
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
Image size: 831760
Image MD5: 3B71B5B91E7DCA93585D5A86C897ADC4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,Bfe,RasMan,Http
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): RFCOMM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Image path: system32\DRIVERS\rfcomm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Roxio UPnP Renderer 10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio UPnP Renderer 10
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe"
Image size: 313840
Image MD5: 14A99FD851272C73B758546EF8F0E641
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): Roxio Upnp Server 10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Upnp Server 10
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe"
Image size: 362992
Image MD5: BA917F2F2BD5033E70823797C73CDFCB
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): RoxLiveShare10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LiveShare P2P Server 10
Description: Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe"
Image size: 309744
Image MD5: 8986D20CF294D794A79FB18FF697B68B
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Depends On services: RPCSS
Service (registry key): RoxMediaDB10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RoxMediaDB10
Description: Roxio RoxMediaDB10 Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
Image size: 1124848
Image MD5: D8C44229EB2495E774350529ED9BE08D
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): RoxWatch10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Hard Drive Watcher 10
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe"
Image size: 166384
Image MD5: 53716357F4B3C99112CF0A21932C5688
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): RpcEptMapper
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%windir%\system32\RpcEpMap.dll,-1001
Description: @%windir%\system32\RpcEpMap.dll,-1002
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcEptMapper,DcomLaunch
Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): RtkAudioService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek Audio Service
Description: To check external HDMI device availability, HDMI device audio capability and update HDMI device capability into audio control panel
Object name: LocalSystem
Image path: C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
Image size: 199272
Image MD5: 24452CCCC3808B5AB0341A384BB72200
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): RTL8167
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek 8167 NT Driver
Image path: system32\DRIVERS\Rt64win7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bustreiber für SBP2-Transport/Protokoll
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc
Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): scfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
Image path: System32\DRIVERS\scfilter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog
Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sdbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Secunia PSI Agent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secunia PSI Agent
Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
Image size: 993848
Image MD5: 2D0599DD0124764FC939C59985C860DE
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): Secunia Update Agent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secunia Update Agent
Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
Image size: 399416
Image MD5: 20B9E1ADBC58958B480933E4DA005DFB
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): SensrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000
Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation
Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF-Speicherklassentreiber
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF-Speicherprotokolltreiber für MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF-Speicherprotokolltreiber für SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE
Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Shockprf
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\Apsx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SkypeUpdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Skype Updater
Description: Enables the detection, download and installation of updates for Skype.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
Image size: 160944
Image MD5: F07AF60B152221472FBDB2FECEC4896D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RpcSs
Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SMSvcHost 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http
Service (registry key): sppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppsvc.exe,-101
Description: @%SystemRoot%\system32\sppsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\sppsvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): sppuinotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
Description: @%SystemRoot%\system32\sppuinotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-102
Description: @%systemroot%\system32\srvsvc.dll,-103
Image path: System32\DRIVERS\srv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2
Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-104
Description: @%systemroot%\system32\srvsvc.dll,-105
Image path: System32\DRIVERS\srv2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet
Service (registry key): SrvHsfHDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTAZL6.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): SrvHsfV92
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTDPV6.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): SrvHsfWinac
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTCNXT6.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): SSPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSPORT
Image path: \??\C:\Windows\system32\Drivers\SSPORT.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): stexstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection
Service (registry key): stllssvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: stllssvr
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
Image size: 74392
Image MD5: FF5EB78AF7DFB68C2FB363537AAF753E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): SUService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Update
Description: ThinkVantage System Update
Object name: LocalSystem
Image path: "c:\Program Files (x86)\Lenovo\System Update\SUService.exe"
Image size: 28672
Image MD5: 7F7958C5B40F9441D1E8D704310D46FF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: winmgmt
Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software-Bus-Treiber
Image path: \SystemRoot\system32\drivers\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): SynTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo
Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): TCPIP6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TCPIP6TUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip
Service (registry key): TCPIPTUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal-Gerätetreiber
Image path: \SystemRoot\system32\drivers\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD
Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\themeservice.dll,-8192
Description: @%SystemRoot%\System32\themeservice.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): ThinkVantage Registry Monitor Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkVantage Registry Monitor Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe"
Image size: 1019904
Image MD5: 39AC444E07FDBD8C2E8E291A65D515D3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): TPDIGIMN
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: APS Digitizer Activity Monitor
Image path: System32\DRIVERS\ApsHM64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): TPHDEXLGSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkPad HDD APS Logging Service
Object name: LocalSystem
Image path: System32\TPHDEXLG64.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TPHKSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Anzeige am Bildschirm
Object name: LocalSystem
Image path: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
Image size: 63928
Image MD5: 2CF225E19490F499528B926263FE4554
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): TPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TPM
Description: TPM Driver
Image path: system32\drivers\tpm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TPPWRIF
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\Tppwr64v.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 194048
Image MD5: 773212B2AAA24C1E31F10246B15B276C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TsUsbFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
Image path: system32\drivers\tsusbflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Tunnelminiport-Adaptertreiber
Image path: system32\DRIVERS\tunnel.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TVT Backup Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TVT Backup Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe"
Image size: 1475896
Image MD5: 003AFB1490828615B041849ABB40EAA1
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP-Bus-Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBusenumerator-Treiber
Image path: \SystemRoot\system32\drivers\umbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): UmPass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UMPass Driver
Image path: \SystemRoot\system32\DRIVERS\umpass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): USBAAPL64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Standard-USB-Haupttreiber
Image path: system32\DRIVERS\usbccgp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome-Infrarotempfänger (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller
Image path: system32\DRIVERS\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB-Standardhubtreiber
Image path: system32\DRIVERS\usbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für Microsoft USB Open Host-Controller
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB-Druckerklasse
Image path: system32\DRIVERS\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Massenspeichertreiber
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für universellen Microsoft USB-Hostcontroller
Image path: system32\DRIVERS\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbvideo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Videogerät (WDM)
Image path: \SystemRoot\System32\Drivers\usbvideo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): VaultSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): vdrvroot
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Enumerator-Treiber für Microsoft Virtual Drive
Image path: system32\drivers\vdrvroot.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): vhdmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vhdmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Treiber für Volume-Manager
Image path: system32\drivers\volmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
Image path: System32\drivers\volmgrx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Speichervolumes
Image path: system32\drivers\volsnap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): vpnagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cisco AnyConnect VPN Agent
Description: Cisco AnyConnect VPN Agent for Windows
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
Image size: 603896
Image MD5: 34756733F0480D68E519E80E22E05D12
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): vpnva
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Image path: system32\DRIVERS\vpnva64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): vwifibus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtueller WiFi-Bustreiber
Description: Virtueller WiFi-Bustreiber
Image path: system32\DRIVERS\vwifibus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): vwififlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Image path: system32\DRIVERS\vwififlt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WANARP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32011
Description: @%systemroot%\system32\rascfg.dll,-32011
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32012
Description: @%systemroot%\system32\rascfg.dll,-32012
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): wbengine
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbengine.exe,-104
Description: @%systemroot%\system32\wbengine.exe,-105
Object name: localSystem
Image path: "%systemroot%\system32\wbengine.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WbioSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbiosrvc.dll,-100
Description: @%systemroot%\system32\wbiosrvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,VaultSvc,WUDFSvc
Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
Image path: system32\drivers\Wdf01000.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog
Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Service (registry key): WfpLwf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Image path: system32\DRIVERS\wfplwf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): WIMMount
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIMMount
Description: WIM Image mount service driver
Image path: system32\drivers\wimmount.sys
Image size: 19008
Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp
Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost
Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: http
Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt
Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 427520
Image MD5: 236F286E103FD44BD85FDD93097FD5DD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
Image path: system32\drivers\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf
Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {5AD29A40-F331-4821-9CC5-70729D07D4AD}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {B39160C2-8AE5-4CC7-A88C-EB64E0E7E411}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {D07D5F26-17E3-4D04-B6FA-74D8C7645EB5}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {FCEDB62C-4188-4CBA-AAF4-EAAD9581F5C0}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
|
|
09.10.2013, 08:56
| #5 |
| /// the machine /// TB-Ausbilder | Windows7, Spybot findet multiple Malware hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.10.2013, 22:47
| #6 |
| | Windows7, Spybot findet multiple Malware Hallo Schrauber, Ich habe Deine Anwesungen befolgt und combofix runtergeladen, mein Avira und Internet ausgeschalten und combofix.exe gestartet. Es gab keine Fehlermeldung oder dergleichen, ein blauer Bildschirm startete sich hirauf. Nach etwa 15 Minuten Prozess war ich kurz nicht am rechner, als ich zurück kam, hatte er neu hochgefahren, ich sollte mich dann ganz normal einloggen. Nun zeigt sich ein sehr ungewähnliches Bild: Desktop wie gewohnt, jedoch öffnet sich etwa alle zehntel sekunde ein combofix-fenster und verschwindet gleich wieder, auch nach Neustart zeigt sich selbiges Bild. Was sollte ich am besten tun? Ich möchte nix auf eigene Faust machen, was diese Programm angeht. Vielen Dank schon mal. Gruss, Thomas (Antwort von anderem PC) |
|
10.10.2013, 09:05
| #7 |
| /// the machine /// TB-Ausbilder | Windows7, Spybot findet multiple Malware Beim Hochfahren F8, letze als funktionierend bekannte Config auswählen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.10.2013, 15:00
| #8 |
| | Windows7, Spybot findet multiple Malware Hallo Schrauber, Nun hat´s geklappt mit combofix. Anbei stelle ich die log-Datei rein. Gruss, Peter. Code:
ATTFilter ComboFix 13-10-09.01 - Save 10.10.2013 13:49:58.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3933.2222 [GMT 2:00]
ausgeführt von:: c:\users\Save\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-10 bis 2013-10-10 ))))))))))))))))))))))))))))))
.
.
2013-10-10 13:45 . 2013-10-10 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-09 21:31 . 2013-09-23 01:25 775256 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-10-09 21:03 . 2013-10-10 13:45 -------- d-----w- c:\users\Save\AppData\Local\temp
2013-10-09 05:26 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A850026-3FDF-4E4F-BE08-58B993255D8C}\mpengine.dll
2013-10-08 18:06 . 2013-10-08 18:06 -------- d-----w- c:\users\Save\AppData\Roaming\Avira
2013-10-08 17:46 . 2013-10-08 17:46 -------- d-----w- C:\FRST
2013-10-08 17:40 . 2013-10-08 17:40 -------- d-----w- c:\program files (x86)\OpenIt
2013-10-08 17:40 . 2013-10-08 17:40 -------- d-----w- c:\users\Dirka\AppData\Roaming\DigitalSite
2013-09-12 21:53 . 2013-09-12 21:53 24287424 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-09-12 11:14 . 2013-09-12 11:14 18612928 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 21:21 . 2011-07-22 15:37 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-09 20:41 . 2012-11-24 18:27 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 20:41 . 2011-07-22 16:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:23 . 2013-08-27 05:23 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-09-05 20:23 . 2013-08-27 05:21 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-09-05 20:23 . 2013-08-27 05:21 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-29 01:48 . 2013-10-09 05:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-26 21:07 . 2013-08-27 05:21 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-08-07 02:22 . 2011-07-21 21:20 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-07-25 09:25 . 2013-08-17 14:47 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 14:47 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 14:47 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 14:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2011-10-31 13:37 88976 ----a-w- c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2011-06-24 16:22 734048 ----a-w- c:\program files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll" [2011-06-24 734048]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll" [2011-10-31 88976]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-04 244208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-24 20:41]
.
2013-10-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34]
.
2013-10-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"TpShocks"="TpShocks.exe" [2010-07-01 380776]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-10 15:47:23
ComboFix-quarantined-files.txt 2013-10-10 13:47
.
Vor Suchlauf: 17 Verzeichnis(se), 321.415.704.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 321.082.982.400 Bytes frei
.
- - End Of File - - AE51A78D0C1B67EE5193CE63C355E033
|
|
11.10.2013, 08:16
| #9 |
| /// the machine /// TB-Ausbilder | Windows7, Spybot findet multiple Malware Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2013, 09:23
| #10 |
| | Windows7, Spybot findet multiple Malware Hallo Schrauber, Habe die Anweisungen befolgt. HIer folgend Malware-Bytes, AdwCleaner, Junktool und FRST-log: Gruss, Peter Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.11.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16721 Save :: DIRKA-THINK [Administrator] 11.10.2013 09:44:39 mbam-log-2013-10-11 (09-44-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 243494 Laufzeit: 6 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 3984 -> Löschen bei Neustart. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 9220 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 17 HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Daten: Searchqu Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Daten: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bösartig: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 1 C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dirka\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> Löschen bei Neustart. (Ende) Code:
ATTFilter # AdwCleaner v3.007 - Bericht erstellt am 11/10/2013 um 09:59:06
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Save - DIRKA-THINK
# Gestartet von : C:\Users\Save\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Application Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Users\Dirka\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Save\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Ordner Gelöscht : C:\Users\Dirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\web-search.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{638482BC-3092-42DC-AEA1-735264911A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v6.0 (de)
[ Datei : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
Zeile gelöscht : user_pref("vshare.install.date", "1313913374");
Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");
Zeile gelöscht : user_pref("vshare.install.fresh", "false");
Zeile gelöscht : user_pref("vshare.install.guid", "{1a632f39-cc3c-4c56-b508-09f264efc666}");
Zeile gelöscht : user_pref("vshare.install.istoolbarhp", true);
Zeile gelöscht : user_pref("vshare.install.istoolbarsearch", true);
Zeile gelöscht : user_pref("vshare.install.newtab", false);
[ Datei : C:\Users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Save\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
*************************
AdwCleaner[R0].txt - [8897 octets] - [11/10/2013 09:57:26]
AdwCleaner[S0].txt - [8706 octets] - [11/10/2013 09:59:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8766 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Save on 11.10.2013 at 10:05:40,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\cb2848362903cd24ea1a37254619a177
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\cb2848362903cd24ea1a37254619a177
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Save\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"
~~~ FireFox
Successfully deleted: [File] C:\Users\Save\AppData\Roaming\mozilla\firefox\profiles\nlqm5zn1.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Save\AppData\Roaming\mozilla\firefox\profiles\nlqm5zn1.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.10.2013 at 10:15:03,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Save (administrator) on DIRKA-THINK on 11-10-2013 10:19:20
Running from C:\Users\Save\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Dirka\...\Run: [PoivY] - "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
HKU\Dirka\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
AppInit_DLLs: [1475584 2010-11-20] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL =
SearchScopes: HKCU - {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Search Results) - hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-26] (Avira Operations GmbH & Co. KG)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-11 10:15 - 2013-10-11 10:15 - 00001724 _____ C:\Users\Save\Desktop\JRT.txt
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 10:01 - 2013-10-11 10:01 - 00008874 _____ C:\Users\Save\Desktop\AdwCleaner[S0].txt
2013-10-11 09:57 - 2013-10-11 09:59 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:36 - 2013-10-11 09:36 - 01032220 _____ (Thisisu) C:\Users\Save\Desktop\JRT.exe
2013-10-11 09:35 - 2013-10-11 09:35 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-11 09:34 - 2013-10-11 09:34 - 01048960 _____ C:\Users\Save\Desktop\adwcleaner.exe
2013-10-11 09:31 - 2013-10-11 09:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 15:55 - 2013-10-10 15:55 - 00021373 _____ C:\Users\Save\Desktop\combofix.txt
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 13:18 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 23:32 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 23:32 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:32 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:32 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:32 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 23:31 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 23:31 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 22:51 - 2013-10-10 15:47 - 00000000 ____D C:\Qoobox
2013-10-09 22:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 22:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 22:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 22:50 - 2013-10-10 15:45 - 00000000 ____D C:\Windows\erdnt
2013-10-09 22:41 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-09 07:36 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 07:36 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 07:36 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 07:36 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 07:36 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 07:36 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 07:36 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 07:36 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 07:36 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 07:36 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 07:36 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 07:36 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 07:36 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 07:36 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 07:36 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 07:36 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 07:36 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 07:36 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 07:36 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 07:36 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 07:36 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 07:36 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 07:36 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 07:36 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Save\Desktop\GMER.txt
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:48 - 2013-10-08 19:49 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:45 - 2013-10-08 19:46 - 01954124 _____ (Farbar) C:\Users\Save\Desktop\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-09-11 08:51 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:51 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:51 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-11 10:15 - 2013-10-11 10:15 - 00001724 _____ C:\Users\Save\Desktop\JRT.txt
2013-10-11 10:14 - 2011-04-03 05:58 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-11 10:08 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 10:08 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 10:07 - 2011-04-03 05:58 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 10:01 - 2013-10-11 10:01 - 00008874 _____ C:\Users\Save\Desktop\AdwCleaner[S0].txt
2013-10-11 10:01 - 2012-03-13 20:19 - 00000000 ____D C:\Users\Save\AppData\Roaming\Skype
2013-10-11 10:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 10:00 - 2009-07-14 06:51 - 00142346 _____ C:\Windows\setupact.log
2013-10-11 09:59 - 2013-10-11 09:57 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:59 - 2011-04-03 05:31 - 01846500 _____ C:\Windows\WindowsUpdate.log
2013-10-11 09:52 - 2011-07-22 17:48 - 00102056 _____ C:\Windows\PFRO.log
2013-10-11 09:41 - 2012-11-24 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 09:36 - 2013-10-11 09:36 - 01032220 _____ (Thisisu) C:\Users\Save\Desktop\JRT.exe
2013-10-11 09:35 - 2013-10-11 09:35 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-11 09:35 - 2011-07-22 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-11 09:34 - 2013-10-11 09:34 - 01048960 _____ C:\Users\Save\Desktop\adwcleaner.exe
2013-10-11 09:32 - 2013-10-11 09:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 16:43 - 2011-07-22 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 15:55 - 2013-10-10 15:55 - 00021373 _____ C:\Users\Save\Desktop\combofix.txt
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 15:47 - 2013-10-09 22:51 - 00000000 ____D C:\Qoobox
2013-10-10 15:47 - 2012-07-21 12:34 - 00000000 ____D C:\Users\Henning Jung
2013-10-10 15:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-10 15:45 - 2013-10-09 22:50 - 00000000 ____D C:\Windows\erdnt
2013-10-10 15:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-10 13:13 - 2011-04-03 15:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-10-10 13:13 - 2011-04-03 15:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-10-10 13:13 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 12:54 - 2009-07-14 06:45 - 00460216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 23:34 - 2011-08-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 23:23 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:21 - 2011-07-22 17:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:42 - 2013-10-10 13:18 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 22:42 - 2013-10-09 22:41 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Save\Desktop\GMER.txt
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:59 - 2012-11-03 22:13 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-08 19:59 - 2011-07-22 17:03 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:49 - 2013-10-08 19:48 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:46 - 2013-10-08 19:45 - 01954124 _____ (Farbar) C:\Users\Save\Desktop\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:43 - 2011-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-08 19:43 - 2011-07-22 11:08 - 00000000 ____D C:\Users\Save
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-10-03 15:04 - 2011-07-21 22:09 - 00000000 ____D C:\Users\Dirka
2013-10-03 15:03 - 2011-12-12 12:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-23 01:28 - 2013-10-09 23:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 23:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-09 23:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-09 23:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 23:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-21 05:38 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 23:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 23:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 23:48 - 2011-07-23 13:55 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\Skype
2013-09-14 03:10 - 2013-10-09 07:36 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-13 07:41 - 2013-05-18 00:48 - 00000000 ____D C:\Users\Dirka\AppData\Local\Mozilla Firefox
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Some content of TEMP:
====================
C:\Users\Save\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-10 16:32
==================== End Of Log ============================
|
|
11.10.2013, 12:05
| #11 |
| /// the machine /// TB-Ausbilder | Windows7, Spybot findet multiple MalwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
11.10.2013, 16:47
| #12 |
| | Windows7, Spybot findet multiple Malware Hallo Schrauber, Habe eset und security-check laufen lassen. Anbei findest Du Eset-, Security-check-, FRST- und einen aktuellen spybot-bericht. Spybot zeigt mir nach allem, was ich nun durchgeführt habe, weiterhin threats an, insgesamt 22. Kann ich die dann einfach entfernen? Wie häufig sollte ich spybot generell anwenden? und gibt es noch eine weitere Möglichkeit, sich besser zu schützen? Vielen Dank schon mal für die tolle Hilfe. Gruß, Peter. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=10b742a5a4a26f47912ac7d5ca44cd15
# engine=15446
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-11 02:51:33
# local_time=2013-10-11 04:51:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 30790 152174398 23525 0
# compatibility_mode=5893 16776573 100 94 10895 133132943 0 0
# scanned=298929
# found=1
# cleaned=0
# scan_time=10726
sh=62518026153B8F7EB9AC1B5C5F9924490348E735 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Blacole.AN trojan" ac=I fn="C:\Users\Dirka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\51d64865-1c968274"
Code:
ATTFilter Results of screen317's Security Check version 0.99.74 Windows 7 Service Pack 1 x64 Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Secunia PSI (2.0.0.3003) Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 26 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox 6.0 Firefox out of Date! Mozilla Thunderbird (3.1.16) Thunderbird out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Save (administrator) on DIRKA-THINK on 11-10-2013 17:14:04
Running from C:\Users\Save\Desktop\Malware-software und logs
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
AppInit_DLLs: [159744 2009-03-24] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL =
SearchScopes: HKCU - {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Search Results) - hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-26] (Avira Operations GmbH & Co. KG)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-11 17:13 - 2013-10-11 17:13 - 00001091 _____ C:\Users\Save\Desktop\checkup.txt
2013-10-11 14:18 - 2013-10-11 14:18 - 100470597 _____ C:\Windows\SysWOW64\쿎ᅌ3
2013-10-11 13:46 - 2013-10-11 13:46 - 00000000 ____D C:\Users\Save\AppData\Roaming\EndNote
2013-10-11 13:41 - 2013-10-11 13:41 - 00891167 _____ C:\Users\Save\Desktop\SecurityCheck.exe
2013-10-11 13:39 - 2013-10-11 13:39 - 02347384 _____ (ESET) C:\Users\Save\Desktop\esetsmartinstaller_enu.exe
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 09:57 - 2013-10-11 09:59 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:31 - 2013-10-11 09:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 13:18 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 23:32 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 23:32 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:32 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:32 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:32 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 23:31 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 23:31 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 22:51 - 2013-10-10 15:47 - 00000000 ____D C:\Qoobox
2013-10-09 22:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 22:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 22:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 22:50 - 2013-10-10 15:45 - 00000000 ____D C:\Windows\erdnt
2013-10-09 22:41 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-09 07:36 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 07:36 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 07:36 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 07:36 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 07:36 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 07:36 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 07:36 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 07:36 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 07:36 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 07:36 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 07:36 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 07:36 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 07:36 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 07:36 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 07:36 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 07:36 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 07:36 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 07:36 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 07:36 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 07:36 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 07:36 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 07:36 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 07:36 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 07:36 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:48 - 2013-10-08 19:49 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-09-11 08:51 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:51 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:51 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
==================== One Month Modified Files and Folders =======
2013-10-11 17:13 - 2013-10-11 17:13 - 00001091 _____ C:\Users\Save\Desktop\checkup.txt
2013-10-11 17:13 - 2011-04-03 05:58 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-11 17:12 - 2011-04-03 05:58 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-11 16:41 - 2012-11-24 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 16:23 - 2011-04-03 05:31 - 01954680 _____ C:\Windows\WindowsUpdate.log
2013-10-11 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-11 14:18 - 2013-10-11 14:18 - 100470597 _____ C:\Windows\SysWOW64\쿎ᅌ3
2013-10-11 13:52 - 2011-04-03 15:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-10-11 13:52 - 2011-04-03 15:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-10-11 13:52 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 13:46 - 2013-10-11 13:46 - 00000000 ____D C:\Users\Save\AppData\Roaming\EndNote
2013-10-11 13:44 - 2012-03-13 20:19 - 00000000 ____D C:\Users\Save\AppData\Roaming\Skype
2013-10-11 13:41 - 2013-10-11 13:41 - 00891167 _____ C:\Users\Save\Desktop\SecurityCheck.exe
2013-10-11 13:39 - 2013-10-11 13:39 - 02347384 _____ (ESET) C:\Users\Save\Desktop\esetsmartinstaller_enu.exe
2013-10-11 12:58 - 2011-07-23 13:55 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\Skype
2013-10-11 11:19 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 11:19 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 11:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 11:10 - 2009-07-14 06:51 - 00142402 _____ C:\Windows\setupact.log
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 09:59 - 2013-10-11 09:57 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:52 - 2011-07-22 17:48 - 00102056 _____ C:\Windows\PFRO.log
2013-10-11 09:35 - 2011-07-22 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-11 09:32 - 2013-10-11 09:31 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 16:43 - 2011-07-22 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 15:47 - 2013-10-09 22:51 - 00000000 ____D C:\Qoobox
2013-10-10 15:47 - 2012-07-21 12:34 - 00000000 ____D C:\Users\Henning Jung
2013-10-10 15:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-10 15:45 - 2013-10-09 22:50 - 00000000 ____D C:\Windows\erdnt
2013-10-10 15:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-10 12:54 - 2009-07-14 06:45 - 00460216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 23:34 - 2011-08-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 23:23 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:21 - 2011-07-22 17:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:42 - 2013-10-10 13:18 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 22:42 - 2013-10-09 22:41 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:59 - 2012-11-03 22:13 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-08 19:59 - 2011-07-22 17:03 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:49 - 2013-10-08 19:48 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:43 - 2011-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-08 19:43 - 2011-07-22 11:08 - 00000000 ____D C:\Users\Save
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-10-03 15:04 - 2011-07-21 22:09 - 00000000 ____D C:\Users\Dirka
2013-10-03 15:03 - 2011-12-12 12:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-23 01:28 - 2013-10-09 23:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 23:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-09 23:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-09 23:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 23:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-21 05:38 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 23:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 23:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 03:10 - 2013-10-09 07:36 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-13 07:41 - 2013-05-18 00:48 - 00000000 ____D C:\Users\Dirka\AppData\Local\Mozilla Firefox
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Some content of TEMP:
====================
C:\Users\Dirka\AppData\Local\temp\SkypeSetup.exe
C:\Users\Save\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-10 16:32
==================== End Of Log ============================
Code:
ATTFilter --- Search result list ---
Widgi.Toolbar: [SBI $21855786] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $BA954ED7] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Widgi.Toolbar: [SBI $DABAA047] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420
Widgi.Toolbar: [SBI $DABAA047] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420
Widgi.Toolbar: [SBI $EECF060A] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420
Widgi.Toolbar: [SBI $16C3A07B] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\
Widgi.Toolbar: [SBI $000389AB] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\
Widgi.Toolbar: [SBI $1E14509F] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res\
Widgi.Toolbar: [SBI $E1F050EF] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\
Widgi.Toolbar: [SBI $03E18DB3] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\IE\
Widgi.Toolbar: [SBI $60A6F1DA] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\Res\
Widgi.Toolbar: [SBI $65C7C8B1] Shared DLL (1 Anwendungen) (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
Widgi.Toolbar: [SBI $5AE37010] Shared DLL (1 Anwendungen) (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
Widgi.Toolbar: [SBI $E4808FA3] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Application Updater\
Ask.MyGlobalSearch: [SBI $115DC360] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\.DEFAULT\Software\Ask.com
Ask.MyGlobalSearch: [SBI $115DC360] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-18\Software\Ask.com
Ask.MyGlobalSearch: [SBI $9FA3D6C1] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\.DEFAULT\Software\AskToolbar
Ask.MyGlobalSearch: [SBI $9FA3D6C1] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
HKEY_USERS\S-1-5-18\Software\AskToolbar
MediaPlex: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
Right Media: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
DoubleClick: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
MediaPlex: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-02-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-09-10 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-02 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-01 Includes\TrojansC-03.sbi (*)
2013-09-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-09-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 937920
MD5: 47C1DE0A890613FFCFF1D67648EEDF90
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 37296
MD5: 69169586EFAD19F53C2012FFD8FDCF45
Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
size: 59720
MD5: 61E4289E91E88C90478D7F4BEB10DCF7
Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 347192
MD5: 99DA1D6BB12C09D06B627AE0F1753789
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 152392
MD5: A9F9D081518AC03A51C1195986076F42
Located: HK_LM:Run, Message Center Plus
command: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
file: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
size: 49976
MD5: 3B376496187AB240FAC6ECD7BD1251F6
Located: HK_LM:Run, PWMTRV
command: rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
file: C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL
size: 1129832
MD5: 8F9D8F68DD4892AF17EB3996FE03689A
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 9ACCBC5891BA51B5B29C1A88F80D4CE3
Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
file: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
size: 244208
MD5: AA2D2B5663D5227E6BE5849E6D7DA882
Located: HK_LM:Run, Samsung PanelMgr
command: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
file: C:\Windows\Samsung\PanelMgr\SSMMgr.exe
size: 688128
MD5: 1ED7FD4B342AE1CA57969B0C01667D85
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
Located: HK_CU:Run, Sidebar
where: Default...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
size: 1174016
MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC
Located: HK_CU:RunOnce,
where: Default...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, Lenovoautoqdrive
where: Default...
command: C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
file: C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe
size: 159744
MD5: B16E60E3D9CD7661360A329955D898C9
Located: HK_CU:RunOnce, mctadmin
where: Default...
command: C:\Windows\System32\mctadmin.exe
file: C:\Windows\System32\mctadmin.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, Skype
where: S-1-5-21-2504536262-671961439-3406205668-1003...
command: "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
file: C:\Program Files (x86)\Skype\Phone\Skype.exe
size: 17418928
MD5: CBEC06E32D0AC9C3D0A9199EDC1FB959
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-2504536262-671961439-3406205668-1003...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
Located: Startup (allgemein), Bluetooth.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
file: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: Startup (allgemein), Secunia PSI Tray.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
file: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
size: 291896
MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 22.09.2010 18:04:14
Date (last access): 22.07.2011 18:24:56
Date (last write): 22.09.2010 18:04:14
Filesize: 75200
Attributes: archive
MD5: 203A74767EB81F96A5166B1933DB46D0
CRC32: B0D671C9
Version: 9.4.0.195
{41564952-412D-5637-00A7-7A786E7484D7} (Avira SearchFree Toolbar plus Web Protection BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Avira SearchFree Toolbar plus Web Protection BHO
CLSID name:
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 16.08.2012 06:43:44
Date (last access): 16.11.2012 00:45:46
Date (last write): 16.08.2012 06:43:44
Filesize: 4171424
Attributes: archive
MD5: 660C8E78B94F483E44B0243A774A4746
CRC32: AA836D07
Version: 14.0.6126.5000
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~4\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 21.12.2010 02:05:22
Date (last access): 29.11.2011 11:13:44
Date (last write): 21.12.2010 02:05:22
Filesize: 561552
Attributes: archive
MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
CRC32: CEA4973B
Version: 14.0.6015.1000
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
Date (last write): 22.07.2011 17:32:58
Filesize: 42272
Attributes: archive
MD5: E7D55E121FF1951CB86C7E0DC6A33877
CRC32: 0EA0302A
Version: 6.0.260.3
--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
Date (last write): 22.07.2011 17:32:58
Filesize: 112416
Attributes: archive
MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
CRC32: 18200451
Version: 6.0.260.3
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
Date (last write): 22.07.2011 17:32:58
Filesize: 112416
Attributes: archive
MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
CRC32: 18200451
Version: 6.0.260.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_26
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_26.dll
Short name: NPJPI1~1.DLL
Date (created): 22.07.2011 17:33:00
Date (last access): 22.07.2011 17:33:00
Date (last write): 22.07.2011 17:33:00
Filesize: 141088
Attributes: archive
MD5: 9210B3BC2BC4FF4F4281F7D7C294233A
CRC32: B23F2824
Version: 6.0.260.3
--- Process list ---
PID: 0 ( 0) [System]
PID: 1576 (1732) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
size: 78272
MD5: 61EEA3608B65D6750B4BE7838679C861
PID: 9244 ( 736) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
size: 402792
MD5: EA0547A5917CC00AA669E8303D83533F
PID: 5344 (10192) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
size: 69560
MD5: 385ABC29C668B9B469FAD0F7CE00094D
PID: 6044 (10192) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
size: 62312
MD5: FD334D8C75FA3AD04B0211E4F99BDDFD
PID: 8440 (10192) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 11088 (5344) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
size: 176056
MD5: 508970745C2E5749C65B86C6FBC6A710
PID: 4500 (5344) C:\Program Files\Lenovo\Zoom\TpScrex.exe
size: 144824
MD5: 9C4721B9D7300B0D79E46BAA25EBC56A
PID: 4336 (10192) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
size: 291896
MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7
PID: 5632 (5396) C:\Windows\SysWOW64\rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 2968 (5396) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
size: 49976
MD5: 3B376496187AB240FAC6ECD7BD1251F6
PID: 5240 (5396) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 254696
MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
PID: 5944 (5396) C:\Windows\Samsung\PanelMgr\SSMMgr.exe
size: 688128
MD5: 1ED7FD4B342AE1CA57969B0C01667D85
PID: 8900 (5396) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 152392
MD5: A9F9D081518AC03A51C1195986076F42
PID: 4848 (5396) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
size: 347192
MD5: 99DA1D6BB12C09D06B627AE0F1753789
PID: 1744 (10192) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5820 ( 736) C:\Windows\SysWOW64\DllHost.exe
size: 7168
MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID: 4 ( 0) System
PID: 336 ( 4) smss.exe
PID: 488 ( 432) csrss.exe
PID: 548 ( 432) wininit.exe
size: 96256
PID: 560 ( 540) csrss.exe
PID: 596 ( 548) services.exe
PID: 616 ( 548) lsass.exe
PID: 624 ( 548) lsm.exe
PID: 736 ( 596) svchost.exe
size: 20992
PID: 788 ( 540) winlogon.exe
PID: 848 ( 596) ibmpmsvc.exe
PID: 904 ( 596) svchost.exe
size: 20992
PID: 960 ( 596) svchost.exe
size: 20992
PID: 1016 ( 596) svchost.exe
size: 20992
PID: 364 ( 596) svchost.exe
size: 20992
PID: 520 ( 596) svchost.exe
size: 20992
PID: 1068 ( 596) RtkAudioService64.exe
PID: 1092 (1068) RAVBg64.exe
PID: 1108 ( 596) vpnagent.exe
PID: 1136 ( 596) svchost.exe
size: 20992
PID: 1224 (1016) wlanext.exe
size: 77312
PID: 1240 ( 488) conhost.exe
PID: 1308 ( 596) spoolsv.exe
PID: 1368 ( 596) sched.exe
PID: 1592 ( 596) svchost.exe
size: 20992
PID: 1732 ( 596) TPHKSVC.exe
PID: 1760 ( 596) AcPrfMgrSvc.exe
PID: 1796 (1732) tpnumlk.exe
PID: 1836 ( 596) avguard.exe
PID: 1884 ( 596) apnmcp.exe
PID: 1916 ( 596) AppleMobileDeviceService.exe
PID: 1960 ( 596) mDNSResponder.exe
PID: 2004 ( 596) EvtEng.exe
PID: 1032 ( 596) svchost.exe
size: 20992
PID: 1528 ( 596) PresentationFontCache.exe
PID: 2104 ( 596) CamMute.exe
PID: 2132 ( 596) micmute.exe
PID: 2152 ( 596) TPKNRSVC.exe
PID: 2196 ( 596) lvvsst.exe
PID: 2432 ( 596) taskhost.exe
PID: 2528 (2484) explorer.exe
size: 2871808
PID: 2560 (1016) dwm.exe
PID: 2648 ( 596) RegSrvc.exe
PID: 2688 ( 596) psia.exe
PID: 2740 (2196) virtscrl.exe
PID: 2784 (1732) tpnumlkd.exe
PID: 2980 ( 596) svchost.exe
size: 20992
PID: 3056 ( 596) svchost.exe
size: 20992
PID: 1544 ( 596) AcSvc.exe
PID: 2344 ( 596) SDWinSec.exe
PID: 2872 ( 736) AcDeskBandHlpr.exe
PID: 2900 ( 736) unsecapp.exe
PID: 3224 ( 736) WmiPrvSE.exe
PID: 3384 (2528) TPOSDSVC.exe
PID: 3392 (2528) TpShocks.exe
PID: 3400 (2528) RAVCpl64.exe
PID: 3412 (2528) hkcmd.exe
PID: 3432 (2528) igfxpers.exe
PID: 3468 (2528) TPKNRRES.exe
PID: 3484 ( 736) igfxsrvc.exe
PID: 3520 (2528) SynTPEnh.exe
PID: 3536 (2528) sidebar.exe
PID: 3564 (2528) BTTray.exe
PID: 3572 (2528) psi_tray.exe
PID: 3760 (3384) TPONSCR.exe
PID: 3784 (3384) TpScrex.exe
PID: 3876 (1544) SvcGuiHlpr.exe
PID: 4036 (3544) rundll32.exe
size: 44544
PID: 4052 (4036) rundll32.exe
size: 44544
PID: 3108 ( 736) igfxext.exe
PID: 3624 (3520) SynTPLpr.exe
PID: 3752 (3544) MCPLaunch.exe
PID: 1416 (3544) jusched.exe
PID: 1648 (3544) SSMMgr.exe
PID: 3104 (3544) iTunesHelper.exe
PID: 3076 (3544) avgnt.exe
PID: 4128 (1648) caller64.exe
PID: 4456 (1836) avshadow.exe
PID: 4556 ( 596) SearchIndexer.exe
size: 427520
PID: 5036 ( 596) sua.exe
PID: 1552 ( 596) iPodService.exe
PID: 3120 (3520) SynTPHelper.exe
PID: 1484 ( 596) OSPPSVC.EXE
PID: 1488 ( 596) btwdins.exe
PID: 4944 ( 596) iviRegMgr.exe
PID: 2280 ( 596) NASvc.exe
PID: 3672 ( 596) SUService.exe
PID: 2456 ( 596) tvt_reg_monitor_svc.exe
PID: 4564 ( 596) wmpnetwk.exe
PID: 4692 ( 596) avwebgrd.exe
PID: 11524 (12156) csrss.exe
PID: 11008 (12156) winlogon.exe
PID: 928 (1732) tpnumlk.exe
PID: 12056 ( 596) C:\Windows\System32\taskhost.exe
PID: 12084 (1016) C:\Windows\System32\dwm.exe
PID: 11992 (2196) virtscrl.exe
PID: 10192 (11964) C:\Windows\explorer.exe
size: 2871808
MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 12100 (1068) RAVBg64.exe
PID: 12124 (10192) C:\Windows\System32\TpShocks.exe
PID: 11972 (10192) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
size: 11049576
MD5: 21DABCD4A7AF0F0F33CB6DD5BE640391
PID: 3652 (10192) C:\Windows\System32\hkcmd.exe
PID: 9148 (10192) C:\Windows\System32\igfxpers.exe
PID: 8272 ( 736) C:\Windows\System32\igfxsrvc.exe
PID: 8820 (10192) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 2097960
MD5: E24810944B2EB49862D835CA5B7E6E43
PID: 5828 (10192) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
size: 1079584
MD5: AA26F685222B5F1D87CF9860D4FA2A34
PID: 7388 (8820) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 146216
MD5: 1F1E89A31CF9CDCDADA81EFAEB303948
PID: 7392 (5632) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 5600 (8820) SynTPHelper.exe
PID: 3744 (5944) C:\Windows\Samsung\PanelMgr\caller64.exe
size: 306688
MD5: EC57F3164C58640D13F6F544BD5DB853
PID: 9524 ( 736) C:\Windows\System32\igfxext.exe
PID: 2260 (10192) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
size: 1424032
MD5: 17CE336838362CA5408610D5B8072772
PID: 10836 ( 596) svchost.exe
size: 20992
PID: 9720 (11032) notepad.exe
size: 193536
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11.10.2013 17:35:00
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://lenovo.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896
--- Winsock Layered Service Provider list ---
Protocol 0: AVSDA over [MSAFD-Tcpip [TCP/IP]]
GUID: {F8E8D1E1-492E-4AC2-B830-1E0F6BB22D23}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 1: AVSDA over [MSAFD-Tcpip [UDP/IP]]
GUID: {B428C49F-5C05-43F8-AEED-476CA1E76595}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 2: AVSDA over [MSAFD-Tcpip [TCP/IPv6]]
GUID: {B74A360A-37D1-4E17-B569-F71995F11424}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 3: AVSDA over [MSAFD-Tcpip [UDP/IPv6]]
GUID: {955B220A-C24F-4BA4-8143-96C16047BD30}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 4: AVSDA over [RSVP-TCPv6-Dienstanbieter]
GUID: {5AEBD619-6AF2-425A-89EA-66877A3E6795}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 5: AVSDA over [RSVP-TCP-Dienstanbieter]
GUID: {4FBDE27C-B8AE-47BA-A63D-40B1E00BD42F}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 6: AVSDA over [RSVP-UDPv6-Dienstanbieter]
GUID: {9635B786-7A00-4427-92E2-FDF25A5013F0}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 7: AVSDA over [RSVP-UDP-Dienstanbieter]
GUID: {A413B60A-CFF5-44C8-BD4E-09D4C78A53D4}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Protocol 19: AVSDA
GUID: {14072000-1136-5503-4156-504F504C5350}
Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
--- Uninstall list ---
--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET CLR Networking 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): 1394ohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OHCI-konformer 1394-Hostcontroller
Image path: \SystemRoot\system32\drivers\1394ohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI-Treiber
Image path: system32\drivers\ACPI.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): AcpiPmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ACPI-Energieanzeigetreiber
Image path: \SystemRoot\system32\drivers\acpipmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AcPrfMgrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
Image size: 124264
Image MD5: 40C186D35C0E307240D6BCA399332B24
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): AcSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Object name: LocalSystem
Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
Image size: 259432
Image MD5: 51E12E36BDEB10C0D9DBDB1FA4914800
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,winmgmt
Service (registry key): AdobeFlashPlayerUpdateSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Adobe Flash Player Update Service
Description: Mit diesem Dienst ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes.
Object name: LocalSystem
Image path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Image size: 257416
Image MD5: A283108E14F3970432C21AF4C0CB1BCE
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\afd.sys,-1000
Description: @%systemroot%\system32\drivers\afd.sys,-1000
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP-Bus-Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AmdPPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdsata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdsbs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): amdxata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\amdxata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): AntiVirSchedulerService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira Planer
Description: Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
Image size: 84024
Image MD5: 3EC77A3849350B40D2D9002BA560E554
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira Echtzeit-Scanner
Description: Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
Image size: 108088
Image MD5: 1D6D44493488923CF6E82339E189EAD6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): AntiVirWebService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira Browser-Schutz
Description: Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
Image size: 815160
Image MD5: 6C5595EC0F009EF7D73EBBE11AA33C3D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: AntiVirService
Service (registry key): APNMCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ask Aktualisierungsdienst
Description: Der Ask Aktualisierungsdienst bringt die Ask Toolbar-Software immer auf den neuesten Stand.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
Image size: 168400
Image MD5: D41231AECFEE88973D56AEC2EE5B962D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): AppID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-102
Description: @%systemroot%\system32\appidsvc.dll,-103
Image path: \SystemRoot\system32\drivers\appid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: FltMgr,DisCache
Service (registry key): AppIDSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-100
Description: @%systemroot%\system32\appidsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,AppID,CryptSvc
Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc
Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Provides the interface to Apple mobile devices.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Image size: 57008
Image MD5: 4FE5C6D40664AE07BE5105874357D2ED
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE-Kanal
Image path: system32\drivers\atapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): AudioSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS
Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira mini-filter driver
Image path: system32\DRIVERS\avgntflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira Security Enhancement Driver
Image path: system32\DRIVERS\avipbb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): avkmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avkmgr
Description: Avira Manager Driver
Image path: system32\DRIVERS\avkmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): AxInstSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
Description: @%SystemRoot%\system32\AxInstSV.dll,-104
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): b06bdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II VBD
Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): b57nd60a
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Image path: system32\DRIVERS\b57nd60a.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): BDESVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bdesvc.dll,-100
Description: @%SystemRoot%\system32\bdesvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem
Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Dienst "Bonjour"
Description: Damit können Hardwaregeräte und Softwaredienste im Netzwerk eine automatische Selbstkonfiguration durchführen und ihre Verfügbarkeit anzeigen.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 462184
Image MD5: EBBCD5DFBB1DE70E8F4AF8FA59E401FD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-102
Description: @%systemroot%\system32\browser.dll,-103
Image path: system32\DRIVERS\bowser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BridgeMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bridgeres.dll,-1
Image path: system32\DRIVERS\bridge.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer
Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\System32\Drivers\Brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BthEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Anforderungsblocktreiber
Image path: \SystemRoot\system32\drivers\BthEnum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BthPan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Image path: system32\DRIVERS\bthpan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Porttreiber
Image path: \SystemRoot\System32\Drivers\BTHport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): bthserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Description: @%SystemRoot%\System32\bthserv.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): BTHUSB
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Treiber für Bluetooth-Funkgerät
Image path: \SystemRoot\System32\Drivers\BTHUSB.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Audiogerät
Image path: system32\drivers\btwaudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwavdt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth AVDT
Image path: system32\DRIVERS\btwavdt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwdins
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Service
Description: Dient zum Installieren und Entfernen von Bluetooth-Geräten.
Object name: LocalSystem
Image path: C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
Image size: 864032
Image MD5: D65AA164ACD0F6706DBCFBBCC9731584
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): btwl2cap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth L2CAP Service
Image path: system32\DRIVERS\btwl2cap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): btwrchid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\btwrchid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): catchme
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \??\C:\ComboFix\catchme.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"
Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM-Laufwerktreiber
Image path: \SystemRoot\system32\drivers\cdrom.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\DRIVERS\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\clfs.sys,-100
Description: @%SystemRoot%\system32\clfs.sys,-101
Image path: System32\CLFS.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66384
Image MD5: D88040F816FDA31C3B466F0FA0918F29
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v2.0.50727_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
Image size: 89920
Image MD5: D1CEEA2B47CB998321C579651CE3E4F8
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v4.0.30319_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Image size: 130384
Image MD5: C5A75EB48E2344ABDC162BDA79E16841
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): clr_optimization_v4.0.30319_64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X64
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
Image size: 138576
Image MD5: C6F9AF94DCD58122A4D7E89DB6BED29D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku
Image path: system32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): CNG
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\cng.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery-Treiber
Image path: system32\DRIVERS\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): CompositeBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Busenumeratortreiber für Verbundgeräte
Image path: \SystemRoot\system32\drivers\CompositeBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS
Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1
Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): defragsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\defragsvc.dll,-101
Description: @%SystemRoot%\system32\defragsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
|
|
11.10.2013, 16:49
| #13 |
| | Windows7, Spybot findet multiple Malware 2. Teil Spybot-result: Code:
ATTFilter Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup
Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
Description: @%SystemRoot%\system32\dhcpcore.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd
Service (registry key): discache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\discache.sys,-102
Description: @%systemroot%\system32\drivers\discache.sys,-101
Image path: System32\drivers\discache.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Laufwerktreiber
Image path: system32\DRIVERS\disk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx,nsi
Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost
Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Trusted Audio Drivers
Image path: system32\drivers\drmkaud.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso
Service (registry key): ebdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II 10 GigE VBD
Image path: \SystemRoot\system32\DRIVERS\evbda.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): EFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\efssvc.dll,-100
Description: @%SystemRoot%\system32\efssvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 696832
Image MD5: C4002B6B41975F057D98C439030CEA07
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 127488
Image MD5: 4705E8EF9934482C5BB488CE28AFC681
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Hardwarefehler-Gerätetreiber
Image path: \SystemRoot\system32\drivers\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): EvtEng
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Event Log
Description: Manages the event trace messages for all the Intel® PROSet/Wireless Software components.
Object name: LocalSystem
Image path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
Image size: 1420560
Image MD5: 51643EE2712D9212E1E53CA7E8D8EB4A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fxsresm.dll,-118
Description: @%systemroot%\system32\fxsresm.dll,-122
Object name: NT AUTHORITY\NetworkService
Image path: %systemroot%\system32\fxssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler
Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: \SystemRoot\system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http
Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,http
Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
Image path: system32\drivers\fileinfo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr
Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
Image path: system32\drivers\filetrace.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
Image path: system32\drivers\fltmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3
Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
Image size: 42856
Image MD5: A8B7F3818AB65695E3A0BB3279F6DCE6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): FsDepends
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
Image path: System32\drivers\FsDepends.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 3
Depends On services: fltmgr
Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 8
Error Control: 0
Service (registry key): fvevol
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Image path: System32\DRIVERS\fvevol.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: system32\DRIVERS\GEARAspiWDM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,Mup
Service (registry key): gusvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Updater Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
Image size: 136120
Image MD5: C1B577B2169900F4CF7190C39F085794
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): hcw85cir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Hauppauge Consumer Infrared Receiver
Image path: \SystemRoot\system32\drivers\hcw85cir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst
Image path: \SystemRoot\system32\drivers\HdAudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-UAA-Bustreiber für High Definition Audio
Image path: \SystemRoot\system32\drivers\HDAudBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HidBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID UPS Battery Driver
Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\DRIVERS\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class-Treiber
Image path: \SystemRoot\system32\drivers\hidusb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): HomeGroupListener
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\ListSvc.dll,-100
Description: @%SystemRoot%\System32\ListSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanServer
Service (registry key): HomeGroupProvider
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\provsvc.dll,-100
Description: @%SystemRoot%\System32\provsvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: netprofm,fdrespub,fdphost
Service (registry key): HpSAMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\HpSAMD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-2
Image path: system32\drivers\HTTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): hwpolicy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
Image path: System32\drivers\hwpolicy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042-Tastatur- und PS/2-Mausanschluss-Treiber
Image path: \SystemRoot\system32\drivers\i8042prt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): iaStor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AHCI Controller
Image path: system32\DRIVERS\iaStor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID-Controller Windows 7
Image path: \SystemRoot\system32\drivers\iaStorV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IBMPMDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\ibmpmdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): IBMPMSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkPad PM Service
Object name: LocalSystem
Image path: %SystemRoot%\system32\ibmpmsvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
Image size: 69632
Image MD5: DAF66902F08796F9C694901660E5A64A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 856400
Image MD5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): igfx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\igdkmd64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE
Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHD64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IntcHdmiAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) High Definition Audio HDMI
Image path: system32\drivers\IntcHdmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel-Prozessortreiber
Image path: system32\DRIVERS\intelppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost
Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi
Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Image path: System32\drivers\ipnat.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod-Dienst
Description: iPod-Hardwareverwaltungsdienste
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 641352
Image MD5: 0FF335D687C85097725A53458160E81E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
Image path: system32\drivers\irenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort-Treiber
Image path: \SystemRoot\system32\drivers\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): IviRegMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IviRegMgr
Description: InterVideo Register Manager
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
Image size: 112152
Image MD5: 213822072085B5BBAD9AF30AB577D817
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): JMCR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\jmcr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastaturklassentreiber
Image path: \SystemRoot\system32\drivers\kbdclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastatur-HID-Treiber
Image path: \SystemRoot\system32\drivers\kbdhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): KSecPkg
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecpkg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): ksthunk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Streaming Thunks
Image path: \SystemRoot\system32\drivers\ksthunk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv
Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI
Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LENOVO.CAMMUTE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Camera Mute
Object name: LocalSystem
Image path: C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
Image size: 50536
Image MD5: CAB9C6C37FD0F9612B269349116504B6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): LENOVO.MICMUTE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Microphone Mute
Object name: LocalSystem
Image path: C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
Image size: 45496
Image MD5: C88EB33793420A79F601FB5E33E2EDD9
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: TPHKSVC
Service (registry key): lenovo.smi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo System Interface Driver
Image path: system32\DRIVERS\smiifx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): LENOVO.TPKNRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Keyboard Noise Reduction
Object name: LocalSystem
Image path: C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
Image size: 74088
Image MD5: 04B5F7F44CCB2FAB615C67ED0E6C8323
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): Lenovo.VIRTSCRLSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Auto Scroll
Object name: LocalSystem
Image path: C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
Image size: 93032
Image MD5: 6F2CC57EB5836D2AC9BD37F3554D55F8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio
Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd
Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SAS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\luafv.sys,-100
Description: @%systemroot%\system32\drivers\luafv.sys,-101
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost
Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MegaSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Microsoft SharePoint Workspace Audit Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft SharePoint Workspace Audit Service
Object name: NT AUTHORITY\LocalService
Image path: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
Image size: 50899608
Image MD5: 358DBCEAED372DD6C4C61AE8E5CAD195
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor-Klassenfunktionstreiber-Dienst
Image path: system32\DRIVERS\monitor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mausklassentreiber
Image path: \SystemRoot\system32\drivers\mouclass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Maus-HID-Treiber
Image path: system32\DRIVERS\mouhid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): mountmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
Image path: System32\drivers\mountmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multipfad-Bustreiber
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe
Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-104
Description: @%systemroot%\system32\webclnt.dll,-105
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss
Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1002
Description: @%systemroot%\system32\wkssvc.dll,-1003
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss
Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1004
Description: @%systemroot%\system32\wkssvc.dll,-1005
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb
Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1006
Description: @%systemroot%\system32\wkssvc.dll,-1007
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb
Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multipfadgeräte-spezifisches Modul
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS
Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): MSDTC Bridge 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): mshidkmdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msisadrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 73216
Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss
Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Proxy für Streaming Clock
Image path: system32\drivers\MSPCLOCK.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Proxy für Streaming Quality Manager
Image path: system32\drivers\MSPQM.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Systemverwaltungs-BIOS-Treiber
Image path: \SystemRoot\system32\drivers\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung
Image path: system32\drivers\MSTEE.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): MTConfig
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Input Configuration Driver
Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\mup.sys,-101
Description: @%systemroot%\system32\drivers\mup.sys,-102
Image path: System32\Drivers\mup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NAUpdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200
Description: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-201
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
Image size: 687400
Image MD5: 934BB0D23A25C8C136570800A5A149B6
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RPCSS
Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
Image path: system32\drivers\ndis.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): NdisCap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Capture LightWeight Filter
Description: NDIS Capture LightWeight Filter
Image path: system32\DRIVERS\ndiscap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
Image path: System32\DRIVERS\netbt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip
Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation
Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi
Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprofm.dll,-202
Description: @%SystemRoot%\system32\netprofm.dll,-203
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc
Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 116560
Image MD5: 3E5A36127E201DDF663176B66828FAFE
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Service (registry key): NETw5s64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit
Image path: system32\DRIVERS\NETw5s64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): netw5v64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
Image path: system32\DRIVERS\netw5v64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp
Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy
Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
Image path: system32\drivers\nsiproxy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP-Busfilter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: OHCI-konformer 1394-Hostcontroller (alt)
Image path: \SystemRoot\system32\drivers\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ose64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office 64 Source Engine
Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist zum Herunterladen von Setup-Updates und Watson-Fehlerberichten erforderlich.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
Image size: 174440
Image MD5: 4965B005492CBA7719E82B71E3245495
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): osppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Office Software Protection Platform
Description: Office Software Protection Platform Service (unlocalized description)
Object name: NT AUTHORITY\NetworkService
Image path: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
Image size: 4925184
Image MD5: 61BFFB5F57AD12F83AB64B7181829B34
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): Outlook
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc
Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
Image path: System32\drivers\partmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): PCDSRVC{127174DC-C366ED8B-06020101}_0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver
Image path: \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI-Bus-Treiber
Image path: system32\drivers\pci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): pcw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counters for Windows Driver
Image path: System32\drivers\pcw.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\sysWow64\perfhost.exe,-2
Description: @%systemroot%\SysWow64\perfhost.exe,-1
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\SysWow64\perfhost.exe
Image size: 20992
Image MD5: E495E408C93141E8FC72DC0C6046DDFA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc
Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc
Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe
Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): Power
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpo.dll,-100
Description: @%SystemRoot%\system32\umpo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Power Manager DBC Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Power Manager DBC Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
Image size: 75112
Image MD5: BAC02775CF629E5FE80BEA952F4448EF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: SENS
Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32006
Description: @%systemroot%\system32\rascfg.dll,-32006
Image path: system32\DRIVERS\raspptp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\DRIVERS\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): psadd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Lenovo Parties Service Access Device Driver
Image path: system32\DRIVERS\psadd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Psched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): PSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PSI
Description: PSI mini-filter driver
Image path: system32\DRIVERS\psi_mf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr
Service (registry key): PxHlpa64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHlpa64
Image path: System32\Drivers\PxHlpa64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO
Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAgileVpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Image path: system32\DRIVERS\AgileVpn.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,TapiSrv,RasAcd
Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32005
Description: @%systemroot%\system32\rascfg.dll,-32005
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc
Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1000
Description: @%systemroot%\system32\wkssvc.dll,-1001
Image path: system32\DRIVERS\rdbss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup
Service (registry key): rdpbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Device Redirector Bus Driver
Image path: \SystemRoot\system32\DRIVERS\rdpbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
Image path: system32\drivers\rdpencdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): RDPREFMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
Image path: system32\drivers\rdprefmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): rdyboost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: ReadyBoost
Image path: System32\drivers\rdyboost.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): RegSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PROSet/Wireless Registry Service
Description: Provides registry access to all Intel® PROSet/Wireless Software components
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
Image size: 831760
Image MD5: 3B71B5B91E7DCA93585D5A86C897ADC4
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,Bfe,RasMan,Http
Depends On group: NetBIOSGroup
Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): RFCOMM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
Image path: system32\DRIVERS\rfcomm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Roxio UPnP Renderer 10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio UPnP Renderer 10
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe"
Image size: 313840
Image MD5: 14A99FD851272C73B758546EF8F0E641
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): Roxio Upnp Server 10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Upnp Server 10
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe"
Image size: 362992
Image MD5: BA917F2F2BD5033E70823797C73CDFCB
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): RoxLiveShare10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LiveShare P2P Server 10
Description: Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe"
Image size: 309744
Image MD5: 8986D20CF294D794A79FB18FF697B68B
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Depends On services: RPCSS
Service (registry key): RoxMediaDB10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RoxMediaDB10
Description: Roxio RoxMediaDB10 Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
Image size: 1124848
Image MD5: D8C44229EB2495E774350529ED9BE08D
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): RoxWatch10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Roxio Hard Drive Watcher 10
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe"
Image size: 166384
Image MD5: 53716357F4B3C99112CF0A21932C5688
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 0
Service (registry key): RpcEptMapper
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%windir%\system32\RpcEpMap.dll,-1001
Description: @%windir%\system32\RpcEpMap.dll,-1002
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcEptMapper,DcomLaunch
Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): RtkAudioService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek Audio Service
Description: To check external HDMI device availability, HDMI device audio capability and update HDMI device capability into audio control panel
Object name: LocalSystem
Image path: C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
Image size: 199272
Image MD5: 24452CCCC3808B5AB0341A384BB72200
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): RTL8167
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek 8167 NT Driver
Image path: system32\DRIVERS\Rt64win7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS
Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bustreiber für SBP2-Transport/Protokoll
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc
Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay
Service (registry key): scfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
Image path: System32\DRIVERS\scfilter.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog
Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sdbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): Secunia PSI Agent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secunia PSI Agent
Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
Image size: 993848
Image MD5: 2D0599DD0124764FC939C59985C860DE
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): Secunia Update Agent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Secunia Update Agent
Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
Image size: 399416
Image MD5: 20B9E1ADBC58958B480933E4DA005DFB
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): SensrSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000
Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation
Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF-Speicherklassentreiber
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Geändert von PeterPan3 (11.10.2013 um 17:00 Uhr) |
|
11.10.2013, 17:01
| #14 |
| | Windows7, Spybot findet multiple Malware 3. und letzter Teil spybot-result: Code:
ATTFilter Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF-Speicherprotokolltreiber für MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF-Speicherprotokolltreiber für SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE
Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs
Service (registry key): Shockprf
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\Apsx64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SkypeUpdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Skype Updater
Description: Enables the detection, download and installation of updates for Skype.
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
Image size: 160944
Image MD5: F07AF60B152221472FBDB2FECEC4896D
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Depends On services: RpcSs
Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SMSvcHost 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http
Service (registry key): sppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppsvc.exe,-101
Description: @%SystemRoot%\system32\sppsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\sppsvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs
Service (registry key): sppuinotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
Description: @%SystemRoot%\system32\sppuinotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: EventSystem
Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-102
Description: @%systemroot%\system32\srvsvc.dll,-103
Image path: System32\DRIVERS\srv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2
Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-104
Description: @%systemroot%\system32\srvsvc.dll,-105
Image path: System32\DRIVERS\srv2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet
Service (registry key): SrvHsfHDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTAZL6.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): SrvHsfV92
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTDPV6.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): SrvHsfWinac
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTCNXT6.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP
Service (registry key): SSPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SSPORT
Image path: \??\C:\Windows\system32\Drivers\SSPORT.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): stexstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection
Service (registry key): stllssvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: stllssvr
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
Image size: 74392
Image MD5: FF5EB78AF7DFB68C2FB363537AAF753E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Service (registry key): SUService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: System Update
Description: ThinkVantage System Update
Object name: LocalSystem
Image path: "c:\Program Files (x86)\Lenovo\System Update\SUService.exe"
Image size: 28672
Image MD5: 7F7958C5B40F9441D1E8D704310D46FF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: winmgmt
Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software-Bus-Treiber
Image path: \SystemRoot\system32\drivers\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): SynTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo
Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs
Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): TCPIP6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TCPIP6TUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip
Service (registry key): TCPIPTUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip
Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal-Gerätetreiber
Image path: \SystemRoot\system32\drivers\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD
Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\themeservice.dll,-8192
Description: @%SystemRoot%\System32\themeservice.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): ThinkVantage Registry Monitor Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkVantage Registry Monitor Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe"
Image size: 1019904
Image MD5: 39AC444E07FDBD8C2E8E291A65D515D3
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): TPDIGIMN
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: APS Digitizer Activity Monitor
Image path: System32\DRIVERS\ApsHM64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): TPHDEXLGSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ThinkPad HDD APS Logging Service
Object name: LocalSystem
Image path: System32\TPHDEXLG64.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TPHKSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Anzeige am Bildschirm
Object name: LocalSystem
Image path: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
Image size: 63928
Image MD5: 2CF225E19490F499528B926263FE4554
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0
Service (registry key): TPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TPM
Description: TPM Driver
Image path: system32\drivers\tpm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TPPWRIF
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\drivers\Tppwr64v.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 194048
Image MD5: 773212B2AAA24C1E31F10246B15B276C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): TsUsbFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
Image path: system32\drivers\tsusbflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Tunnelminiport-Adaptertreiber
Image path: system32\DRIVERS\tunnel.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): TVT Backup Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TVT Backup Service
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe"
Image size: 1475896
Image MD5: 003AFB1490828615B041849ABB40EAA1
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0
Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP-Bus-Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBusenumerator-Treiber
Image path: \SystemRoot\system32\drivers\umbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): UmPass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UMPass Driver
Image path: \SystemRoot\system32\DRIVERS\umpass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP
Service (registry key): USBAAPL64
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Standard-USB-Haupttreiber
Image path: system32\DRIVERS\usbccgp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome-Infrarotempfänger (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller
Image path: system32\DRIVERS\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB-Standardhubtreiber
Image path: system32\DRIVERS\usbhub.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für Microsoft USB Open Host-Controller
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB-Druckerklasse
Image path: system32\DRIVERS\usbprint.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Massenspeichertreiber
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für universellen Microsoft USB-Hostcontroller
Image path: system32\DRIVERS\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): usbvideo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Videogerät (WDM)
Image path: \SystemRoot\System32\Drivers\usbvideo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Service (registry key): VaultSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): vdrvroot
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Enumerator-Treiber für Microsoft Virtual Drive
Image path: system32\drivers\vdrvroot.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay
Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0
Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0
Service (registry key): vhdmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vhdmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3
Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Treiber für Volume-Manager
Image path: system32\drivers\volmgr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
Image path: System32\drivers\volmgrx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Speichervolumes
Image path: system32\drivers\volsnap.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3
Service (registry key): vpnagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cisco AnyConnect VPN Agent
Description: Cisco AnyConnect VPN Agent for Windows
Object name: LocalSystem
Image path: "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
Image size: 603896
Image MD5: 34756733F0480D68E519E80E22E05D12
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip
Service (registry key): vpnva
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Image path: system32\DRIVERS\vpnva64.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): vwifibus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtueller WiFi-Bustreiber
Description: Virtueller WiFi-Bustreiber
Image path: system32\DRIVERS\vwifibus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): vwififlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Image path: system32\DRIVERS\vwififlt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WANARP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32011
Description: @%systemroot%\system32\rascfg.dll,-32011
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32012
Description: @%systemroot%\system32\rascfg.dll,-32012
Image path: system32\DRIVERS\wanarp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): wbengine
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbengine.exe,-104
Description: @%systemroot%\system32\wbengine.exe,-105
Object name: localSystem
Image path: "%systemroot%\system32\wbengine.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WbioSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbiosrvc.dll,-100
Description: @%systemroot%\system32\wbiosrvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,VaultSvc,WUDFSvc
Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
Image path: system32\drivers\Wdf01000.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: MRxDAV
Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog
Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0
Service (registry key): WfpLwf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Image path: system32\DRIVERS\wfplwf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): WIMMount
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIMMount
Description: WIM Image mount service driver
Image path: system32\drivers\wimmount.sys
Image size: 19008
Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp
Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS
Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP
Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1
Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): WinUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WinUsb
Image path: system32\DRIVERS\WinUsb.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost
Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: http
Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs
Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt
Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 427520
Image MD5: 236F286E103FD44BD85FDD93097FD5DD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS
Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss
Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
Image path: system32\drivers\WudfPf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf
Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc
Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {5AD29A40-F331-4821-9CC5-70729D07D4AD}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {B39160C2-8AE5-4CC7-A88C-EB64E0E7E411}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {D07D5F26-17E3-4D04-B6FA-74D8C7645EB5}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Service (registry key): {FCEDB62C-4188-4CBA-AAF4-EAAD9581F5C0}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
|
|
12.10.2013, 14:54
| #15 |
| /// the machine /// TB-Ausbilder | Windows7, Spybot findet multiple Malware Java, Adobe, Firefox und Thunderbird updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Spybot wird eigentlisch shcon lange nimmer empfohlen. Lass die Funde mal löschen, dann ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows7, Spybot findet multiple Malware |
| 4d36e972-e325-11ce-bfc1-08002be10318, avira, avira searchfree toolbar, bildschirm, chromium, excel, farbar, farbar recovery scan tool, flash player, malware, pdfforge toolbar, plug-in, pup.optional.bandoo.a, pup.optional.datamngr.a, pup.optional.digitalsite.a, pup.optional.installcore, pup.optional.searchqu, pwmtr64v.dll, safer networking, scan, services.exe, svchost.exe, system, viren, windows |
WARNUNG an die MITLESER: 
Linear-Darstellung
