Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows7, Spybot findet multiple Malware

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.10.2013, 19:30   #1
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Hallo Zusammen,

Nach längerer Zeit habe ich nun erstmals mein Spybot über mein System laufen lassen. Leider zeigten sich unzählige Viren bzw. Malware, woraufhin ich hiermit Eure Hilfe ersuche.
Wie empfohlen liess ich die angegeben Programme über mein System laufen. Hier folgend liste ich die entsprechenden Logfiles auf:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Dirka (ATTENTION: The logged in user is not administrator) on DIRKA-THINK on 08-10-2013 19:47:05
Running from C:\Users\Dirka\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Bandoo Media, inc) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [PoivY] - "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\...\Runonce: [Del704687] - cmd.exe /Q /D /c del "C:\Users\Dirka\AppData\Local\Temp\0.del"
MountPoints2: {5ed9dc6f-5da2-11e0-a292-806e6f6e6963} - Q:\LenovoQDrive.exe
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [534880 2011-06-24] (Spigot, Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe [1694608 2011-12-06] (Bandoo Media, inc)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1558480 2013-07-26] (APN)
AppInit_DLLs: C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll  [1791384 2011-12-06] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll  [1233816 2011-12-06] (Bandoo Media, inc)
Lsa: [Notification Packages] scecli ACGina

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/thinkpad
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=169&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL = 
SearchScopes: HKCU - {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL = 
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default
FF DefaultSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF Homepage: hxxp://www.searchqu.com/406
FF Keyword.URL: hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @e-academy.com/Host SDM Plugin; version=1.0.0.0 - C:\Users\Dirka\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\web-search.xml
FF SearchPlugin: C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Searchqu Toolbar - C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: No Name - C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup:         "urls_to_restore_on_startup": [
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Extension: (Avira Toolbar) - C:\Users\Dirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj\7.15.13.38650_0
CHR Extension: (Skype Click to Call) - C:\Users\Dirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-26] (Avira Operations GmbH & Co. KG)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:45 - 2013-10-08 19:46 - 01954124 _____ (Farbar) C:\Users\Dirka\Downloads\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:40 - 2013-10-08 19:40 - 00001121 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-10-08 19:40 - 2013-10-08 19:40 - 00000292 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\DigitalSite
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-08 19:39 - 2013-10-08 19:39 - 00749248 _____ C:\Users\Dirka\Downloads\ZipExtractorSetup.exe
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-09-12 19:33 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 19:33 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 19:33 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 19:33 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 19:33 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 19:33 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 19:33 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 19:33 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 19:33 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 19:33 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 19:33 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 19:33 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 19:33 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 19:33 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-11 08:51 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 08:51 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:51 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-11 08:51 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-11 08:51 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-11 08:51 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-11 08:51 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-11 08:51 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:51 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-11 08:51 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-11 08:51 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:51 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:51 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-11 08:51 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-11 08:51 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-11 08:51 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-11 08:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-08 17:25 - 2013-09-08 18:26 - 00000000 ____D C:\Users\Dirka\Desktop\Auswahl Schlafzimmer
2013-09-08 17:20 - 2013-09-08 17:20 - 00001117 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-09-08 17:19 - 2013-09-08 17:19 - 14965064 _____ (Google Inc.) C:\Users\Dirka\Downloads\picasa39-setup_3.9.136.20.exe

==================== One Month Modified Files and Folders =======

2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:46 - 2013-10-08 19:45 - 01954124 _____ (Farbar) C:\Users\Dirka\Downloads\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2011-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-08 19:43 - 2011-07-22 11:08 - 00000000 ____D C:\Users\Save
2013-10-08 19:43 - 2011-04-03 05:58 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-08 19:41 - 2012-11-24 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-08 19:40 - 2013-10-08 19:40 - 00001121 _____ C:\Users\Public\Desktop\Open It!.lnk
2013-10-08 19:40 - 2013-10-08 19:40 - 00000292 _____ C:\Windows\Tasks\DigitalSite.job
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\DigitalSite
2013-10-08 19:40 - 2013-10-08 19:40 - 00000000 ____D C:\Program Files (x86)\OpenIt
2013-10-08 19:39 - 2013-10-08 19:39 - 00749248 _____ C:\Users\Dirka\Downloads\ZipExtractorSetup.exe
2013-10-08 19:36 - 2011-04-03 05:58 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-08 19:36 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-08 19:36 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-08 19:34 - 2011-04-03 05:31 - 01062959 _____ C:\Windows\WindowsUpdate.log
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-08 19:28 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-08 19:28 - 2009-07-14 06:51 - 00141730 _____ C:\Windows\setupact.log
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-10-03 15:04 - 2011-07-21 22:09 - 00000000 ____D C:\Users\Dirka
2013-10-03 15:03 - 2011-12-12 12:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-20 21:55 - 2011-04-03 15:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-20 21:55 - 2011-04-03 15:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-20 21:55 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 21:42 - 2012-11-24 20:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-20 21:42 - 2011-07-22 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-14 23:48 - 2011-07-23 13:55 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\Skype
2013-09-13 07:41 - 2013-05-18 00:48 - 00000000 ____D C:\Users\Dirka\AppData\Local\Mozilla Firefox
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-13 00:29 - 2009-07-14 06:45 - 00460216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:34 - 2011-08-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 19:33 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 19:30 - 2011-07-22 17:37 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-08 18:26 - 2013-09-08 17:25 - 00000000 ____D C:\Users\Dirka\Desktop\Auswahl Schlafzimmer
2013-09-08 18:12 - 2013-09-07 16:38 - 00000000 ____D C:\Users\Dirka\Desktop\gui y christian
2013-09-08 17:53 - 2013-08-29 16:03 - 00000000 ____D C:\Users\Dirka\Desktop\100_PANA
2013-09-08 17:20 - 2013-09-08 17:20 - 00001117 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2013-09-08 17:20 - 2011-08-18 16:24 - 00000000 ____D C:\Users\Dirka\AppData\Local\Google
2013-09-08 17:20 - 2011-08-10 14:29 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-08 17:19 - 2013-09-08 17:19 - 14965064 _____ (Google Inc.) C:\Users\Dirka\Downloads\picasa39-setup_3.9.136.20.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================
         
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Dirka at 2013-10-08 19:48:48
Running from C:\Users\Dirka\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (Version: 1.00)
Access Help (x32 Version: 3.00)
Adobe AIR (x32 Version: 3.5.0.880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.175)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.168)
Adobe Reader 9.4.5 (x32 Version: 9.4.5)
Anzeige am Bildschirm (Version: 6.10.01)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection (x32 Version: 12.2.2.663)
Bonjour (Version: 3.0.0.10)
CDBurnerXP (x32 Version: 4.5.0.3661)
Cisco AnyConnect VPN Client (x32 Version: 2.5.2019)
Create Recovery Media (x32 Version: 1.20.0.00)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
DirectX 9 Runtime (x32 Version: 1.00.0000)
EndNote X5 (x32 Version: 15.0.0.5478)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel(R) PROSet/Wireless WiFi-Software (Version: 13.00.0000)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.5.1)
Java(TM) 6 Update 26 (64-bit) (Version: 6.0.260)
Java(TM) 6 Update 26 (x32 Version: 6.0.260)
JMicron Flash Media Controller Driver (x32 Version: 1.00.29.02)
Lenovo Auto Scroll Utility (Version: 1.00)
Lenovo System Interface Driver (Version: 1.02)
Lenovo ThinkVantage Toolbox (Version: 6.0.5717.21)
Lenovo Welcome (x32 Version: 2.02.003.0)
Malwarebytes' Anti-Malware Version 1.51.1.1800 (x32 Version: 1.51.1.1800)
Message Center Plus (x32 Version: 2.0.0012.00)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Outlook Hotmail Connector 64-Bit (Version: 14.0.5118.5000)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (Version: 14.0.5120.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mobile Broadband (x32 Version: 3.6.0006)
Mozilla Firefox 21.0 (x86 de) (HKCU Version: 21.0)
Mozilla Firefox 6.0 (x86 de) (x32 Version: 6.0)
Mozilla Thunderbird (3.1.16) (x32 Version: 3.1.16 (en-GB))
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Nero Burning ROM 11 (x32 Version: 11.0.10500)
Nero Burning ROM 11 (x32 Version: 11.0.12500.24.100)
Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300)
Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27)
Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300)
Nero Core Components 11 (x32 Version: 11.0.15600.1.17)
Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100)
Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400)
Nero Update (x32 Version: 11.0.11500.28.0)
nero.prerequisites.msi (x32 Version: 11.0.20008)
Open It! (x32 Version: 1.1.1)
PASW Smartreader 18 (x32 Version: 18.0.1)
PDFCreator (x32 Version: 1.2.2)
pdfforge Toolbar v4.5 (x32 Version: 4.5)
Picasa 3 (x32 Version: 3.9)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.11.1127.2009)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6146)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
Rescue and Recovery (x32 Version: 4.30.0025.00)
ResearchSoft Direct Export Helper (x32)
Roxio Activation Module (x32 Version: 1.0)
Roxio Central Audio (x32 Version: 3.8.0)
Roxio Central Copy (x32 Version: 3.8.0)
Roxio Central Core (x32 Version: 3.8.0)
Roxio Central Data (x32 Version: 3.8.0)
Roxio Central Tools (x32 Version: 3.8.0)
Roxio Creator Small Business Edition (x32 Version: 10.3)
Roxio Creator Small Business Edition (x32 Version: 10.3.081)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Saal Design Software (x32 Version: 3.1.26)
Secunia PSI (2.0.0.3003) (x32)
Secure Download Manager (x32 Version: 3.0.0)
Skype Click to Call (x32 Version: 5.9.9216)
Skype™ 5.10 (x32 Version: 5.10.116)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0)
Sonic Icons for Lenovo (x32 Version: 2.0.0)
SPSS SmartViewer 15G (x32 Version: 15.0.1)
Spybot - Search & Destroy (x32 Version: 1.6.2)
System Update (x32 Version: 4.00.0032)
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 6.2.0.9600)
ThinkPad Energie-Manager (x32 Version: 3.30)
ThinkPad FullScreen Magnifier (Version: 2.15)
ThinkPad Power Management Driver (Version: 1.60.0.4)
ThinkPad UltraNav Driver (Version: 15.0.18.0)
ThinkVantage Access Connections (x32 Version: 5.72)
ThinkVantage Communications Utility (Version: 1.42)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.72)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553157) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589370) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760758) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Zip Extractor (HKCU)
VD64Inst (Version: 1.00.0000)
Verizon Wireless Mobile Broadband Self Activation (x32 Version: 3.1.4)
VLC media player 1.1.11 (x32 Version: 1.1.11)
Wartung Samsung CLP-320 Series (x32)
Windows iLivid Toolbar (x32 Version: 3.0.0.118320)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
Windows-Treiberpaket - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (Version: 01/15/2010 9.5.7.1002)
Windows-Treiberpaket - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (Version: 11/18/2009 1.60.0.4)
WinRAR 4.20 (64-Bit) (Version: 4.20.0)

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\Dirka\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job => ?
Task: C:\Windows\Tasks\SystemToolsDailyTest.job => ?

==================== Loaded Modules (whitelisted) =============

2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-04-03 05:43 - 2010-08-24 20:30 - 00047616 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2009-07-01 18:54 - 2009-07-01 18:54 - 00173344 _____ () C:\Program Files\ThinkPad\Bluetooth Software\btkeyind.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\Users\Dirka\Desktop\10x15 (2).JPG:Roxio EMC Stream

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2013 07:15:48 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11d0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (10/07/2013 09:29:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x1158
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/20/2013 07:21:42 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11f0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/18/2013 09:32:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11e4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/16/2013 06:07:54 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11d4
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/14/2013 10:29:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x11a0
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/13/2013 11:03:44 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0x128c
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3

Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6302

Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6302

Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%0

Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/08/2013 07:15:57 AM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/07/2013 09:29:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (10/07/2013 09:29:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Browser-Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.

Error: (10/07/2013 09:29:57 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/07/2013 09:29:56 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: 
%%5

Error: (10/07/2013 07:13:06 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Bluetooth Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (10/07/2013 07:13:06 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Bluetooth Service erreicht.


Microsoft Office Sessions:
=========================
Error: (10/08/2013 07:15:48 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711d001cec3e5695b6bd1C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeb07cce28-2fd8-11e3-b8f4-60eb69fcc3ee

Error: (10/07/2013 09:29:46 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487115801cec3938b7875b1C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exed2a8204a-2f86-11e3-b45b-60eb69fcc3ee

Error: (09/20/2013 07:21:42 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711f001ceb5c140c3248eC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe87dd62c4-21b4-11e3-a293-60eb69fcc3ee

Error: (09/18/2013 09:32:17 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711e401ceb4a5bf2a4783C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe06506c9b-2099-11e3-ae4a-60eb69fcc3ee

Error: (09/16/2013 06:07:54 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711d401ceb2f6dd311490C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe244b52c6-1eea-11e3-a64a-60eb69fcc3ee

Error: (09/14/2013 10:29:21 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148711a001ceb1890e36868bC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe559cf0ca-1d7c-11e3-81b1-60eb69fcc3ee

Error: (09/13/2013 11:03:44 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487128c01ceb0c4b10f6ba7C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exef925bd42-1cb7-11e3-9857-60eb69fcc3ee

Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6302

Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6302

Error: (09/11/2013 09:15:43 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


==================== Memory info =========================== 

Percentage of memory in use: 41%
Total physical RAM: 3932.86 MB
Available physical RAM: 2307.86 MB
Total Pagefile: 7863.91 MB
Available Pagefile: 5900.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:454.82 GB) (Free:298.2 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:1.91 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
         
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-08 20:13:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.PC4Z 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Save\AppData\Local\Temp\kglcipow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[2652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                               00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2840] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69             0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe[2924] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155            00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[4060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[1568] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69             0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe[1568] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155            00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[3552] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                            0000000077871465 2 bytes [87, 77]
.text  C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                           00000000778714bb 2 bytes [87, 77]
.text  ...                                                                                                                                     * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f74a                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ec55f9de5ed2                                                             
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f74a (not active ControlSet)                                         
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ec55f9de5ed2 (not active ControlSet)                                         

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                                   unknown MBR code

---- EOF - GMER 2.1 ----
         
Vielen Dank schonmal im Vorraus für Eure Hilfe.

Gruss, Peter Pan.

Alt 08.10.2013, 20:48   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



hi,

Logfile von Spybot?
__________________

__________________

Alt 09.10.2013, 06:31   #3
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Hallo nochmal,

Vielen Dank für die Bearbeitung. Folgendes müsste die Spybot-logfile sein, wnen ich´s richtig verstehe: (die logfile wird als zu gross erkannt, daher splitte ich sie in zwei Teile)

Teil 1:

Code:
ATTFilter
--- Search result list ---
Widgi.Toolbar: [SBI $21855786] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $BA954ED7] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $59BF3ADB] Class ID (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $DABAA047] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420

Widgi.Toolbar: [SBI $DABAA047] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420

Widgi.Toolbar: [SBI $885BB76E] Settings (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Application Updater

Widgi.Toolbar: [SBI $CD244338] Browser helper object (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $EECF060A] Settings (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420

Widgi.Toolbar: [SBI $66BF948F] IE toolbar (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $16C3A07B] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\

Widgi.Toolbar: [SBI $000389AB] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\

Widgi.Toolbar: [SBI $1E14509F] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res\

Widgi.Toolbar: [SBI $E1F050EF] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\

Widgi.Toolbar: [SBI $03E18DB3] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\IE\

Widgi.Toolbar: [SBI $60A6F1DA] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\Res\

Widgi.Toolbar: [SBI $65C7C8B1] Shared DLL  (1 apps) (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

Widgi.Toolbar: [SBI $65C7C8B1]  System file (File, nothing done)
  C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
  Properties.size=393112
  Properties.md5=2C6DEF132CC6CF5A9DEF7B7EB35A7756
  Properties.filedate=1308929448
  Properties.filedatetext=2011-06-24 17:30:48

Widgi.Toolbar: [SBI $5AE37010] Shared DLL  (1 apps) (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

Widgi.Toolbar: [SBI $5AE37010]  System file (File, nothing done)
  C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
  Properties.size=534880
  Properties.md5=DA40D166282A6D3D78CE182E3E2F9B71
  Properties.filedate=1308932560
  Properties.filedatetext=2011-06-24 18:22:40

Widgi.Toolbar: [SBI $0B12F9B5] Program directory (Directory, nothing done)
  C:\Program Files (x86)\Application Updater\

Widgi.Toolbar: [SBI $B5E507B2]  Text file (File, nothing done)
  C:\Program Files (x86)\Application Updater\config.ini
  Properties.size=85
  Properties.md5=9E44EB00BBA056FA9B8440EF1D6C356E
  Properties.filedate=1313656301
  Properties.filedatetext=2011-08-18 10:31:40

Widgi.Toolbar: [SBI $05E59E37] Program directory (Directory, nothing done)
  C:\Program Files (x86)\Common Files\Spigot\

Widgi.Toolbar: [SBI $9DDBABD2] Program directory (Directory, nothing done)
  C:\Program Files (x86)\Common Files\Spigot\Search Settings\

Widgi.Toolbar: [SBI $10B6A612]  Data (File, nothing done)
  C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini
  Properties.size=45
  Properties.md5=DD9603D0052E892266D2C9AE59062A4B
  Properties.filedate=1313656301
  Properties.filedatetext=2011-08-18 10:31:40

Widgi.Toolbar: [SBI $2CCE143F] Program directory (Directory, nothing done)
  C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res\

Widgi.Toolbar: [SBI $E91FEAE1] Program directory (Directory, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\

Widgi.Toolbar: [SBI $D23DEEBB] Program directory (Directory, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\IE\

Widgi.Toolbar: [SBI $47F603E8] Program directory (Directory, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\amazon.gif
  Properties.size=976
  Properties.md5=2113CCD1843F1BEFF79E9E5013CB1F45
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\ebay.gif
  Properties.size=920
  Properties.md5=6184113E3CEA69ED84DEBF9EBC15614D
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\icon_settings.gif
  Properties.size=941
  Properties.md5=934612DB06B052027E26EA362B5FC57B
  Properties.filedate=1308926332
  Properties.filedatetext=2011-06-24 16:38:52

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_branding.gif
  Properties.size=1365
  Properties.md5=651B9292689487D15DF55F6AD14A2057
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_branding_hover.gif
  Properties.size=1462
  Properties.md5=312F2B09641BA1003A9F1EE14EE79F6A
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_icon.gif
  Properties.size=1027
  Properties.md5=299A1911C0C28C39556F9C7D1B219A7D
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\pdfc_portal_logo.gif
  Properties.size=2695
  Properties.md5=7FA0C2F788B637949004F892263BDDFE
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search-button-hover.gif
  Properties.size=1029
  Properties.md5=4922C75F4D9975F847E2CAE95D69BC09
  Properties.filedate=1308926332
  Properties.filedatetext=2011-06-24 16:38:52

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search-button.gif
  Properties.size=1037
  Properties.md5=4950662A97FB05D1C5DCE6A2192ADB8E
  Properties.filedate=1308926332
  Properties.filedatetext=2011-06-24 16:38:52

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search-chevron-hover.gif
  Properties.size=948
  Properties.md5=03D6C15A2D04370DB72FC1D43F92B3E6
  Properties.filedate=1308926332
  Properties.filedatetext=2011-06-24 16:38:52

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search-chevron.gif
  Properties.size=846
  Properties.md5=4FE6D25A5D981847730E75DA391B66DC
  Properties.filedate=1308926332
  Properties.filedatetext=2011-06-24 16:38:52

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search_amazon.gif
  Properties.size=1004
  Properties.md5=2329A190840620B30D80C7E8F4B4C51C
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search_ebay.gif
  Properties.size=929
  Properties.md5=69286ABD58F84241A321A06D14A3B1BE
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $0C74B726]  Picture (File, nothing done)
  C:\Program Files (x86)\pdfforge Toolbar\Res\search_yahoo.gif
  Properties.size=941
  Properties.md5=7C8E1580C8FFDD48909C6BE4FAABE2DA
  Properties.filedate=1308926330
  Properties.filedatetext=2011-06-24 16:38:50

Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater

Widgi.Toolbar: [SBI $D4C0BB69] System Service (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Application Updater

Widgi.Toolbar: [SBI $B9464833] System Service (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Application Updater

Widgi.Toolbar: [SBI $B9464833] System Service (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Application Updater

Widgi.Toolbar: [SBI $E4808FA3] Settings (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Application Updater\

Delta.Toolbar: [SBI $20319BF7] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\DataMngr

Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

Delta.Toolbar: [SBI $15E43F9C] Settings (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr

Delta.Toolbar: [SBI $6BE91D8E] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\DataMngr_Toolbar

ilivid.Toolbar: [SBI $C587F2AD] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $16402865] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

ilivid.Toolbar: [SBI $16402865] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}

ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader

ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1

ilivid.Toolbar: [SBI $321DA5BC] Class ID (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $321DA5BC] Browser helper object (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1

ilivid.Toolbar: [SBI $321DA5BC] Class ID (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $321DA5BC] Browser helper object (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $321DA5BC] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader

ilivid.Toolbar: [SBI $96F49016] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $96F49016] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}

ilivid.Toolbar: [SBI $AA2E574B] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}

ilivid.Toolbar: [SBI $AA2E574B] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}

ilivid.Toolbar: [SBI $D6ADF7FF] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

ilivid.Toolbar: [SBI $D6ADF7FF] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}

ilivid.Toolbar: [SBI $731A7BA1] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

ilivid.Toolbar: [SBI $731A7BA1] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}

ilivid.Toolbar: [SBI $78A06FCC] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

ilivid.Toolbar: [SBI $78A06FCC] Class ID (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}

ilivid.Toolbar: [SBI $78A06FCC] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard

ilivid.Toolbar: [SBI $78A06FCC] Class ID (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}

ilivid.Toolbar: [SBI $E1BC31E6] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

ilivid.Toolbar: [SBI $E1BC31E6] Root class (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1

ilivid.Toolbar: [SBI $AE815289] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

ilivid.Toolbar: [SBI $AE815289] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}

ilivid.Toolbar: [SBI $79F07338] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

ilivid.Toolbar: [SBI $79F07338] Settings (Registry key, nothing done)
  HKEY_CLASSES_ROOT\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}

ilivid.Toolbar: [SBI $02FE75BF] Settings (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

ilivid.Toolbar: [SBI $02FE75BF] Settings (Registry key, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

ilivid.Toolbar: [SBI $AD51DBF4] Program directory (Directory, nothing done)
  C:\Users\Dirka\AppData\LocalLow\DataMngr\

Widgi.Toolbar: [SBI $371BD888] Autorun settings (SearchSettings) (Registry value, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SearchSettings

Ask.MyGlobalSearch: [SBI $115DC360] User settings (Registry key, nothing done)
  HKEY_USERS\.DEFAULT\Software\Ask.com

Ask.MyGlobalSearch: [SBI $115DC360] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-18\Software\Ask.com

Ask.MyGlobalSearch: [SBI $9FA3D6C1] User settings (Registry key, nothing done)
  HKEY_USERS\.DEFAULT\Software\AskToolbar

Ask.MyGlobalSearch: [SBI $9FA3D6C1] User settings (Registry key, nothing done)
  HKEY_USERS\S-1-5-18\Software\AskToolbar

MediaPlex: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
  

MediaPlex: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
  

FastClick: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
  

Tradedoubler: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
  

DoubleClick: Tracking cookie (Internet Explorer: Dirka) (Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-02-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-09-10 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-02 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-01 Includes\TrojansC-03.sbi (*)
2013-09-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-09-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
   file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   size: 937920
    MD5: 47C1DE0A890613FFCFF1D67648EEDF90

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
   file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
   size: 37296
    MD5: 69169586EFAD19F53C2012FFD8FDCF45

Located: HK_LM:Run, ApnTBMon
command: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
   file: C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
   size: 1558480
    MD5: 3FD2D921EA76F7B64D4F362612B569E1

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
   file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
   size: 59720
    MD5: 61E4289E91E88C90478D7F4BEB10DCF7

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
   file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
   size: 347192
    MD5: 99DA1D6BB12C09D06B627AE0F1753789

Located: HK_LM:Run, DATAMNGR
command: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
   file: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
   size: 1694608
    MD5: D8B3EB0A5B5FDBC1609E4E2B66CE3F93

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
   file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
   size: 152392
    MD5: A9F9D081518AC03A51C1195986076F42

Located: HK_LM:Run, Message Center Plus
command: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
   file: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
   size: 49976
    MD5: 3B376496187AB240FAC6ECD7BD1251F6

Located: HK_LM:Run, PWMTRV
command: rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
   file: C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL
   size: 1129832
    MD5: 8F9D8F68DD4892AF17EB3996FE03689A

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
   file: C:\Program Files (x86)\QuickTime\QTTask.exe
   size: 421888
    MD5: 9ACCBC5891BA51B5B29C1A88F80D4CE3

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
   file: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
   size: 244208
    MD5: AA2D2B5663D5227E6BE5849E6D7DA882

Located: HK_LM:Run, Samsung PanelMgr
command: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
   file: C:\Windows\Samsung\PanelMgr\SSMMgr.exe
   size: 688128
    MD5: 1ED7FD4B342AE1CA57969B0C01667D85

Located: HK_LM:Run, SearchSettings
command: "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
   file: C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
   size: 534880
    MD5: DA40D166282A6D3D78CE182E3E2F9B71

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
   file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   size: 254696
    MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B

Located: HK_CU:RunOnce, SPReview
  where: .DEFAULT...
command: "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
   file: C:\Windows\System32\SPReview\SPReview.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, msnmsgr
  where: S-1-5-21-2504536262-671961439-3406205668-1001...
command: "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
   file: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, PoivY
  where: S-1-5-21-2504536262-671961439-3406205668-1001...
command: "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
   file: C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, Sidebar
  where: S-1-5-21-2504536262-671961439-3406205668-1001...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
   file: C:\Program Files\Windows Sidebar\sidebar.exe
   size: 1475584
    MD5: E3BF29CED96790CDAAFA981FFDDF53A3

Located: HK_CU:RunOnce, SPReview
  where: S-1-5-18...
command: "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
   file: C:\Windows\System32\SPReview\SPReview.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: Startup (common), Bluetooth.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
   file: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: Startup (common), Secunia PSI Tray.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
   file: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
   size: 291896
    MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: AcroIEHelperStub
        CLSID name: Adobe PDF Link Helper
              Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
         Long name: AcroIEHelperShim.dll
        Short name:       ACROIE~2.DLL
    Date (created): 22.09.2010 18:04:14
Date (last access): 22.07.2011 18:24:56
 Date (last write): 22.09.2010 18:04:14
          Filesize:              75200
        Attributes:           archive 
               MD5: 203A74767EB81F96A5166B1933DB46D0
             CRC32:           B0D671C9
           Version:          9.4.0.195

{41564952-412D-5637-00A7-7A786E7484D7} (Avira SearchFree Toolbar plus Web Protection BHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Avira SearchFree Toolbar plus Web Protection BHO
        CLSID name: Avira SearchFree Toolbar plus Web Protection
              Path: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\
         Long name:      Passport.dll"

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Groove GFS Browser Helper
              Path: C:\PROGRA~2\MICROS~4\Office14\
         Long name:       GROOVEEX.DLL
        Short name:                   
    Date (created): 16.08.2012 06:43:44
Date (last access): 16.11.2012 00:45:46
 Date (last write): 16.08.2012 06:43:44
          Filesize:            4171424
        Attributes:           archive 
               MD5: 660C8E78B94F483E44B0243A774A4746
             CRC32:           AA836D07
           Version:     14.0.6126.5000

{99079a25-328f-4bd4-be04-00955acaa0a7} (Searchqu Toolbar)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Searchqu Toolbar
        CLSID name: Searchqu Toolbar
              Path: C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar\
         Long name:    searchqudtx.dll
        Short name:       SEARCH~2.DLL
    Date (created): 31.10.2011 15:37:30
Date (last access): 04.02.2012 19:51:44
 Date (last write): 31.10.2011 15:37:30
          Filesize:              88976
        Attributes:           archive 
               MD5: AD14E447F7CED4CA987B91B379EAF952
             CRC32:           03993075
           Version:           1.0.0.20

{9D717F81-9148-4f12-8568-69135F087DB0} (DataMngr)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: DataMngr
              Path: C:\PROGRA~2\WI3C8A~1\Datamngr\
         Long name: BrowserConnection.dll
        Short name:       BROWSE~1.DLL
    Date (created): 04.02.2012 19:51:48
Date (last access): 04.02.2012 19:51:48
 Date (last write): 06.12.2011 12:18:06
          Filesize:             101272
        Attributes:           archive 
               MD5: F56B3F868CE3AE9A4A81B5AEA7C8806E
             CRC32:           E54D795B
           Version:            3.5.0.0

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} (SkypeIEPluginBHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: SkypeIEPluginBHO
        CLSID name: Skype Browser Helper
              Path: C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\
         Long name:  skypeieplugin.dll
        Short name:       SKYPEI~1.DLL
    Date (created): 17.01.2012 11:43:46
Date (last access): 22.04.2012 16:02:04
 Date (last write): 17.01.2012 11:43:46
          Filesize:            3855520
        Attributes:           archive 
               MD5: 70CE1DA6684A7043B0008C2F2E286E27
             CRC32:           146CBAA3
           Version:         5.9.0.9216

{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: URLRedirectionBHO
        CLSID name: Office Document Cache Handler
              Path: C:\PROGRA~2\MICROS~4\Office14\
         Long name:       URLREDIR.DLL
        Short name:                   
    Date (created): 21.12.2010 02:05:22
Date (last access): 29.11.2011 11:13:44
 Date (last write): 21.12.2010 02:05:22
          Filesize:             561552
        Attributes:           archive 
               MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
             CRC32:           CEA4973B
           Version:     14.0.6015.1000

{B922D405-6D13-4A2B-AE89-08A030DA4402} (pdfforge Toolbar)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: pdfforge Toolbar
              Path: C:\Program Files (x86)\pdfforge Toolbar\IE\4.5\
         Long name: pdfforgeToolbarIE.dll
        Short name:       PDFFOR~1.DLL
    Date (created): 24.06.2011 18:22:38
Date (last access): 18.08.2011 10:31:42
 Date (last write): 24.06.2011 18:22:38
          Filesize:             734048
        Attributes:           archive 
               MD5: 808CA0E4D7B62E5B3B2D5AC278D3BF8E
             CRC32:           90BB5742
           Version:            4.5.0.2

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Java(tm) Plug-In 2 SSV Helper
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:         jp2ssv.dll
        Short name:                   
    Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
 Date (last write): 22.07.2011 17:32:58
          Filesize:              42272
        Attributes:           archive 
               MD5: E7D55E121FF1951CB86C7E0DC6A33877
             CRC32:           0EA0302A
           Version:          6.0.260.3



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_26
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
 Date (last write): 22.07.2011 17:32:58
          Filesize:             112416
        Attributes:           archive 
               MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
             CRC32:           18200451
           Version:          6.0.260.3

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_26
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
 Date (last write): 22.07.2011 17:32:58
          Filesize:             112416
        Attributes:           archive 
               MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
             CRC32:           18200451
           Version:          6.0.260.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_26
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
       description: 
    classification: Legitimate
    known filename: npjpi150_06.dll
         info link: 
       info source: Safer Networking Ltd.
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:    npjpi160_26.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 22.07.2011 17:33:00
Date (last access): 22.07.2011 17:33:00
 Date (last write): 22.07.2011 17:33:00
          Filesize:             141088
        Attributes:           archive 
               MD5: 9210B3BC2BC4FF4F4281F7D7C294233A
             CRC32:           B23F2824
           Version:          6.0.260.3



--- Process list ---
PID:    0 (   0) [System]
PID: 3028 (1692) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
 size: 78272
  MD5: 61EEA3608B65D6750B4BE7838679C861
PID: 3324 ( 720) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
 size: 402792
  MD5: EA0547A5917CC00AA669E8303D83533F
PID: 3408 (1496) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
 size: 69560
  MD5: 385ABC29C668B9B469FAD0F7CE00094D
PID: 3544 (3408) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
 size: 176056
  MD5: 508970745C2E5749C65B86C6FBC6A710
PID: 3588 (3408) C:\Program Files\Lenovo\Zoom\TpScrex.exe
 size: 144824
  MD5: 9C4721B9D7300B0D79E46BAA25EBC56A
PID: 3604 (1496) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
 size: 62312
  MD5: FD334D8C75FA3AD04B0211E4F99BDDFD
PID: 3852 (1496) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
 size: 291896
  MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7
PID: 4044 (3776) C:\Windows\SysWOW64\rundll32.exe
 size: 44544
  MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 4060 (3776) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 size: 49976
  MD5: 3B376496187AB240FAC6ECD7BD1251F6
PID: 4084 (3776) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 size: 254696
  MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
PID: 2488 (3776) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
 size: 534880
  MD5: DA40D166282A6D3D78CE182E3E2F9B71
PID: 2776 (3776) C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 size: 688128
  MD5: 1ED7FD4B342AE1CA57969B0C01667D85
PID: 3296 (3776) C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
 size: 1694608
  MD5: D8B3EB0A5B5FDBC1609E4E2B66CE3F93
PID: 3504 (3776) C:\Program Files (x86)\iTunes\iTunesHelper.exe
 size: 152392
  MD5: A9F9D081518AC03A51C1195986076F42
PID: 3444 (3776) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 size: 347192
  MD5: 99DA1D6BB12C09D06B627AE0F1753789
PID: 1304 (3776) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
 size: 1558480
  MD5: 3FD2D921EA76F7B64D4F362612B569E1
PID: 4120 (1496) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5324 (1496) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 size: 924632
  MD5: 2DE2B92C4EFEF841CEAA9752FC8FA91F
PID: 1300 (5324) C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
 size: 16856
  MD5: D414B8313C8BFC99C438E178B35D821C
PID: 6032 (1300) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
 size: 1862024
  MD5: 18F20138A715E0677A24A0986BC9AEA2
PID: 6000 (6032) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
 size: 1862024
  MD5: 18F20138A715E0677A24A0986BC9AEA2
PID: 3380 ( 720) C:\Windows\SysWOW64\DllHost.exe
 size: 7168
  MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID:    4 (   0) System
PID:  336 (   4) smss.exe
PID:  488 ( 476) csrss.exe
PID:  536 ( 476) wininit.exe
 size: 96256
PID:  544 ( 528) csrss.exe
PID:  584 ( 536) services.exe
PID:  608 ( 536) lsass.exe
PID:  616 ( 536) lsm.exe
PID:  720 ( 584) svchost.exe
 size: 20992
PID:  764 ( 528) winlogon.exe
PID:  832 ( 584) ibmpmsvc.exe
PID:  892 ( 584) svchost.exe
 size: 20992
PID:  948 ( 584) svchost.exe
 size: 20992
PID:  996 ( 584) svchost.exe
 size: 20992
PID:  356 ( 584) svchost.exe
 size: 20992
PID:  480 ( 584) svchost.exe
 size: 20992
PID:  528 ( 948) audiodg.exe
PID: 1064 ( 584) RtkAudioService64.exe
PID: 1088 (1064) RAVBg64.exe
PID: 1104 ( 584) vpnagent.exe
PID: 1136 ( 584) svchost.exe
 size: 20992
PID: 1228 ( 996) wlanext.exe
 size: 77312
PID: 1236 ( 488) conhost.exe
PID: 1408 ( 584) spoolsv.exe
PID: 1464 ( 584) sched.exe
PID: 1588 ( 584) svchost.exe
 size: 20992
PID: 1692 ( 584) TPHKSVC.exe
PID: 1732 ( 584) AcPrfMgrSvc.exe
PID: 1800 (1692) tpnumlk.exe
PID: 1888 ( 584) apnmcp.exe
PID: 1924 ( 584) AppleMobileDeviceService.exe
PID: 1976 ( 584) ApplicationUpdater.exe
PID: 2000 ( 584) mDNSResponder.exe
PID: 2040 ( 584) EvtEng.exe
PID: 1444 ( 584) svchost.exe
 size: 20992
PID: 1008 ( 584) PresentationFontCache.exe
PID: 2228 ( 584) CamMute.exe
PID: 2252 ( 584) micmute.exe
PID: 2276 ( 584) TPKNRSVC.exe
PID: 2304 ( 584) lvvsst.exe
PID: 2384 ( 584) RegSrvc.exe
PID: 2424 ( 584) psia.exe
PID: 2532 ( 584) svchost.exe
 size: 20992
PID: 2616 ( 584) AcSvc.exe
PID: 2752 ( 584) SDWinSec.exe
PID: 2888 ( 584) C:\Windows\System32\taskhost.exe
PID: 2928 (2304) virtscrl.exe
PID: 3064 ( 996) C:\Windows\System32\dwm.exe
PID: 1496 (2968) C:\Windows\explorer.exe
 size: 2871808
  MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 2372 ( 720) unsecapp.exe
PID: 2196 ( 720) WmiPrvSE.exe
PID: 3420 (1496) C:\Windows\System32\TpShocks.exe
PID: 3456 (1496) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 size: 11049576
  MD5: 21DABCD4A7AF0F0F33CB6DD5BE640391
PID: 3520 (1496) C:\Windows\System32\hkcmd.exe
PID: 3528 (1496) C:\Windows\System32\igfxpers.exe
PID: 3596 ( 720) C:\Windows\System32\igfxsrvc.exe
PID: 3624 (2616) SvcGuiHlpr.exe
PID: 3732 (1496) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 size: 2097960
  MD5: E24810944B2EB49862D835CA5B7E6E43
PID: 3760 (1496) C:\Program Files\Windows Sidebar\sidebar.exe
 size: 1475584
  MD5: E3BF29CED96790CDAAFA981FFDDF53A3
PID: 3812 (1496) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
 size: 1079584
  MD5: AA26F685222B5F1D87CF9860D4FA2A34
PID: 4004 (3732) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 size: 146216
  MD5: 1F1E89A31CF9CDCDADA81EFAEB303948
PID: 2608 (4044) C:\Windows\System32\rundll32.exe
 size: 44544
  MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 3512 (2776) C:\Windows\Samsung\PanelMgr\caller64.exe
 size: 306688
  MD5: EC57F3164C58640D13F6F544BD5DB853
PID: 2188 ( 720) C:\Windows\System32\igfxext.exe
PID: 4932 ( 584) avguard.exe
PID: 5052 ( 584) iPodService.exe
PID: 5096 ( 584) sua.exe
PID: 1944 (4932) avshadow.exe
PID: 4772 ( 584) avwebgrd.exe
PID: 4844 ( 584) SearchIndexer.exe
 size: 427520
PID: 4700 (3732) SynTPHelper.exe
PID: 4472 ( 584) btwdins.exe
PID: 4440 ( 584) iviRegMgr.exe
PID: 3392 ( 584) NASvc.exe
PID: 4424 ( 584) SUService.exe
PID:  108 ( 584) tvt_reg_monitor_svc.exe
PID:  680 ( 584) svchost.exe
 size: 20992
PID: 4972 ( 584) wmpnetwk.exe


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 07.10.2013 21:52:09

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://lenovo.msn.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  hxxp://lenovo.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol  0: AVSDA over [MSAFD-Tcpip [TCP/IP]]
        GUID: {F8E8D1E1-492E-4AC2-B830-1E0F6BB22D23}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  1: AVSDA over [MSAFD-Tcpip [UDP/IP]]
        GUID: {B428C49F-5C05-43F8-AEED-476CA1E76595}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  2: AVSDA over [MSAFD-Tcpip [TCP/IPv6]]
        GUID: {B74A360A-37D1-4E17-B569-F71995F11424}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  3: AVSDA over [MSAFD-Tcpip [UDP/IPv6]]
        GUID: {955B220A-C24F-4BA4-8143-96C16047BD30}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  4: AVSDA over [RSVP-TCPv6-Dienstanbieter]
        GUID: {5AEBD619-6AF2-425A-89EA-66877A3E6795}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  5: AVSDA over [RSVP-TCP-Dienstanbieter]
        GUID: {4FBDE27C-B8AE-47BA-A63D-40B1E00BD42F}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  6: AVSDA over [RSVP-UDPv6-Dienstanbieter]
        GUID: {9635B786-7A00-4427-92E2-FDF25A5013F0}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  7: AVSDA over [RSVP-UDP-Dienstanbieter]
        GUID: {A413B60A-CFF5-44C8-BD4E-09D4C78A53D4}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol 19: AVSDA
        GUID: {14072000-1136-5503-4156-504F504C5350}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Namespace Provider  1: E-Mail-Namenshimanbieter
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename: 

Namespace Provider  2: PNRP-Wolken-Namespaceanbieter
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 

Namespace Provider  3: PNRP-Namen-Namespaceanbieter
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET CLR Networking
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET CLR Networking 4.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET Data Provider for Oracle
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NETFramework
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): 1394ohci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: OHCI-konformer 1394-Hostcontroller
    Image path: \SystemRoot\system32\drivers\1394ohci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ACPI
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft ACPI-Treiber
    Image path: system32\drivers\ACPI.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): AcpiPmi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ACPI-Energieanzeigetreiber
    Image path: \SystemRoot\system32\drivers\acpipmi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): AcPrfMgrSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Object name: LocalSystem
    Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    Image size: 124264
     Image MD5: 40C186D35C0E307240D6BCA399332B24
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): AcSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Object name: LocalSystem
    Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    Image size: 259432
     Image MD5: 51E12E36BDEB10C0D9DBDB1FA4914800
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 1
 Depends On services: RPCSS,winmgmt

Service (registry key): AdobeFlashPlayerUpdateSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Adobe Flash Player Update Service
   Description: Mit diesem Dienst ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes.
   Object name: LocalSystem
    Image path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Image size: 257416
     Image MD5: 24A0876D07EF356DCBC1D7A7929354AB
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): adp94xx
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): adpahci
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): adpu320
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): adsi
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): AeLookupSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
   Description: @%SystemRoot%\system32\aelupsvc.dll,-2
   Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): AFD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\afd.sys,-1000
   Description: @%systemroot%\system32\drivers\afd.sys,-1000
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): agp440
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel AGP-Bus-Filter
    Image path: \SystemRoot\system32\drivers\agp440.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ALG
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\Alg.exe,-112
   Description: @%SystemRoot%\system32\Alg.exe,-113
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): aliide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\aliide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): amdide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): AmdK8
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: AMD K8 Processor Driver
    Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): AmdPPM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: AMD Processor Driver
    Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): amdsata
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdsata.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): amdsbs
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): amdxata
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\amdxata.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): AntiVirSchedulerService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Avira Planer
   Description: Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
    Image size: 84024
     Image MD5: 3EC77A3849350B40D2D9002BA560E554
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): AntiVirService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Avira Echtzeit-Scanner
   Description: Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
    Image size: 108088
     Image MD5: 1D6D44493488923CF6E82339E189EAD6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): AntiVirWebService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Avira Browser-Schutz
   Description: Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
    Image size: 815160
     Image MD5: 6C5595EC0F009EF7D73EBBE11AA33C3D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: AntiVirService

Service (registry key): APNMCP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Ask Aktualisierungsdienst
   Description: Der Ask Aktualisierungsdienst bringt die Ask Toolbar-Software immer auf den neuesten Stand.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
    Image size: 168400
     Image MD5: D41231AECFEE88973D56AEC2EE5B962D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): AppID
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\appidsvc.dll,-102
   Description: @%systemroot%\system32\appidsvc.dll,-103
    Image path: \SystemRoot\system32\drivers\appid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: FltMgr,DisCache

Service (registry key): AppIDSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\appidsvc.dll,-100
   Description: @%systemroot%\system32\appidsvc.dll,-101
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,AppID,CryptSvc

Service (registry key): Appinfo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\appinfo.dll,-100
   Description: @%systemroot%\system32\appinfo.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Apple Mobile Device
   Description: Provides the interface to Apple mobile devices.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
    Image size: 57008
     Image MD5: 4FE5C6D40664AE07BE5105874357D2ED
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): Application Updater
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Application Updater
   Description: Automatically downloads and installs application updates.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe"
    Image size: 393112
     Image MD5: 2C6DEF132CC6CF5A9DEF7B7EB35A7756
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): arc
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\arc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): arcsas
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): AsyncMac
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32000
   Description: @%systemroot%\system32\rascfg.dll,-32000
    Image path: system32\DRIVERS\asyncmac.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): atapi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: IDE-Kanal
    Image path: system32\drivers\atapi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): AudioEndpointBuilder
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\audiosrv.dll,-204
   Description: @%SystemRoot%\System32\audiosrv.dll,-205
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay

Service (registry key): AudioSrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\audiosrv.dll,-200
   Description: @%SystemRoot%\System32\audiosrv.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): avgntflt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: avgntflt
   Description: Avira mini-filter driver
    Image path: system32\DRIVERS\avgntflt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): avipbb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: avipbb
   Description: Avira Security Enhancement Driver
    Image path: system32\DRIVERS\avipbb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): avkmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: avkmgr
   Description: Avira Manager Driver
    Image path: system32\DRIVERS\avkmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): AxInstSV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
   Description: @%SystemRoot%\system32\AxInstSV.dll,-104
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): b06bdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Broadcom NetXtreme II VBD
    Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): b57nd60a
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    Image path: system32\DRIVERS\b57nd60a.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BattC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): BDESVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\bdesvc.dll,-100
   Description: @%SystemRoot%\system32\bdesvc.dll,-101
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Beep
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Beep
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): BFE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\bfe.dll,-1001
   Description: @%SystemRoot%\system32\bfe.dll,-1002
   Object name: NT AUTHORITY\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): BITS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\qmgr.dll,-1000
   Description: @%SystemRoot%\system32\qmgr.dll,-1001
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\blbdrive.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): Bonjour Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Dienst "Bonjour"
   Description: Damit können Hardwaregeräte und Softwaredienste im Netzwerk eine automatische Selbstkonfiguration durchführen und ihre Verfügbarkeit anzeigen.
   Object name: LocalSystem
    Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
    Image size: 462184
     Image MD5: EBBCD5DFBB1DE70E8F4AF8FA59E401FD
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): bowser
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\browser.dll,-102
   Description: @%systemroot%\system32\browser.dll,-103
    Image path: system32\DRIVERS\bowser.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): BrFiltLo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother USB Mass-Storage Lower Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrFiltUp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother USB Mass-Storage Upper Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Browser
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\browser.dll,-100
   Description: @%systemroot%\system32\browser.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother MFC Serial Port Interface Driver (WDM)
    Image path: \SystemRoot\System32\Drivers\Brserid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrSerWdm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother WDM Serial driver
    Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrUsbMdm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother MFC USB Fax Only Modem
    Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrUsbSer
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother MFC USB Serial WDM Driver
    Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BthEnum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Anforderungsblocktreiber
    Image path: \SystemRoot\system32\drivers\BthEnum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BTHMODEM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth Serial Communications Driver
    Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BthPan
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Gerät (PAN)
   Description: Bluetooth-Gerät (PAN)
    Image path: system32\DRIVERS\bthpan.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BTHPORT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Porttreiber
    Image path: \SystemRoot\System32\Drivers\BTHport.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): bthserv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\bthserv.dll,-101
   Description: @%SystemRoot%\System32\bthserv.dll,-102
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): BTHUSB
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: USB-Treiber für Bluetooth-Funkgerät
    Image path: \SystemRoot\System32\Drivers\BTHUSB.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwaudio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Audiogerät
    Image path: system32\drivers\btwaudio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwavdt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth AVDT
    Image path: system32\DRIVERS\btwavdt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwdins
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth Service
   Description: Dient zum Installieren und Entfernen von Bluetooth-Geräten.
   Object name: LocalSystem
    Image path: C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    Image size: 864032
     Image MD5: D65AA164ACD0F6706DBCFBBCC9731584
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): btwl2cap
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth L2CAP Service
    Image path: system32\DRIVERS\btwl2cap.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwrchid
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\btwrchid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): cdfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: CD/DVD File System Reader
   Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
    Image path: system32\DRIVERS\cdfs.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 2
 Error Control: 1
 Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: CD-ROM-Laufwerktreiber
    Image path: \SystemRoot\system32\drivers\cdrom.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): CertPropSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\certprop.dll,-11
   Description: @%SystemRoot%\System32\certprop.dll,-12
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): circlass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Consumer IR Devices
    Image path: \SystemRoot\system32\DRIVERS\circlass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): CLFS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\clfs.sys,-100
   Description: @%SystemRoot%\system32\clfs.sys,-101
    Image path: System32\CLFS.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Image size: 66384
     Image MD5: D88040F816FDA31C3B466F0FA0918F29
   Control Set: CurrentControlSet
         Start: 4
          Type: 16
 Error Control: 0

Service (registry key): clr_optimization_v2.0.50727_64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v2.0.50727_X64
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    Image size: 89920
     Image MD5: D1CEEA2B47CB998321C579651CE3E4F8
   Control Set: CurrentControlSet
         Start: 4
          Type: 16
 Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_32
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    Image size: 130384
     Image MD5: C5A75EB48E2344ABDC162BDA79E16841
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v4.0.30319_X64
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    Image size: 138576
     Image MD5: C6F9AF94DCD58122A4D7E89DB6BED29D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): CmBatt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku
    Image path: system32\DRIVERS\CmBatt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): cmdide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\cmdide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): CNG
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\cng.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): Compbatt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Composite Battery-Treiber
    Image path: system32\DRIVERS\compbatt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): CompositeBus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Busenumeratortreiber für Verbundgeräte
    Image path: \SystemRoot\system32\drivers\CompositeBus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): COMSysApp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-947
   Description: @comres.dll,-948
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 7168
     Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Crcdisk Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 1
 Error Control: 1

Service (registry key): crypt32
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): CryptSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
   Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
   Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): DCLocator
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): DcomLaunch
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @oleres.dll,-5012
   Description: @oleres.dll,-5013
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): defragsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\defragsvc.dll,-101
   Description: @%SystemRoot%\system32\defragsvc.dll,-102
   Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): DfsC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
   Description: @%systemroot%\system32\drivers\dfsc.sys,-102
    Image path: System32\Drivers\dfsc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1
 Depends On services: Mup

Service (registry key): Dhcp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
   Description: @%SystemRoot%\system32\dhcpcore.dll,-101
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: NSI,Tdx,Afd

Service (registry key): discache
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\discache.sys,-102
   Description: @%systemroot%\system32\drivers\discache.sys,-101
    Image path: System32\drivers\discache.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): Disk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Laufwerktreiber
    Image path: system32\DRIVERS\disk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): Dnscache
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\dnsapi.dll,-101
   Description: @%SystemRoot%\System32\dnsapi.dll,-102
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: Tdx,nsi

Service (registry key): dot3svc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\dot3svc.dll,-1102
   Description: @%systemroot%\system32\dot3svc.dll,-1103
   Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): DPS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\dps.dll,-500
   Description: @%systemroot%\system32\dps.dll,-501
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): drmkaud
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Trusted Audio Drivers
    Image path: system32\drivers\drmkaud.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): DXGKrnl
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: LDDM Graphics Subsystem
   Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
    Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): EapHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\eapsvc.dll,-1
   Description: @%systemroot%\system32\eapsvc.dll,-2
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,KeyIso

Service (registry key): ebdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Broadcom NetXtreme II 10 GigE VBD
    Image path: \SystemRoot\system32\DRIVERS\evbda.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): EFS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\efssvc.dll,-100
   Description: @%SystemRoot%\system32\efssvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): ehRecvr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
   Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
   Object name: NT AUTHORITY\networkService
    Image path: %systemroot%\ehome\ehRecvr.exe
    Image size: 696832
     Image MD5: C4002B6B41975F057D98C439030CEA07
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): ehSched
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\ehome\ehsched.exe,-101
   Description: @%SystemRoot%\ehome\ehsched.exe,-102
   Object name: NT AUTHORITY\networkService
    Image path: %systemroot%\ehome\ehsched.exe
    Image size: 127488
     Image MD5: 4705E8EF9934482C5BB488CE28AFC681
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): elxstor
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ErrDev
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-Hardwarefehler-Gerätetreiber
    Image path: \SystemRoot\system32\drivers\errdev.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ESENT
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): eventlog
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
   Description: @%SystemRoot%\system32\wevtsvc.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): EventSystem
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-2450
   Description: @comres.dll,-2451
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): EvtEng
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) PROSet/Wireless Event Log
   Description: Manages the event trace messages for all the Intel® PROSet/Wireless Software components.
   Object name: LocalSystem
    Image path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    Image size: 1420560
     Image MD5: 51643EE2712D9212E1E53CA7E8D8EB4A
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): exfat
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: exFAT File System Driver
   Description: exFAT File System Driver
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): fastfat
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: FAT12/16/32 File System Driver
   Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): Fax
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\fxsresm.dll,-118
   Description: @%systemroot%\system32\fxsresm.dll,-122
   Object name: NT AUTHORITY\NetworkService
    Image path: %systemroot%\system32\fxssvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler

Service (registry key): fdc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Floppy Disk Controller Driver
    Image path: \SystemRoot\system32\DRIVERS\fdc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): fdPHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\fdPHost.dll,-100
   Description: @%systemroot%\system32\fdPHost.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,http

Service (registry key): FDResPub
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\fdrespub.dll,-100
   Description: @%systemroot%\system32\fdrespub.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,http

Service (registry key): FileInfo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
   Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
    Image path: system32\drivers\fileinfo.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 2
 Error Control: 1
 Depends On services: fltmgr

Service (registry key): Filetrace
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
   Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
    Image path: system32\drivers\filetrace.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): flpydisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Floppy Disk Driver
    Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): FltMgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
   Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    Image path: system32\drivers\fltmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 2
 Error Control: 3

Service (registry key): FontCache
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\FntCache.dll,-100
   Description: @%systemroot%\system32\FntCache.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): FontCache3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
   Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
   Object name: NT Authority\LocalService
    Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    Image size: 42856
     Image MD5: A8B7F3818AB65695E3A0BB3279F6DCE6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): FsDepends
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
   Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
    Image path: System32\drivers\FsDepends.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 3
 Depends On services: fltmgr

Service (registry key): Fs_Rec
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 8
 Error Control: 0

Service (registry key): fvevol
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
   Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
    Image path: System32\DRIVERS\fvevol.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): gagp30kx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
    Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): GEARAspiWDM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: GEAR ASPI Filter Driver
    Image path: system32\DRIVERS\GEARAspiWDM.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): gpsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @gpapi.dll,-112
   Description: @gpapi.dll,-113
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,Mup

Service (registry key): gusvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Google Updater Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
    Image size: 136120
     Image MD5: C1B577B2169900F4CF7190C39F085794
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): hcw85cir
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Hauppauge Consumer Infrared Receiver
    Image path: \SystemRoot\system32\drivers\hcw85cir.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HdAudAddService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst
    Image path: \SystemRoot\system32\drivers\HdAudio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HDAudBus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-UAA-Bustreiber für High Definition Audio
    Image path: \SystemRoot\system32\drivers\HDAudBus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HidBatt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: HID UPS Battery Driver
    Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HidBth
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Bluetooth HID Miniport
    Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): HidIr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Infrared HID Driver
    Image path: \SystemRoot\system32\DRIVERS\hidir.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): hidserv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\hidserv.dll,-101
   Description: @%SystemRoot%\System32\hidserv.dll,-102
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): HidUsb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft HID Class-Treiber
    Image path: \SystemRoot\system32\drivers\hidusb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): hkmsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\kmsvc.dll,-6
   Description: @%SystemRoot%\system32\kmsvc.dll,-7
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): HomeGroupListener
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\ListSvc.dll,-100
   Description: @%SystemRoot%\System32\ListSvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: LanmanServer

Service (registry key): HomeGroupProvider
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\provsvc.dll,-100
   Description: @%SystemRoot%\System32\provsvc.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: netprofm,fdrespub,fdphost

Service (registry key): HpSAMD
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\HpSAMD.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HTTP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\http.sys,-1
   Description: @%SystemRoot%\system32\drivers\http.sys,-2
    Image path: system32\drivers\HTTP.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): hwpolicy
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
   Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
    Image path: System32\drivers\hwpolicy.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): i8042prt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: i8042-Tastatur- und PS/2-Mausanschluss-Treiber
    Image path: \SystemRoot\system32\drivers\i8042prt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ialm
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): iaStor
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel AHCI Controller
    Image path: system32\DRIVERS\iaStor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): iaStorV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel RAID-Controller Windows 7
    Image path: \SystemRoot\system32\drivers\iaStorV.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IBMPMDRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\ibmpmdrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): IBMPMSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ThinkPad PM Service
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\ibmpmsvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0

Service (registry key): IDriverT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: InstallDriver Table Manager
   Description: Provides support for the Running Object Table for InstallShield Drivers
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
    Image size: 69632
     Image MD5: DAF66902F08796F9C694901660E5A64A
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0

Service (registry key): idsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
   Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
   Object name: LocalSystem
    Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
    Image size: 856400
     Image MD5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): igfx
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\igdkmd64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): iirsp
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IKEEXT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\ikeext.dll,-501
   Description: @%SystemRoot%\system32\ikeext.dll,-502
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: BFE

Service (registry key): inetaccs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): IntcAzAudAddService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Service for Realtek HD Audio (WDM)
    Image path: system32\drivers\RTKVHD64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IntcHdmiAddService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) High Definition Audio HDMI
    Image path: system32\drivers\IntcHdmi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): intelide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\intelide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): intelppm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel-Prozessortreiber
    Image path: system32\DRIVERS\intelppm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IPBusEnum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\IPBusEnum.dll,-102
   Description: @%systemroot%\system32\IPBusEnum.dll,-103
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32013
   Description: @%systemroot%\system32\rascfg.dll,-32013
    Image path: system32\DRIVERS\ipfltdrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): iphlpsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
   Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IPMIDRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IPNAT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: IP Network Address Translator
    Image path: System32\drivers\ipnat.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): iPod Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: iPod-Dienst
   Description: iPod-Hardwareverwaltungsdienste
   Object name: LocalSystem
    Image path: "C:\Program Files\iPod\bin\iPodService.exe"
    Image size: 641352
     Image MD5: 0FF335D687C85097725A53458160E81E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): IRENUM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
   Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
    Image path: system32\drivers\irenum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): isapnp
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\isapnp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): iScsiPrt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: iScsiPort-Treiber
    Image path: \SystemRoot\system32\drivers\msiscsi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IviRegMgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: IviRegMgr
   Description: InterVideo Register Manager
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
    Image size: 112152
     Image MD5: 213822072085B5BBAD9AF30AB577D817
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): JMCR
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\jmcr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): kbdclass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Tastaturklassentreiber
    Image path: \SystemRoot\system32\drivers\kbdclass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): kbdhid
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Tastatur-HID-Treiber
    Image path: \SystemRoot\system32\drivers\kbdhid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): KeyIso
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @keyiso.dll,-100
   Description: @keyiso.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): KSecDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\ksecdd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): KSecPkg
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\ksecpkg.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): ksthunk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Kernel Streaming Thunks
    Image path: \SystemRoot\system32\drivers\ksthunk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): KtmRm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-2946
   Description: @comres.dll,-2947
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\srvsvc.dll,-100
   Description: @%systemroot%\system32\srvsvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-100
   Description: @%systemroot%\system32\wkssvc.dll,-101
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): LENOVO.CAMMUTE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Camera Mute
   Object name: LocalSystem
    Image path: C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    Image size: 50536
     Image MD5: CAB9C6C37FD0F9612B269349116504B6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): LENOVO.MICMUTE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Microphone Mute
   Object name: LocalSystem
    Image path: C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    Image size: 45496
     Image MD5: C88EB33793420A79F601FB5E33E2EDD9
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
 Depends On services: TPHKSVC

Service (registry key): lenovo.smi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo System Interface Driver
    Image path: system32\DRIVERS\smiifx64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): LENOVO.TPKNRSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Keyboard Noise Reduction
   Object name: LocalSystem
    Image path: C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    Image size: 74088
     Image MD5: 04B5F7F44CCB2FAB615C67ED0E6C8323
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
         
__________________

Alt 09.10.2013, 06:39   #4
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



und hier noch Teil 2 des Logs (wird vom System als zu groß angesehen):

Code:
ATTFilter
Service (registry key): Lenovo.VIRTSCRLSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Auto Scroll
   Object name: LocalSystem
    Image path: C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    Image size: 93032
     Image MD5: 6F2CC57EB5836D2AC9BD37F3554D55F8
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): lltdio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Link-Layer Topology Discovery Mapper I/O Driver
    Image path: system32\DRIVERS\lltdio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): lltdsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\lltdres.dll,-1
   Description: @%SystemRoot%\system32\lltdres.dll,-2
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss,lltdio

Service (registry key): lmhosts
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
   Description: @%SystemRoot%\system32\lmhsvc.dll,-102
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: NetBT,Afd

Service (registry key): Lsa
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): LSI_FC
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): LSI_SAS
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): LSI_SAS2
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): LSI_SCSI
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): luafv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\luafv.sys,-100
   Description: @%systemroot%\system32\drivers\luafv.sys,-101
    Image path: \SystemRoot\system32\drivers\luafv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): Mcx2Svc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\ehome\ehres.dll,-15501
   Description: @%SystemRoot%\ehome\ehres.dll,-15502
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1
 Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\megasas.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MegaSR
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Microsoft SharePoint Workspace Audit Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft SharePoint Workspace Audit Service
   Object name: NT AUTHORITY\LocalService
    Image path: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
    Image size: 50899608
     Image MD5: 358DBCEAED372DD6C4C61AE8E5CAD195
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): MMCSS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\mmcss.dll,-100
   Description: @%systemroot%\system32\mmcss.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): Modem
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\modem.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): monitor
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Monitor-Klassenfunktionstreiber-Dienst
    Image path: system32\DRIVERS\monitor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): mouclass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Mausklassentreiber
    Image path: \SystemRoot\system32\drivers\mouclass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): mouhid
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Maus-HID-Treiber
    Image path: system32\DRIVERS\mouhid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): mountmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
   Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
    Image path: System32\drivers\mountmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): mpio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Multipfad-Bustreiber
    Image path: \SystemRoot\system32\drivers\mpio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): mpsdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
   Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
    Image path: System32\drivers\mpsdrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MpsSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
   Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: mpsdrv,bfe

Service (registry key): MRxDAV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\webclnt.dll,-104
   Description: @%systemroot%\system32\webclnt.dll,-105
    Image path: \SystemRoot\system32\drivers\mrxdav.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: rdbss

Service (registry key): mrxsmb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1002
   Description: @%systemroot%\system32\wkssvc.dll,-1003
    Image path: system32\DRIVERS\mrxsmb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: rdbss

Service (registry key): mrxsmb10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1004
   Description: @%systemroot%\system32\wkssvc.dll,-1005
    Image path: system32\DRIVERS\mrxsmb10.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: mrxsmb

Service (registry key): mrxsmb20
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1006
   Description: @%systemroot%\system32\wkssvc.dll,-1007
    Image path: system32\DRIVERS\mrxsmb20.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: mrxsmb

Service (registry key): msahci
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\msahci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): msdsm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Multipfadgeräte-spezifisches Modul
    Image path: \SystemRoot\system32\drivers\msdsm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSDTC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-2797
   Description: @comres.dll,-2798
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\msdtc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): MSDTC Bridge 4.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): Msfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1

Service (registry key): mshidkmdf
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
   Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
    Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): msisadrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\msisadrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): MSiSCSI
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
   Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): msiserver
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\msimsg.dll,-27
   Description: @%SystemRoot%\system32\msimsg.dll,-32
   Object name: LocalSystem
    Image path: %systemroot%\system32\msiexec.exe /V
    Image size: 73216
     Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: rpcss

Service (registry key): MSKSSRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Streaming Service Proxy
    Image path: system32\drivers\MSKSSRV.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSPCLOCK
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Proxy für Streaming Clock
    Image path: system32\drivers\MSPCLOCK.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSPQM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Proxy für Streaming Quality Manager
    Image path: system32\drivers\MSPQM.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MsRPC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSSCNTRS
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): mssmbios
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-Systemverwaltungs-BIOS-Treiber
    Image path: \SystemRoot\system32\drivers\mssmbios.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): MSTEE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung
    Image path: system32\drivers\MSTEE.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MTConfig
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Input Configuration Driver
    Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Mup
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\mup.sys,-101
   Description: @%systemroot%\system32\drivers\mup.sys,-102
    Image path: System32\Drivers\mup.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 2
 Error Control: 1

Service (registry key): napagent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\qagentrt.dll,-6
   Description: @%SystemRoot%\system32\qagentrt.dll,-7
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): NativeWifiP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NativeWiFi Filter
    Image path: system32\DRIVERS\nwifi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NAUpdate
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200
   Description: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-201
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
    Image size: 687400
     Image MD5: 934BB0D23A25C8C136570800A5A149B6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): NDIS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
   Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
    Image path: system32\drivers\ndis.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): NdisCap
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NDIS Capture LightWeight Filter
   Description: NDIS Capture LightWeight Filter
    Image path: system32\DRIVERS\ndiscap.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NdisTapi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32001
   Description: @%systemroot%\system32\rascfg.dll,-32001
    Image path: system32\DRIVERS\ndistapi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Ndisuio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NDIS Usermode I/O Protocol
    Image path: system32\DRIVERS\ndisuio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NdisWan
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32002
   Description: @%systemroot%\system32\rascfg.dll,-32002
    Image path: system32\DRIVERS\ndiswan.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NDProxy
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NetBIOS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NetBIOS Interface
   Description: NetBIOS Interface
    Image path: system32\DRIVERS\netbios.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1

Service (registry key): NetBT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
   Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
    Image path: System32\DRIVERS\netbt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1
 Depends On services: Tdx,tcpip

Service (registry key): Netlogon
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\netlogon.dll,-102
   Description: @%SystemRoot%\System32\netlogon.dll,-103
   Object name: LocalSystem
    Image path: %systemroot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: LanmanWorkstation

Service (registry key): Netman
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\netman.dll,-109
   Description: @%SystemRoot%\system32\netman.dll,-110
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,nsi

Service (registry key): netprofm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\netprofm.dll,-202
   Description: @%SystemRoot%\system32\netprofm.dll,-203
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
   Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
   Object name: NT AUTHORITY\LocalService
    Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
    Image size: 116560
     Image MD5: 3E5A36127E201DDF663176B66828FAFE
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1

Service (registry key): NETw5s64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit
    Image path: system32\DRIVERS\NETw5s64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): netw5v64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
    Image path: system32\DRIVERS\netw5v64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): nfrd960
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NlaSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\nlasvc.dll,-1
   Description: @%SystemRoot%\System32\nlasvc.dll,-2
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: NSI,RpcSs,TcpIp

Service (registry key): Npfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1

Service (registry key): nsi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\nsisvc.dll,-200
   Description: @%SystemRoot%\system32\nsisvc.dll,-201
   Object name: NT Authority\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: nsiproxy

Service (registry key): nsiproxy
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
   Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
    Image path: system32\drivers\nsiproxy.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): NTDS
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): Ntfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): Null
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): nvraid
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\nvraid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): nvstor
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\nvstor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): nv_agp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NVIDIA nForce AGP-Busfilter
    Image path: \SystemRoot\system32\drivers\nv_agp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ohci1394
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: OHCI-konformer 1394-Hostcontroller (alt)
    Image path: \SystemRoot\system32\drivers\ohci1394.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ose64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Office 64 Source Engine
   Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist zum Herunterladen von Setup-Updates und Watson-Fehlerberichten erforderlich.
   Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    Image size: 174440
     Image MD5: 4965B005492CBA7719E82B71E3245495
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): osppsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Office Software Protection Platform
   Description: Office Software Protection Platform Service (unlocalized description)
   Object name: NT AUTHORITY\NetworkService
    Image path: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
    Image size: 4925184
     Image MD5: 61BFFB5F57AD12F83AB64B7181829B34
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): Outlook
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): p2pimsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
   Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): p2psvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
   Description: @%SystemRoot%\system32\p2psvc.dll,-8007
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Parallel port driver
    Image path: \SystemRoot\system32\DRIVERS\parport.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): partmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
   Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
    Image path: System32\drivers\partmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): PcaSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pcasvc.dll,-1
   Description: @%SystemRoot%\system32\pcasvc.dll,-2
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): PCDSRVC{127174DC-C366ED8B-06020101}_0
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver
    Image path: \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): pci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PCI-Bus-Treiber
    Image path: system32\drivers\pci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): pciide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\pciide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): pcmcia
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): pcw
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Performance Counters for Windows Driver
    Image path: System32\drivers\pcw.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): PEAUTH
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PEAUTH
    Image path: system32\drivers\peauth.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): PerfDisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): PerfHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\sysWow64\perfhost.exe,-2
   Description: @%systemroot%\SysWow64\perfhost.exe,-1
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\SysWow64\perfhost.exe
    Image size: 20992
     Image MD5: E495E408C93141E8FC72DC0C6046DDFA
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): PerfNet
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): PerfOS
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): PerfProc
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): pla
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\pla.dll,-500
   Description: @%systemroot%\system32\pla.dll,-501
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): PlugPlay
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
   Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): PNRPAutoReg
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
   Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: pnrpsvc

Service (registry key): PNRPsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
   Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: p2pimsvc

Service (registry key): PolicyAgent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\polstore.dll,-5010
   Description: @%SystemRoot%\system32\polstore.dll,-5011
   Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: Tcpip,bfe

Service (registry key): PortProxy
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): Power
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\umpo.dll,-100
   Description: @%SystemRoot%\system32\umpo.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): Power Manager DBC Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Power Manager DBC Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
    Image size: 75112
     Image MD5: BAC02775CF629E5FE80BEA952F4448EF
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: SENS

Service (registry key): PptpMiniport
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32006
   Description: @%systemroot%\system32\rascfg.dll,-32006
    Image path: system32\DRIVERS\raspptp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Processor
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Processor Driver
    Image path: \SystemRoot\system32\DRIVERS\processr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ProfSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\profsvc.dll,-300
   Description: @%systemroot%\system32\profsvc.dll,-301
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): ProtectedStorage
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\psbase.dll,-300
   Description: @%systemroot%\system32\psbase.dll,-301
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): psadd
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Parties Service Access Device Driver
    Image path: system32\DRIVERS\psadd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Psched
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
   Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
    Image path: system32\DRIVERS\pacer.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): PSI
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PSI
   Description: PSI mini-filter driver
    Image path: system32\DRIVERS\psi_mf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): PxHlpa64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PxHlpa64
    Image path: System32\Drivers\PxHlpa64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): ql2300
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ql40xx
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): QWAVE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\qwave.dll,-1
   Description: @%SystemRoot%\system32\qwave.dll,-2
   Object name: NT AUTHORITY\LocalService
    Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
   Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
    Image path: \SystemRoot\system32\drivers\qwavedrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasAcd
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Remote Access Auto Connection Driver
   Description: Remote Access Auto Connection Driver
    Image path: System32\DRIVERS\rasacd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasAgileVpn
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WAN Miniport (IKEv2)
   Description: WAN Miniport (IKEv2)
    Image path: system32\DRIVERS\AgileVpn.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasAuto
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\rasauto.dll,-200
   Description: @%Systemroot%\system32\rasauto.dll,-201
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RasMan,TapiSrv,RasAcd

Service (registry key): Rasl2tp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32005
   Description: @%systemroot%\system32\rascfg.dll,-32005
    Image path: system32\DRIVERS\rasl2tp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasMan
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\rasmans.dll,-200
   Description: @%Systemroot%\system32\rasmans.dll,-201
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32007
   Description: @%systemroot%\system32\rascfg.dll,-32007
    Image path: system32\DRIVERS\raspppoe.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasSstp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\sstpsvc.dll,-202
   Description: @%systemroot%\system32\sstpsvc.dll,-202
    Image path: system32\DRIVERS\rassstp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): rdbss
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1000
   Description: @%systemroot%\system32\wkssvc.dll,-1001
    Image path: system32\DRIVERS\rdbss.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1
 Depends On services: Mup

Service (registry key): rdpbus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Remote Desktop Device Redirector Bus Driver
    Image path: \SystemRoot\system32\DRIVERS\rdpbus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RDPCDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
   Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
    Image path: System32\DRIVERS\RDPCDD.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): RDPDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): RDPENCDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
   Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
    Image path: system32\drivers\rdpencdd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): RDPNP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drprov.dll,-100
   Description: @%systemroot%\system32\drprov.dll,-101
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): RDPREFMP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
   Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
    Image path: system32\drivers\rdprefmp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): RDPWD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: RDP Winstation Driver
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): rdyboost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ReadyBoost
   Description: ReadyBoost
    Image path: System32\drivers\rdyboost.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): RegSrvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) PROSet/Wireless Registry Service
   Description: Provides registry access to all Intel® PROSet/Wireless Software components
   Object name: LocalSystem
    Image path: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    Image size: 831760
     Image MD5: 3B71B5B91E7DCA93585D5A86C897ADC4
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): RemoteAccess
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\mprdim.dll,-200
   Description: @%Systemroot%\system32\mprdim.dll,-201
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1
 Depends On services: RpcSS,Bfe,RasMan,Http
 Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @regsvc.dll,-1
   Description: @regsvc.dll,-2
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k regsvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): RFCOMM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
   Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
    Image path: system32\DRIVERS\rfcomm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Roxio UPnP Renderer 10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Roxio UPnP Renderer 10
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe"
    Image size: 313840
     Image MD5: 14A99FD851272C73B758546EF8F0E641
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 0

Service (registry key): Roxio Upnp Server 10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Roxio Upnp Server 10
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe"
    Image size: 362992
     Image MD5: BA917F2F2BD5033E70823797C73CDFCB
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0

Service (registry key): RoxLiveShare10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: LiveShare P2P Server 10
   Description: Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe"
    Image size: 309744
     Image MD5: 8986D20CF294D794A79FB18FF697B68B
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): RoxMediaDB10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: RoxMediaDB10
   Description: Roxio RoxMediaDB10 Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
    Image size: 1124848
     Image MD5: D8C44229EB2495E774350529ED9BE08D
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 0

Service (registry key): RoxWatch10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Roxio Hard Drive Watcher 10
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe"
    Image size: 166384
     Image MD5: 53716357F4B3C99112CF0A21932C5688
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0

Service (registry key): RpcEptMapper
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%windir%\system32\RpcEpMap.dll,-1001
   Description: @%windir%\system32\RpcEpMap.dll,-1002
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): RpcLocator
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\Locator.exe,-2
   Description: @%systemroot%\system32\Locator.exe,-3
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\locator.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): RpcSs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @oleres.dll,-5010
   Description: @oleres.dll,-5011
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k rpcss
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcEptMapper,DcomLaunch

Service (registry key): rspndr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Link-Layer Topology Discovery Responder
    Image path: system32\DRIVERS\rspndr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): RtkAudioService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Realtek Audio Service
   Description: To check external HDMI device availability, HDMI device audio capability and update HDMI device capability into audio control panel
   Object name: LocalSystem
    Image path: C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    Image size: 199272
     Image MD5: 24452CCCC3808B5AB0341A384BB72200
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): RTL8167
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Realtek 8167 NT Driver
    Image path: system32\DRIVERS\Rt64win7.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SamSs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\samsrv.dll,-1
   Description: @%SystemRoot%\system32\samsrv.dll,-2
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): sbp2port
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bustreiber für SBP2-Transport/Protokoll
    Image path: \SystemRoot\system32\drivers\sbp2port.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SBSDWSCService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SBSD Security Center Service
   Object name: LocalSystem
    Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    Image size: 1153368
     Image MD5: 794D4B48DFB6E999537C7C3947863463
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: wscsvc

Service (registry key): SCardSvr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
   Description: @%SystemRoot%\System32\SCardSvr.dll,-5
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay

Service (registry key): scfilter
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
   Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
    Image path: System32\DRIVERS\scfilter.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Schedule
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\schedsvc.dll,-100
   Description: @%SystemRoot%\system32\schedsvc.dll,-101
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\certprop.dll,-13
   Description: @%SystemRoot%\System32\certprop.dll,-14
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): sdbus
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\sdbus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SDRSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
   Description: @%SystemRoot%\system32\sdrsvc.dll,-102
   Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): secdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Security Driver
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): seclogon
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\seclogon.dll,-7001
   Description: @%SystemRoot%\system32\seclogon.dll,-7000
   Object name: LocalSystem
    Image path: %windir%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Secunia PSI Agent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Secunia PSI Agent
   Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
    Image size: 993848
     Image MD5: 2D0599DD0124764FC939C59985C860DE
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): Secunia Update Agent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Secunia Update Agent
   Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
    Image size: 399416
     Image MD5: 20B9E1ADBC58958B480933E4DA005DFB
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): SENS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\Sens.dll,-200
   Description: @%SystemRoot%\system32\Sens.dll,-201
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: EventSystem

Service (registry key): SensrSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000
   Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Serenum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Serenum Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\serenum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Serial
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\serial.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): sermouse
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Serial Mouse Driver
    Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): SessionEnv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
   Description: @%SystemRoot%\System32\SessEnv.dll,-1027
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SFF-Speicherklassentreiber
    Image path: \SystemRoot\system32\drivers\sffdisk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): sffp_mmc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SFF-Speicherprotokolltreiber für MMC
    Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): sffp_sd
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SFF-Speicherprotokolltreiber für SDBus
    Image path: \SystemRoot\system32\drivers\sffp_sd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): sfloppy
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: High-Capacity Floppy Disk Drive
    Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SharedAccess
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
   Description: @%SystemRoot%\system32\ipnathlp.dll,-107
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1
 Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
   Description: @%SystemRoot%\System32\shsvcs.dll,-12289
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 0
 Depends On services: RpcSs

Service (registry key): Shockprf
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\Apsx64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): SiSRaid2
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SiSRaid4
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SkypeUpdate
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Skype Updater
   Description: Enables the detection, download and installation of updates for Skype.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
    Image size: 160944
     Image MD5: F07AF60B152221472FBDB2FECEC4896D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
 Depends On services: RpcSs

Service (registry key): Smb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
   Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
    Image path: system32\DRIVERS\smb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): SMSvcHost 4.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): SNMPTRAP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\snmptrap.exe,-3
   Description: @%SystemRoot%\system32\snmptrap.exe,-4
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\snmptrap.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): spldr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Security Processor Loader Driver
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): Spooler
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\spoolsv.exe,-1
   Description: @%systemroot%\system32\spoolsv.exe,-2
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\spoolsv.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 1
 Depends On services: RPCSS,http

Service (registry key): sppsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sppsvc.exe,-101
   Description: @%SystemRoot%\system32\sppsvc.exe,-100
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\sppsvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): sppuinotify
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
   Description: @%SystemRoot%\system32\sppuinotify.dll,-102
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: EventSystem

Service (registry key): srv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\srvsvc.dll,-102
   Description: @%systemroot%\system32\srvsvc.dll,-103
    Image path: System32\DRIVERS\srv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: srv2

Service (registry key): srv2
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\srvsvc.dll,-104
   Description: @%systemroot%\system32\srvsvc.dll,-105
    Image path: System32\DRIVERS\srv2.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: srvnet

Service (registry key): SrvHsfHDA
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\VSTAZL6.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): SrvHsfV92
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\VSTDPV6.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): SrvHsfWinac
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\VSTCNXT6.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): srvnet
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\srvnet.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): SSDPSRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\ssdpsrv.dll,-100
   Description: @%systemroot%\system32\ssdpsrv.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: HTTP

Service (registry key): SSPORT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SSPORT
    Image path: \??\C:\Windows\system32\Drivers\SSPORT.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): SstpSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
   Description: @%SystemRoot%\system32\sstpsvc.dll,-201
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): stexstor
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): stisvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wiaservc.dll,-9
   Description: @%SystemRoot%\system32\wiaservc.dll,-10
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RpcSs,ShellHWDetection

Service (registry key): stllssvr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: stllssvr
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
    Image size: 74392
     Image MD5: FF5EB78AF7DFB68C2FB363537AAF753E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0

Service (registry key): SUService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: System Update
   Description: ThinkVantage System Update
   Object name: LocalSystem
    Image path: "c:\Program Files (x86)\Lenovo\System Update\SUService.exe"
    Image size: 28672
     Image MD5: 7F7958C5B40F9441D1E8D704310D46FF
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: winmgmt

Service (registry key): swenum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Software-Bus-Treiber
    Image path: \SystemRoot\system32\drivers\swenum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): swprv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\swprv.dll,-103
   Description: @%SystemRoot%\System32\swprv.dll,-102
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k swprv
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): SynTP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Synaptics TouchPad Driver
    Image path: system32\DRIVERS\SynTP.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SysMain
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sysmain.dll,-1000
   Description: @%SystemRoot%\system32\sysmain.dll,-1001
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 0
 Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\TabSvc.dll,-100
   Description: @%SystemRoot%\system32\TabSvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
   Description: @%SystemRoot%\system32\tapisrv.dll,-10101
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tbssvc.dll,-100
   Description: @%SystemRoot%\system32\tbssvc.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Tcpip
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
   Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
    Image path: System32\drivers\tcpip.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): TCPIP6
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft IPv6 Protocol Driver
   Description: Microsoft IPv6 Protocol Driver
    Image path: system32\DRIVERS\tcpip.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): TCPIP6TUNNEL
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): tcpipreg
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TCP/IP Registry Compatibility
   Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
    Image path: System32\drivers\tcpipreg.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1
 Depends On services: tcpip

Service (registry key): TCPIPTUNNEL
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): TDPIPE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TDPIPE
    Image path: system32\drivers\tdpipe.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): TDTCP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TDTCP
    Image path: system32\drivers\tdtcp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): tdx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
   Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
    Image path: system32\DRIVERS\tdx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): TermDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Terminal-Gerätetreiber
    Image path: \SystemRoot\system32\drivers\termdd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): TermService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\termsrv.dll,-268
   Description: @%SystemRoot%\System32\termsrv.dll,-267
   Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,TermDD

Service (registry key): Themes
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\themeservice.dll,-8192
   Description: @%SystemRoot%\System32\themeservice.dll,-8193
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): ThinkVantage Registry Monitor Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ThinkVantage Registry Monitor Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe"
    Image size: 1019904
     Image MD5: 39AC444E07FDBD8C2E8E291A65D515D3
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): THREADORDER
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\mmcss.dll,-102
   Description: @%systemroot%\system32\mmcss.dll,-103
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): TPDIGIMN
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Description: APS Digitizer Activity Monitor
    Image path: System32\DRIVERS\ApsHM64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): TPHDEXLGSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ThinkPad HDD APS Logging Service
   Object name: LocalSystem
    Image path: System32\TPHDEXLG64.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): TPHKSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Anzeige am Bildschirm
   Object name: LocalSystem
    Image path: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    Image size: 63928
     Image MD5: 2CF225E19490F499528B926263FE4554
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): TPM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TPM
   Description: TPM Driver
    Image path: system32\drivers\tpm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): TPPWRIF
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\drivers\Tppwr64v.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): TrkWks
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\trkwks.dll,-1
   Description: @%SystemRoot%\system32\trkwks.dll,-2
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): TrustedInstaller
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
   Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
   Object name: localSystem
    Image path: %SystemRoot%\servicing\TrustedInstaller.exe
    Image size: 194048
     Image MD5: 773212B2AAA24C1E31F10246B15B276C
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): TSDDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): tssecsrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
   Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
    Image path: System32\DRIVERS\tssecsrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): TsUsbFlt
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
    Image path: system32\drivers\tsusbflt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): tunnel
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-Tunnelminiport-Adaptertreiber
    Image path: system32\DRIVERS\tunnel.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): TVT Backup Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TVT Backup Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe"
    Image size: 1475896
     Image MD5: 003AFB1490828615B041849ABB40EAA1
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 0

Service (registry key): uagp35
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft AGPv3.5 Filter
    Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): udfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: udfs
   Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
    Image path: system32\DRIVERS\udfs.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 2
 Error Control: 1

Service (registry key): UGatherer
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): UGTHRSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): UI0Detect
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\ui0detect.exe,-101
   Description: @%SystemRoot%\system32\ui0detect.exe,-102
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\UI0Detect.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 1

Service (registry key): uliagpkx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Uli AGP-Bus-Filter
    Image path: \SystemRoot\system32\drivers\uliagpkx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): umbus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: UMBusenumerator-Treiber
    Image path: \SystemRoot\system32\drivers\umbus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): UmPass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft UMPass Driver
    Image path: \SystemRoot\system32\DRIVERS\umpass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): upnphost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\upnphost.dll,-213
   Description: @%systemroot%\system32\upnphost.dll,-214
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: SSDPSRV,HTTP

Service (registry key): USBAAPL64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Apple Mobile USB Driver
    Image path: System32\Drivers\usbaapl64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbccgp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Standard-USB-Haupttreiber
    Image path: system32\DRIVERS\usbccgp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbcir
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: eHome-Infrarotempfänger (USBCIR)
    Image path: \SystemRoot\system32\drivers\usbcir.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbehci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller
    Image path: system32\DRIVERS\usbehci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbhub
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft USB-Standardhubtreiber
    Image path: system32\DRIVERS\usbhub.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbohci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Miniporttreiber für Microsoft USB Open Host-Controller
    Image path: \SystemRoot\system32\drivers\usbohci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbprint
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft USB-Druckerklasse
    Image path: system32\DRIVERS\usbprint.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): USBSTOR
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: USB-Massenspeichertreiber
    Image path: system32\DRIVERS\USBSTOR.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbuhci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Miniporttreiber für universellen Microsoft USB-Hostcontroller
    Image path: system32\DRIVERS\usbuhci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbvideo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: USB-Videogerät (WDM)
    Image path: \SystemRoot\System32\Drivers\usbvideo.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): UxSms
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\dwm.exe,-2000
   Description: @%SystemRoot%\system32\dwm.exe,-2001
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): VaultSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
   Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): vdrvroot
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Enumerator-Treiber für Microsoft Virtual Drive
    Image path: system32\drivers\vdrvroot.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): vds
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\vds.exe,-100
   Description: @%SystemRoot%\system32\vds.exe,-112
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\vds.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs,PlugPlay

Service (registry key): vga
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\vgapnp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): VgaSave
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\System32\drivers\vga.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): vhdmp
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\vhdmp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): viaide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\viaide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): volmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Treiber für Volume-Manager
    Image path: system32\drivers\volmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): volmgrx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
   Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
    Image path: System32\drivers\volmgrx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): volsnap
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Speichervolumes
    Image path: system32\drivers\volsnap.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): vpnagent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Cisco AnyConnect VPN Agent
   Description: Cisco AnyConnect VPN Agent for Windows
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
    Image size: 603896
     Image MD5: 34756733F0480D68E519E80E22E05D12
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): vpnva
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Image path: system32\DRIVERS\vpnva64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): vsmraid
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): VSS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\vssvc.exe,-102
   Description: @%systemroot%\system32\vssvc.exe,-101
   Object name: LocalSystem
    Image path: %systemroot%\system32\vssvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): vwifibus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Virtueller WiFi-Bustreiber
   Description: Virtueller WiFi-Bustreiber
    Image path: system32\DRIVERS\vwifibus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): vwififlt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Virtual WiFi Filter Driver
   Description: Virtual WiFi Filter Driver
    Image path: system32\DRIVERS\vwififlt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): W32Time
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\w32time.dll,-200
   Description: @%SystemRoot%\system32\w32time.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): W3SVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): WacomPen
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Wacom Serial Pen HID Driver
    Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): WANARP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32011
   Description: @%systemroot%\system32\rascfg.dll,-32011
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Wanarpv6
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32012
   Description: @%systemroot%\system32\rascfg.dll,-32012
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): wbengine
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wbengine.exe,-104
   Description: @%systemroot%\system32\wbengine.exe,-105
   Object name: localSystem
    Image path: "%systemroot%\system32\wbengine.exe"
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): WbioSrvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wbiosrvc.dll,-100
   Description: @%systemroot%\system32\wbiosrvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,VaultSvc,WUDFSvc

Service (registry key): wcncsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
   Description: @%SystemRoot%\system32\wcncsvc.dll,-4
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): WcsPlugInService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
   Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): Wd
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\wd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Wdf01000
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
    Image path: system32\drivers\Wdf01000.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): WdiServiceHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wdi.dll,-502
   Description: @%systemroot%\system32\wdi.dll,-503
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): WdiSystemHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wdi.dll,-500
   Description: @%systemroot%\system32\wdi.dll,-501
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): WebClient
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\webclnt.dll,-100
   Description: @%systemroot%\system32\webclnt.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: MRxDAV

Service (registry key): Wecsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wecsvc.dll,-200
   Description: @%SystemRoot%\system32\wecsvc.dll,-201
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: HTTP,Eventlog

Service (registry key): wercplsupport
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
   Description: @%SystemRoot%\System32\wercplsupport.dll,-100
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): WerSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wersvc.dll,-100
   Description: @%SystemRoot%\System32\wersvc.dll,-101
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 0

Service (registry key): WfpLwf
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WFP Lightweight Filter
   Description: WFP Lightweight Filter
    Image path: system32\DRIVERS\wfplwf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): WIMMount
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WIMMount
   Description: WIM Image mount service driver
    Image path: system32\drivers\wimmount.sys
    Image size: 19008
     Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): WinDefend
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
   Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): WinHttpAutoProxySvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\winhttp.dll,-100
   Description: @%SystemRoot%\system32\winhttp.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: Dhcp

Service (registry key): Winmgmt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
   Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
   Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): WinRM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\wsmsvc.dll,-101
   Description: @%Systemroot%\system32\wsmsvc.dll,-102
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,HTTP

Service (registry key): Winsock
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 4
 Error Control: 1

Service (registry key): WinSock2
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): WinUsb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WinUsb
    Image path: system32\DRIVERS\WinUsb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Wlansvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wlansvc.dll,-257
   Description: @%SystemRoot%\System32\wlansvc.dll,-258
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Windows Management Interface for ACPI
    Image path: \SystemRoot\system32\drivers\wmiacpi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): WmiApRpl
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): wmiApSrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
   Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
   Object name: localSystem
    Image path: %systemroot%\system32\wbem\WmiApSrv.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): WMPNetworkSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
   Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
   Object name: NT AUTHORITY\NetworkService
    Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: http

Service (registry key): WPCSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
   Description: @%SystemRoot%\system32\wpcsvc.dll,-101
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): WPDBusEnum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
   Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): ws2ifsl
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung
   Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
    Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 1
 Error Control: 1

Service (registry key): wscsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wscsvc.dll,-200
   Description: @%SystemRoot%\System32\wscsvc.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,WinMgmt

Service (registry key): WSearch
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\SearchIndexer.exe,-103
   Description: @%systemroot%\system32\SearchIndexer.exe,-104
   Object name: LocalSystem
    Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
    Image size: 427520
     Image MD5: 236F286E103FD44BD85FDD93097FD5DD
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): WSearchIdxPi
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): wuauserv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wuaueng.dll,-105
   Description: @%systemroot%\system32\wuaueng.dll,-106
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): WudfPf
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
    Image path: system32\drivers\WudfPf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): WUDFRd
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\WUDFRd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): wudfsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
   Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,WudfPf

Service (registry key): WwanSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wwansvc.dll,-257
   Description: @%SystemRoot%\System32\wwansvc.dll,-258
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc

Service (registry key): xmlprov
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {5AD29A40-F331-4821-9CC5-70729D07D4AD}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {B39160C2-8AE5-4CC7-A88C-EB64E0E7E411}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {D07D5F26-17E3-4D04-B6FA-74D8C7645EB5}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {FCEDB62C-4188-4CBA-AAF4-EAAD9581F5C0}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0
         

Alt 09.10.2013, 08:56   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.10.2013, 22:47   #6
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Hallo Schrauber,

Ich habe Deine Anwesungen befolgt und combofix runtergeladen, mein Avira und Internet ausgeschalten und combofix.exe gestartet. Es gab keine Fehlermeldung oder dergleichen, ein blauer Bildschirm startete sich hirauf. Nach etwa 15 Minuten Prozess war ich kurz nicht am rechner, als ich zurück kam, hatte er neu hochgefahren, ich sollte mich dann ganz normal einloggen. Nun zeigt sich ein sehr ungewähnliches Bild:
Desktop wie gewohnt, jedoch öffnet sich etwa alle zehntel sekunde ein combofix-fenster und verschwindet gleich wieder, auch nach Neustart zeigt sich selbiges Bild. Was sollte ich am besten tun? Ich möchte nix auf eigene Faust machen, was diese Programm angeht.

Vielen Dank schon mal.

Gruss,

Thomas
(Antwort von anderem PC)

Alt 10.10.2013, 09:05   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Beim Hochfahren F8, letze als funktionierend bekannte Config auswählen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.10.2013, 15:00   #8
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Hallo Schrauber,

Nun hat´s geklappt mit combofix. Anbei stelle ich die log-Datei rein.
Gruss, Peter.

Code:
ATTFilter
ComboFix 13-10-09.01 - Save 10.10.2013  13:49:58.4.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3933.2222 [GMT 2:00]
ausgeführt von:: c:\users\Save\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-10 bis 2013-10-10  ))))))))))))))))))))))))))))))
.
.
2013-10-10 13:45 . 2013-10-10 13:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-09 21:31 . 2013-09-23 01:25	775256	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2013-10-09 21:03 . 2013-10-10 13:45	--------	d-----w-	c:\users\Save\AppData\Local\temp
2013-10-09 05:26 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A850026-3FDF-4E4F-BE08-58B993255D8C}\mpengine.dll
2013-10-08 18:06 . 2013-10-08 18:06	--------	d-----w-	c:\users\Save\AppData\Roaming\Avira
2013-10-08 17:46 . 2013-10-08 17:46	--------	d-----w-	C:\FRST
2013-10-08 17:40 . 2013-10-08 17:40	--------	d-----w-	c:\program files (x86)\OpenIt
2013-10-08 17:40 . 2013-10-08 17:40	--------	d-----w-	c:\users\Dirka\AppData\Roaming\DigitalSite
2013-09-12 21:53 . 2013-09-12 21:53	24287424	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2013-09-12 11:14 . 2013-09-12 11:14	18612928	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 21:21 . 2011-07-22 15:37	80541720	----a-w-	c:\windows\system32\MRT.exe
2013-10-09 20:41 . 2012-11-24 18:27	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 20:41 . 2011-07-22 16:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-05 20:23 . 2013-08-27 05:23	81112	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2013-09-05 20:23 . 2013-08-27 05:21	132088	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-09-05 20:23 . 2013-08-27 05:21	105344	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-08-29 01:48 . 2013-10-09 05:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-08-26 21:07 . 2013-08-27 05:21	28600	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-08-07 02:22 . 2011-07-21 21:20	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-07-25 09:25 . 2013-08-17 14:47	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 14:47	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 14:47	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 14:47	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}]
2013-07-26 20:30	12240	----a-w-	c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}]
2011-10-31 13:37	88976	----a-w-	c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2011-06-24 16:22	734048	----a-w-	c:\program files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\4.5\pdfforgeToolbarIE.dll" [2011-06-24 734048]
"{99079a25-328f-4bd4-be04-00955acaa0a7}"= "c:\progra~2\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll" [2011-10-31 88976]
"{41564952-412D-5637-00A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" [2013-07-26 12240]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CLASSES_ROOT\clsid\{99079a25-328f-4bd4-be04-00955acaa0a7}]
.
[HKEY_CLASSES_ROOT\clsid\{41564952-412d-5637-00a7-7a786e7484d7}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2010-08-24 1129832]
"Message Center Plus"="c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe" [2009-05-27 49976]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-08-04 244208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2011-07-06 688128]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-09-05 347192]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-26 1558480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TPHKSVC;Anzeige am Bildschirm;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-24 20:41]
.
2013-10-10 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2010-11-12 01:34]
.
2013-10-10 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\pcdrcui.exe [2010-11-12 01:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2010-07-27 69560]
"TpShocks"="TpShocks.exe" [2010-07-01 380776]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-15 11049576]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-08 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-08 365592]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2010-07-27 62312]
"AcWin7Hlpr"="c:\program files (x86)\Lenovo\Access Connections\AcTBenabler.exe" [2010-09-17 31592]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://lenovo.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-10-10  15:47:23
ComboFix-quarantined-files.txt  2013-10-10 13:47
.
Vor Suchlauf: 17 Verzeichnis(se), 321.415.704.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 321.082.982.400 Bytes frei
.
- - End Of File - - AE51A78D0C1B67EE5193CE63C355E033
         

Alt 11.10.2013, 08:16   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.10.2013, 09:23   #10
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Hallo Schrauber,

Habe die Anweisungen befolgt. HIer folgend Malware-Bytes, AdwCleaner, Junktool und FRST-log:

Gruss, Peter

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.10.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Save :: DIRKA-THINK [Administrator]

11.10.2013 09:44:39
mbam-log-2013-10-11 (09-44-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243494
Laufzeit: 6 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 2
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 3984 -> Löschen bei Neustart.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> 9220 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 17
HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SearchQUIEHelper.DNSGuard (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\SearchQUIEHelper.DNSGuard.1 (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 3
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{99079A25-328F-4BD4-BE04-00955ACAA0A7} (PUP.Optional.SearchQu) -> Daten: Searchqu Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{99079a25-328f-4bd4-be04-00955acaa0a7} (PUP.Optional.SearchQu) -> Daten:  -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|DATAMNGR (PUP.Optional.Datamngr.A) -> Daten: C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.Datamngr.A) -> Bösartig: (C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 10
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll (PUP.Optional.SearchQu) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (PUP.Optional.Datamngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dirka\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\config.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\prod.dat (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\STTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\TTL.DAT (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Dirka\AppData\Roaming\DigitalSite\UpdateProc\UpdateTask.exe (PUP.Optional.DigitalSite.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (PUP.Optional.Datamngr.A) -> Löschen bei Neustart.

(Ende)
         
Code:
ATTFilter
# AdwCleaner v3.007 - Bericht erstellt am 11/10/2013 um 09:59:06
# Updated 09/10/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Save - DIRKA-THINK
# Gestartet von : C:\Users\Save\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : Application Updater

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Windows iLivid Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
Ordner Gelöscht : C:\Users\Dirka\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Dirka\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\Save\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\searchquband
Ordner Gelöscht : C:\Users\Save\AppData\LocalLow\Searchqutoolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Ordner Gelöscht : C:\Users\Dirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangaohdajkgeopjhpbnlpkehbhmbj
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\searchplugins\web-search.xml

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SearchquMediabarTb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{638482BC-3092-42DC-AEA1-735264911A77}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v6.0 (de)

[ Datei : C:\Users\Dirka\AppData\Roaming\Mozilla\Firefox\Profiles\rqqpdee4.default\prefs.js ]

Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.searchqu.com/406");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=169&systemid=406&sr=0&q=");
Zeile gelöscht : user_pref("vshare.install.date", "1313913374");
Zeile gelöscht : user_pref("vshare.install.finished", "1.0.0");
Zeile gelöscht : user_pref("vshare.install.fresh", "false");
Zeile gelöscht : user_pref("vshare.install.guid", "{1a632f39-cc3c-4c56-b508-09f264efc666}");
Zeile gelöscht : user_pref("vshare.install.istoolbarhp", true);
Zeile gelöscht : user_pref("vshare.install.istoolbarsearch", true);
Zeile gelöscht : user_pref("vshare.install.newtab", false);

[ Datei : C:\Users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default\prefs.js ]


-\\ Google Chrome v

[ Datei : C:\Users\Save\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Gelöscht : homepage
Gelöscht : search_url

*************************

AdwCleaner[R0].txt - [8897 octets] - [11/10/2013 09:57:26]
AdwCleaner[S0].txt - [8706 octets] - [11/10/2013 09:59:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8766 octets] ##########
         
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Save on 11.10.2013 at 10:05:40,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\cb2848362903cd24ea1a37254619a177
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\cb2848362903cd24ea1a37254619a177



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Users\Save\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!"



~~~ FireFox

Successfully deleted: [File] C:\Users\Save\AppData\Roaming\mozilla\firefox\profiles\nlqm5zn1.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Save\AppData\Roaming\mozilla\firefox\profiles\nlqm5zn1.default\minidumps [1 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.10.2013 at 10:15:03,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Save (administrator) on DIRKA-THINK on 11-10-2013 10:19:20
Running from C:\Users\Save\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
HKU\Dirka\...\Run: [PoivY] - "C:\Program Files (x86)\PoivY.com\PoivY\PoivY.exe" -nosplash -minimized
HKU\Dirka\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
AppInit_DLLs:   [1475584 2010-11-20] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL = 
SearchScopes: HKCU - {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Search Results) - hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-26] (Avira Operations GmbH & Co. KG)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 10:15 - 2013-10-11 10:15 - 00001724 _____ C:\Users\Save\Desktop\JRT.txt
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 10:01 - 2013-10-11 10:01 - 00008874 _____ C:\Users\Save\Desktop\AdwCleaner[S0].txt
2013-10-11 09:57 - 2013-10-11 09:59 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:36 - 2013-10-11 09:36 - 01032220 _____ (Thisisu) C:\Users\Save\Desktop\JRT.exe
2013-10-11 09:35 - 2013-10-11 09:35 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-11 09:34 - 2013-10-11 09:34 - 01048960 _____ C:\Users\Save\Desktop\adwcleaner.exe
2013-10-11 09:31 - 2013-10-11 09:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 15:55 - 2013-10-10 15:55 - 00021373 _____ C:\Users\Save\Desktop\combofix.txt
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 13:18 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 23:32 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 23:32 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:32 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:32 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:32 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 23:31 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 23:31 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 22:51 - 2013-10-10 15:47 - 00000000 ____D C:\Qoobox
2013-10-09 22:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 22:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 22:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 22:50 - 2013-10-10 15:45 - 00000000 ____D C:\Windows\erdnt
2013-10-09 22:41 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-09 07:36 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 07:36 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 07:36 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 07:36 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 07:36 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 07:36 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 07:36 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 07:36 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 07:36 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 07:36 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 07:36 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 07:36 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 07:36 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 07:36 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 07:36 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 07:36 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 07:36 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 07:36 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 07:36 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 07:36 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 07:36 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 07:36 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 07:36 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 07:36 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Save\Desktop\GMER.txt
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:48 - 2013-10-08 19:49 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:45 - 2013-10-08 19:46 - 01954124 _____ (Farbar) C:\Users\Save\Desktop\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-09-11 08:51 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:51 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:51 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-11 10:15 - 2013-10-11 10:15 - 00001724 _____ C:\Users\Save\Desktop\JRT.txt
2013-10-11 10:14 - 2011-04-03 05:58 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-11 10:08 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 10:08 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 10:07 - 2011-04-03 05:58 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 10:01 - 2013-10-11 10:01 - 00008874 _____ C:\Users\Save\Desktop\AdwCleaner[S0].txt
2013-10-11 10:01 - 2012-03-13 20:19 - 00000000 ____D C:\Users\Save\AppData\Roaming\Skype
2013-10-11 10:00 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 10:00 - 2009-07-14 06:51 - 00142346 _____ C:\Windows\setupact.log
2013-10-11 09:59 - 2013-10-11 09:57 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:59 - 2011-04-03 05:31 - 01846500 _____ C:\Windows\WindowsUpdate.log
2013-10-11 09:52 - 2011-07-22 17:48 - 00102056 _____ C:\Windows\PFRO.log
2013-10-11 09:41 - 2012-11-24 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 09:36 - 2013-10-11 09:36 - 01032220 _____ (Thisisu) C:\Users\Save\Desktop\JRT.exe
2013-10-11 09:35 - 2013-10-11 09:35 - 00001120 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-11 09:35 - 2011-07-22 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-11 09:34 - 2013-10-11 09:34 - 01048960 _____ C:\Users\Save\Desktop\adwcleaner.exe
2013-10-11 09:32 - 2013-10-11 09:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 16:43 - 2011-07-22 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 15:55 - 2013-10-10 15:55 - 00021373 _____ C:\Users\Save\Desktop\combofix.txt
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 15:47 - 2013-10-09 22:51 - 00000000 ____D C:\Qoobox
2013-10-10 15:47 - 2012-07-21 12:34 - 00000000 ____D C:\Users\Henning Jung
2013-10-10 15:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-10 15:45 - 2013-10-09 22:50 - 00000000 ____D C:\Windows\erdnt
2013-10-10 15:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-10 13:13 - 2011-04-03 15:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-10-10 13:13 - 2011-04-03 15:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-10-10 13:13 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-10 12:54 - 2009-07-14 06:45 - 00460216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 23:34 - 2011-08-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 23:23 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:21 - 2011-07-22 17:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:42 - 2013-10-10 13:18 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 22:42 - 2013-10-09 22:41 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Save\Desktop\GMER.txt
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:59 - 2012-11-03 22:13 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-08 19:59 - 2011-07-22 17:03 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:49 - 2013-10-08 19:48 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:46 - 2013-10-08 19:45 - 01954124 _____ (Farbar) C:\Users\Save\Desktop\FRST64.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:43 - 2011-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-08 19:43 - 2011-07-22 11:08 - 00000000 ____D C:\Users\Save
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-10-03 15:04 - 2011-07-21 22:09 - 00000000 ____D C:\Users\Dirka
2013-10-03 15:03 - 2011-12-12 12:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-23 01:28 - 2013-10-09 23:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 23:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-09 23:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-09 23:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 23:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-21 05:38 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 23:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 23:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 23:48 - 2011-07-23 13:55 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\Skype
2013-09-14 03:10 - 2013-10-09 07:36 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-13 07:41 - 2013-05-18 00:48 - 00000000 ____D C:\Users\Dirka\AppData\Local\Mozilla Firefox
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Some content of TEMP:
====================
C:\Users\Save\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 16:32

==================== End Of Log ============================
         
--- --- ---

Alt 11.10.2013, 12:05   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.10.2013, 16:47   #12
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Hallo Schrauber,

Habe eset und security-check laufen lassen. Anbei findest Du Eset-, Security-check-, FRST- und einen aktuellen spybot-bericht.
Spybot zeigt mir nach allem, was ich nun durchgeführt habe, weiterhin threats an, insgesamt 22. Kann ich die dann einfach entfernen?
Wie häufig sollte ich spybot generell anwenden? und gibt es noch eine weitere Möglichkeit, sich besser zu schützen?

Vielen Dank schon mal für die tolle Hilfe.

Gruß, Peter.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=10b742a5a4a26f47912ac7d5ca44cd15
# engine=15446
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-10-11 02:51:33
# local_time=2013-10-11 04:51:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 30790 152174398 23525 0
# compatibility_mode=5893 16776573 100 94 10895 133132943 0 0
# scanned=298929
# found=1
# cleaned=0
# scan_time=10726
sh=62518026153B8F7EB9AC1B5C5F9924490348E735 ft=0 fh=0000000000000000 vn="a variant of Java/Exploit.Blacole.AN trojan" ac=I fn="C:\Users\Dirka\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\51d64865-1c968274"
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.74  
 Windows 7 Service Pack 1 x64   
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Secunia PSI (2.0.0.3003)   
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 6 Update 26  
 Java version out of Date! 
 Adobe Flash Player 11.9.900.117  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox 6.0 Firefox out of Date!  
 Mozilla Thunderbird (3.1.16) Thunderbird out of Date!  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by Save (administrator) on DIRKA-THINK on 11-10-2013 17:14:04
Running from C:\Users\Save\Desktop\Malware-software und logs
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Lenovo Group Limited) c:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Zoom\TpScrex.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [TPHOTKEY] - C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [69560 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2010-07-01] (Lenovo.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [62312 2010-07-27] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [31592 2010-09-17] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-22] (Synaptics Incorporated)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2010-03-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [1129832 2010-08-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Message Center Plus] - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [49976 2009-05-27] ()
HKLM-x32\...\Run: [RoxWatchTray] - C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe [244208 2009-08-04] (Sonic Solutions)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [688128 2011-07-06] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-05] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [] - [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2009-03-24] ()
AppInit_DLLs:   [159744 2009-03-24] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
SearchScopes: HKCU - {A8960C5C-8DE0-452D-8BBC-1559303B8B86} URL = 
SearchScopes: HKCU - {C054EF22-B2B1-4072-A5F0-DF99646E3E5A} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 -  No Name - {41564952-412D-5637-00A7-7A786E7484D7} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Save\AppData\Roaming\Mozilla\Firefox\Profiles\nlqm5zn1.default
FF SelectedSearchEngine: Ask.com
FF SearchEngineOrder.1: Ask.com
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Search Results) - hxxp://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll No File
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-05] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [168400 2013-07-26] (APN LLC.)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-04] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-04] (Sonic Solutions)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [993848 2011-04-19] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [399416 2011-04-19] (Secunia)
R2 ThinkVantage Registry Monitor Service; C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited)
S3 TVT Backup Service; C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe [1475896 2010-07-29] (Lenovo Group Limited)

==================== Drivers (Whitelisted) ====================

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-26] (Avira Operations GmbH & Co. KG)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-11 17:13 - 2013-10-11 17:13 - 00001091 _____ C:\Users\Save\Desktop\checkup.txt
2013-10-11 14:18 - 2013-10-11 14:18 - 100470597 _____ C:\Windows\SysWOW64\쿎ᅌ3
2013-10-11 13:46 - 2013-10-11 13:46 - 00000000 ____D C:\Users\Save\AppData\Roaming\EndNote
2013-10-11 13:41 - 2013-10-11 13:41 - 00891167 _____ C:\Users\Save\Desktop\SecurityCheck.exe
2013-10-11 13:39 - 2013-10-11 13:39 - 02347384 _____ (ESET) C:\Users\Save\Desktop\esetsmartinstaller_enu.exe
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 09:57 - 2013-10-11 09:59 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:31 - 2013-10-11 09:32 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 13:18 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 23:32 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-09 23:32 - 2013-09-23 01:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-09 23:32 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-09 23:32 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-09 23:32 - 2013-09-23 00:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-09 23:32 - 2013-09-21 05:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 05:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 23:32 - 2013-09-21 04:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-09 23:32 - 2013-09-21 04:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 23:31 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 23:31 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 01:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 23:31 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 23:31 - 2013-09-23 00:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 22:51 - 2013-10-10 15:47 - 00000000 ____D C:\Qoobox
2013-10-09 22:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-09 22:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-09 22:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-09 22:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-09 22:50 - 2013-10-10 15:45 - 00000000 ____D C:\Windows\erdnt
2013-10-09 22:41 - 2013-10-09 22:42 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-09 07:36 - 2013-09-14 03:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 07:36 - 2013-09-08 04:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 07:36 - 2013-09-08 04:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 07:36 - 2013-09-08 04:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 07:36 - 2013-09-04 14:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-09 07:36 - 2013-09-04 14:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 07:36 - 2013-08-29 04:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 04:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 07:36 - 2013-08-29 04:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 07:36 - 2013-08-29 04:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 07:36 - 2013-08-29 03:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 07:36 - 2013-08-29 03:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 07:36 - 2013-08-29 03:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 07:36 - 2013-08-29 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 07:36 - 2013-08-29 03:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 07:36 - 2013-08-29 02:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 07:36 - 2013-08-29 02:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 07:36 - 2013-08-28 03:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 07:36 - 2013-08-28 03:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 07:36 - 2013-08-01 14:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 07:36 - 2013-07-20 12:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-20 12:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 07:36 - 2013-07-12 12:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 07:36 - 2013-07-12 12:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 07:36 - 2013-07-04 14:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 07:36 - 2013-07-04 14:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 07:36 - 2013-07-04 13:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 07:36 - 2013-07-04 13:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 07:36 - 2013-07-04 12:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 07:36 - 2013-07-03 06:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 07:36 - 2013-06-26 00:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 07:36 - 2013-06-06 07:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 07:36 - 2013-06-06 07:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 07:36 - 2013-06-06 07:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 07:36 - 2013-06-06 06:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 07:36 - 2013-06-06 06:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 07:36 - 2013-06-06 06:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 07:36 - 2013-06-06 05:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 07:36 - 2013-06-06 05:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:48 - 2013-10-08 19:49 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-09-11 08:51 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-11 08:51 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-11 08:51 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-11 08:51 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-11 08:51 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-11 08:51 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-11 08:51 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-11 08:51 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-11 08:51 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

==================== One Month Modified Files and Folders =======

2013-10-11 17:13 - 2013-10-11 17:13 - 00001091 _____ C:\Users\Save\Desktop\checkup.txt
2013-10-11 17:13 - 2011-04-03 05:58 - 00000382 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-10-11 17:12 - 2011-04-03 05:58 - 00000528 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-10-11 16:41 - 2012-11-24 20:27 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-11 16:23 - 2011-04-03 05:31 - 01954680 _____ C:\Windows\WindowsUpdate.log
2013-10-11 15:39 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\LiveKernelReports
2013-10-11 14:18 - 2013-10-11 14:18 - 100470597 _____ C:\Windows\SysWOW64\쿎ᅌ3
2013-10-11 13:52 - 2011-04-03 15:11 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-10-11 13:52 - 2011-04-03 15:11 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-10-11 13:52 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 13:46 - 2013-10-11 13:46 - 00000000 ____D C:\Users\Save\AppData\Roaming\EndNote
2013-10-11 13:44 - 2012-03-13 20:19 - 00000000 ____D C:\Users\Save\AppData\Roaming\Skype
2013-10-11 13:41 - 2013-10-11 13:41 - 00891167 _____ C:\Users\Save\Desktop\SecurityCheck.exe
2013-10-11 13:39 - 2013-10-11 13:39 - 02347384 _____ (ESET) C:\Users\Save\Desktop\esetsmartinstaller_enu.exe
2013-10-11 12:58 - 2011-07-23 13:55 - 00000000 ____D C:\Users\Dirka\AppData\Roaming\Skype
2013-10-11 11:19 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-11 11:19 - 2009-07-14 06:45 - 00015568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-11 11:10 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-11 11:10 - 2009-07-14 06:51 - 00142402 _____ C:\Windows\setupact.log
2013-10-11 10:05 - 2013-10-11 10:05 - 00000000 ____D C:\Windows\ERUNT
2013-10-11 09:59 - 2013-10-11 09:57 - 00000000 ____D C:\AdwCleaner
2013-10-11 09:52 - 2011-07-22 17:48 - 00102056 _____ C:\Windows\PFRO.log
2013-10-11 09:35 - 2011-07-22 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-11 09:32 - 2013-10-11 09:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Dirka\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 16:43 - 2012-11-24 20:27 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 16:43 - 2011-07-22 18:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-10 16:40 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-10-10 15:47 - 2013-10-10 15:47 - 00021373 _____ C:\ComboFix.txt
2013-10-10 15:47 - 2013-10-09 22:51 - 00000000 ____D C:\Qoobox
2013-10-10 15:47 - 2012-07-21 12:34 - 00000000 ____D C:\Users\Henning Jung
2013-10-10 15:47 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-10 15:45 - 2013-10-09 22:50 - 00000000 ____D C:\Windows\erdnt
2013-10-10 15:45 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-10 12:54 - 2009-07-14 06:45 - 00460216 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 23:34 - 2011-08-08 17:56 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-09 23:29 - 2013-03-13 07:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 23:23 - 2013-08-18 03:01 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 23:21 - 2011-07-22 17:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 22:42 - 2013-10-10 13:18 - 05131844 ____R (Swearware) C:\Users\Save\Desktop\ComboFix.exe
2013-10-09 22:42 - 2013-10-09 22:41 - 05131844 ____R (Swearware) C:\Users\Dirka\Desktop\ComboFix.exe
2013-10-08 20:40 - 2013-10-08 20:40 - 00000098 _____ C:\Users\Dirka\AppData\Roaming\WB.CFG
2013-10-08 20:13 - 2013-10-08 20:13 - 00005702 _____ C:\Users\Dirka\Desktop\GMER.txt
2013-10-08 20:06 - 2013-10-08 20:06 - 00000000 ____D C:\Users\Save\AppData\Roaming\Avira
2013-10-08 20:02 - 2013-10-08 20:02 - 00000470 _____ C:\Users\Dirka\Downloads\defogger_disable.log
2013-10-08 19:59 - 2012-11-03 22:13 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-08 19:59 - 2011-07-22 17:03 - 00000000 ___RD C:\Users\Save\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-08 19:55 - 2013-10-08 19:55 - 00038684 _____ C:\Users\Dirka\Desktop\FRST.txt
2013-10-08 19:55 - 2013-10-08 19:55 - 00021873 _____ C:\Users\Dirka\Desktop\Addition.txt
2013-10-08 19:50 - 2013-10-08 19:50 - 00377856 _____ C:\Users\Dirka\Downloads\gmer_2.1.19163.exe
2013-10-08 19:49 - 2013-10-08 19:49 - 00038684 _____ C:\Users\Dirka\Downloads\FRST.txt
2013-10-08 19:49 - 2013-10-08 19:48 - 00021873 _____ C:\Users\Dirka\Downloads\Addition.txt
2013-10-08 19:46 - 2013-10-08 19:46 - 00000000 ____D C:\FRST
2013-10-08 19:43 - 2013-10-08 19:43 - 00050477 _____ C:\Users\Dirka\Downloads\Defogger.exe
2013-10-08 19:43 - 2013-10-08 19:43 - 00000000 _____ C:\Users\Save\defogger_reenable
2013-10-08 19:43 - 2011-07-22 12:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-08 19:43 - 2011-07-22 11:08 - 00000000 ____D C:\Users\Save
2013-10-08 19:29 - 2013-10-08 19:29 - 99859239 _____ C:\Windows\SysWOW64\ꮪ�ᅌŠ
2013-10-07 21:52 - 2013-10-07 21:52 - 00239355 _____ C:\Users\Dirka\Desktop\SpybotSD.Results.txt
2013-10-03 15:04 - 2011-07-21 22:09 - 00000000 ____D C:\Users\Dirka
2013-10-03 15:03 - 2011-12-12 12:08 - 00000099 _____ C:\Users\Public\LMDebug.log
2013-09-23 01:28 - 2013-10-09 23:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 23:31 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-23 01:27 - 2013-10-09 23:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-23 01:27 - 2013-10-09 23:31 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-23 00:55 - 2013-10-09 23:32 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-23 00:55 - 2013-10-09 23:31 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 23:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-23 00:54 - 2013-10-09 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-23 00:54 - 2013-10-09 23:31 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-21 05:38 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-21 05:30 - 2013-10-09 23:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-21 04:48 - 2013-10-09 23:32 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-21 04:39 - 2013-10-09 23:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-14 03:10 - 2013-10-09 07:36 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-09-13 07:41 - 2013-05-18 00:48 - 00000000 ____D C:\Users\Dirka\AppData\Local\Mozilla Firefox
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-13 00:30 - 2011-07-21 22:13 - 00000000 ___RD C:\Users\Dirka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

Some content of TEMP:
====================
C:\Users\Dirka\AppData\Local\temp\SkypeSetup.exe
C:\Users\Save\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-10 16:32

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
--- Search result list ---
Widgi.Toolbar: [SBI $21855786] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $BA954ED7] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\S-1-5-21-2504536262-671961439-3406205668-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}

Widgi.Toolbar: [SBI $DABAA047] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420

Widgi.Toolbar: [SBI $DABAA047] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_CLASSES_ROOT\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420

Widgi.Toolbar: [SBI $EECF060A] Einstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\504D229B31D6B2A4EA98800A03AD4420

Widgi.Toolbar: [SBI $16C3A07B] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\

Widgi.Toolbar: [SBI $000389AB] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\

Widgi.Toolbar: [SBI $1E14509F] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res\

Widgi.Toolbar: [SBI $E1F050EF] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\

Widgi.Toolbar: [SBI $03E18DB3] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\IE\

Widgi.Toolbar: [SBI $60A6F1DA] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\pdfforge Toolbar\Res\

Widgi.Toolbar: [SBI $65C7C8B1] Shared DLL  (1 Anwendungen) (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe

Widgi.Toolbar: [SBI $5AE37010] Shared DLL  (1 Anwendungen) (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe

Widgi.Toolbar: [SBI $E4808FA3] Einstellungen (Registrierungsdatenbank-Wert, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files (x86)\Application Updater\

Ask.MyGlobalSearch: [SBI $115DC360] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\.DEFAULT\Software\Ask.com

Ask.MyGlobalSearch: [SBI $115DC360] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\S-1-5-18\Software\Ask.com

Ask.MyGlobalSearch: [SBI $9FA3D6C1] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\.DEFAULT\Software\AskToolbar

Ask.MyGlobalSearch: [SBI $9FA3D6C1] Benutzereinstellungen (Registrierungsdatenbank-Schlüssel, nothing done)
  HKEY_USERS\S-1-5-18\Software\AskToolbar

MediaPlex: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
  

Right Media: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
  

DoubleClick: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
  

MediaPlex: Verfolgender Cookie (Internet Explorer: Save) (Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2012-02-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-01 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-09-10 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-02 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-01 Includes\TrojansC-03.sbi (*)
2013-09-24 Includes\TrojansC-04.sbi (*)
2012-08-31 Includes\TrojansC-05.sbi (*)
2012-09-07 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
   file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
   size: 937920
    MD5: 47C1DE0A890613FFCFF1D67648EEDF90

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
   file: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
   size: 37296
    MD5: 69169586EFAD19F53C2012FFD8FDCF45

Located: HK_LM:Run, APSDaemon
command: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
   file: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
   size: 59720
    MD5: 61E4289E91E88C90478D7F4BEB10DCF7

Located: HK_LM:Run, avgnt
command: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
   file: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
   size: 347192
    MD5: 99DA1D6BB12C09D06B627AE0F1753789

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
   file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
   size: 152392
    MD5: A9F9D081518AC03A51C1195986076F42

Located: HK_LM:Run, Message Center Plus
command: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start
   file: C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
   size: 49976
    MD5: 3B376496187AB240FAC6ECD7BD1251F6

Located: HK_LM:Run, PWMTRV
command: rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
   file: C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL
   size: 1129832
    MD5: 8F9D8F68DD4892AF17EB3996FE03689A

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
   file: C:\Program Files (x86)\QuickTime\QTTask.exe
   size: 421888
    MD5: 9ACCBC5891BA51B5B29C1A88F80D4CE3

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
   file: C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
   size: 244208
    MD5: AA2D2B5663D5227E6BE5849E6D7DA882

Located: HK_LM:Run, Samsung PanelMgr
command: C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
   file: C:\Windows\Samsung\PanelMgr\SSMMgr.exe
   size: 688128
    MD5: 1ED7FD4B342AE1CA57969B0C01667D85

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
   file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   size: 254696
    MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B

Located: HK_CU:Run, Sidebar
  where: Default...
command: %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
   file: C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
   size: 1174016
    MD5: DCCA4B04AF87E52EF9EAA2190E06CBAC

Located: HK_CU:RunOnce, 
  where: Default...
command: 
   file: 
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:RunOnce, Lenovoautoqdrive
  where: Default...
command: C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q
   file: C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe
   size: 159744
    MD5: B16E60E3D9CD7661360A329955D898C9

Located: HK_CU:RunOnce, mctadmin
  where: Default...
command: C:\Windows\System32\mctadmin.exe
   file: C:\Windows\System32\mctadmin.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_CU:Run, Skype
  where: S-1-5-21-2504536262-671961439-3406205668-1003...
command: "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
   file: C:\Program Files (x86)\Skype\Phone\Skype.exe
   size: 17418928
    MD5: CBEC06E32D0AC9C3D0A9199EDC1FB959

Located: HK_CU:Run, SpybotSD TeaTimer
  where: S-1-5-21-2504536262-671961439-3406205668-1003...
command: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
   file: C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
   size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

Located: Startup (allgemein), Bluetooth.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
   file: C:\Program Files (x86)\ThinkPad\Bluetooth Software\BTTray.exe
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: Startup (allgemein), Secunia PSI Tray.lnk
  where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
   file: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
   size: 291896
    MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: AcroIEHelperStub
        CLSID name: Adobe PDF Link Helper
              Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
         Long name: AcroIEHelperShim.dll
        Short name:       ACROIE~2.DLL
    Date (created): 22.09.2010 18:04:14
Date (last access): 22.07.2011 18:24:56
 Date (last write): 22.09.2010 18:04:14
          Filesize:              75200
        Attributes:           archive 
               MD5: 203A74767EB81F96A5166B1933DB46D0
             CRC32:           B0D671C9
           Version:          9.4.0.195

{41564952-412D-5637-00A7-7A786E7484D7} (Avira SearchFree Toolbar plus Web Protection BHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: Avira SearchFree Toolbar plus Web Protection BHO
        CLSID name: 

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Groove GFS Browser Helper
              Path: C:\PROGRA~2\MICROS~4\Office14\
         Long name:       GROOVEEX.DLL
        Short name:                   
    Date (created): 16.08.2012 06:43:44
Date (last access): 16.11.2012 00:45:46
 Date (last write): 16.08.2012 06:43:44
          Filesize:            4171424
        Attributes:           archive 
               MD5: 660C8E78B94F483E44B0243A774A4746
             CRC32:           AA836D07
           Version:     14.0.6126.5000

{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: URLRedirectionBHO
        CLSID name: Office Document Cache Handler
              Path: C:\PROGRA~2\MICROS~4\Office14\
         Long name:       URLREDIR.DLL
        Short name:                   
    Date (created): 21.12.2010 02:05:22
Date (last access): 29.11.2011 11:13:44
 Date (last write): 21.12.2010 02:05:22
          Filesize:             561552
        Attributes:           archive 
               MD5: A5D08B86E8A437AA6DEAF7A187BF6CA5
             CRC32:           CEA4973B
           Version:     14.0.6015.1000

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Java(tm) Plug-In 2 SSV Helper
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:         jp2ssv.dll
        Short name:                   
    Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
 Date (last write): 22.07.2011 17:32:58
          Filesize:              42272
        Attributes:           archive 
               MD5: E7D55E121FF1951CB86C7E0DC6A33877
             CRC32:           0EA0302A
           Version:          6.0.260.3



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_26
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
 Date (last write): 22.07.2011 17:32:58
          Filesize:             112416
        Attributes:           archive 
               MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
             CRC32:           18200451
           Version:          6.0.260.3

{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_26
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:        jp2iexp.dll
        Short name:                   
    Date (created): 22.07.2011 17:32:58
Date (last access): 22.07.2011 17:32:58
 Date (last write): 22.07.2011 17:32:58
          Filesize:             112416
        Attributes:           archive 
               MD5: 8ED8B29AC7412F8A1608BAC047E5F78D
             CRC32:           18200451
           Version:          6.0.260.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_26
         Installer: 
          Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
       description: 
    classification: Legitimate
    known filename: npjpi150_06.dll
         info link: 
       info source: Safer Networking Ltd.
              Path: C:\Program Files (x86)\Java\jre6\bin\
         Long name:    npjpi160_26.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 22.07.2011 17:33:00
Date (last access): 22.07.2011 17:33:00
 Date (last write): 22.07.2011 17:33:00
          Filesize:             141088
        Attributes:           archive 
               MD5: 9210B3BC2BC4FF4F4281F7D7C294233A
             CRC32:           B23F2824
           Version:          6.0.260.3



--- Process list ---
PID:    0 (   0) [System]
PID: 1576 (1732) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
 size: 78272
  MD5: 61EEA3608B65D6750B4BE7838679C861
PID: 9244 ( 736) C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
 size: 402792
  MD5: EA0547A5917CC00AA669E8303D83533F
PID: 5344 (10192) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
 size: 69560
  MD5: 385ABC29C668B9B469FAD0F7CE00094D
PID: 6044 (10192) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
 size: 62312
  MD5: FD334D8C75FA3AD04B0211E4F99BDDFD
PID: 8440 (10192) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
 size: 2260480
  MD5: 390679F7A217A5E73D756276C40AE887
PID: 11088 (5344) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
 size: 176056
  MD5: 508970745C2E5749C65B86C6FBC6A710
PID: 4500 (5344) C:\Program Files\Lenovo\Zoom\TpScrex.exe
 size: 144824
  MD5: 9C4721B9D7300B0D79E46BAA25EBC56A
PID: 4336 (10192) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
 size: 291896
  MD5: 8E6C1915EDDD719C4BFE99ECCD7216A7
PID: 5632 (5396) C:\Windows\SysWOW64\rundll32.exe
 size: 44544
  MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 2968 (5396) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
 size: 49976
  MD5: 3B376496187AB240FAC6ECD7BD1251F6
PID: 5240 (5396) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 size: 254696
  MD5: 13E7CFE8E269ED15E7FC9C3EBBCB7E2B
PID: 5944 (5396) C:\Windows\Samsung\PanelMgr\SSMMgr.exe
 size: 688128
  MD5: 1ED7FD4B342AE1CA57969B0C01667D85
PID: 8900 (5396) C:\Program Files (x86)\iTunes\iTunesHelper.exe
 size: 152392
  MD5: A9F9D081518AC03A51C1195986076F42
PID: 4848 (5396) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
 size: 347192
  MD5: 99DA1D6BB12C09D06B627AE0F1753789
PID: 1744 (10192) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 size: 5365592
  MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5820 ( 736) C:\Windows\SysWOW64\DllHost.exe
 size: 7168
  MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID:    4 (   0) System
PID:  336 (   4) smss.exe
PID:  488 ( 432) csrss.exe
PID:  548 ( 432) wininit.exe
 size: 96256
PID:  560 ( 540) csrss.exe
PID:  596 ( 548) services.exe
PID:  616 ( 548) lsass.exe
PID:  624 ( 548) lsm.exe
PID:  736 ( 596) svchost.exe
 size: 20992
PID:  788 ( 540) winlogon.exe
PID:  848 ( 596) ibmpmsvc.exe
PID:  904 ( 596) svchost.exe
 size: 20992
PID:  960 ( 596) svchost.exe
 size: 20992
PID: 1016 ( 596) svchost.exe
 size: 20992
PID:  364 ( 596) svchost.exe
 size: 20992
PID:  520 ( 596) svchost.exe
 size: 20992
PID: 1068 ( 596) RtkAudioService64.exe
PID: 1092 (1068) RAVBg64.exe
PID: 1108 ( 596) vpnagent.exe
PID: 1136 ( 596) svchost.exe
 size: 20992
PID: 1224 (1016) wlanext.exe
 size: 77312
PID: 1240 ( 488) conhost.exe
PID: 1308 ( 596) spoolsv.exe
PID: 1368 ( 596) sched.exe
PID: 1592 ( 596) svchost.exe
 size: 20992
PID: 1732 ( 596) TPHKSVC.exe
PID: 1760 ( 596) AcPrfMgrSvc.exe
PID: 1796 (1732) tpnumlk.exe
PID: 1836 ( 596) avguard.exe
PID: 1884 ( 596) apnmcp.exe
PID: 1916 ( 596) AppleMobileDeviceService.exe
PID: 1960 ( 596) mDNSResponder.exe
PID: 2004 ( 596) EvtEng.exe
PID: 1032 ( 596) svchost.exe
 size: 20992
PID: 1528 ( 596) PresentationFontCache.exe
PID: 2104 ( 596) CamMute.exe
PID: 2132 ( 596) micmute.exe
PID: 2152 ( 596) TPKNRSVC.exe
PID: 2196 ( 596) lvvsst.exe
PID: 2432 ( 596) taskhost.exe
PID: 2528 (2484) explorer.exe
 size: 2871808
PID: 2560 (1016) dwm.exe
PID: 2648 ( 596) RegSrvc.exe
PID: 2688 ( 596) psia.exe
PID: 2740 (2196) virtscrl.exe
PID: 2784 (1732) tpnumlkd.exe
PID: 2980 ( 596) svchost.exe
 size: 20992
PID: 3056 ( 596) svchost.exe
 size: 20992
PID: 1544 ( 596) AcSvc.exe
PID: 2344 ( 596) SDWinSec.exe
PID: 2872 ( 736) AcDeskBandHlpr.exe
PID: 2900 ( 736) unsecapp.exe
PID: 3224 ( 736) WmiPrvSE.exe
PID: 3384 (2528) TPOSDSVC.exe
PID: 3392 (2528) TpShocks.exe
PID: 3400 (2528) RAVCpl64.exe
PID: 3412 (2528) hkcmd.exe
PID: 3432 (2528) igfxpers.exe
PID: 3468 (2528) TPKNRRES.exe
PID: 3484 ( 736) igfxsrvc.exe
PID: 3520 (2528) SynTPEnh.exe
PID: 3536 (2528) sidebar.exe
PID: 3564 (2528) BTTray.exe
PID: 3572 (2528) psi_tray.exe
PID: 3760 (3384) TPONSCR.exe
PID: 3784 (3384) TpScrex.exe
PID: 3876 (1544) SvcGuiHlpr.exe
PID: 4036 (3544) rundll32.exe
 size: 44544
PID: 4052 (4036) rundll32.exe
 size: 44544
PID: 3108 ( 736) igfxext.exe
PID: 3624 (3520) SynTPLpr.exe
PID: 3752 (3544) MCPLaunch.exe
PID: 1416 (3544) jusched.exe
PID: 1648 (3544) SSMMgr.exe
PID: 3104 (3544) iTunesHelper.exe
PID: 3076 (3544) avgnt.exe
PID: 4128 (1648) caller64.exe
PID: 4456 (1836) avshadow.exe
PID: 4556 ( 596) SearchIndexer.exe
 size: 427520
PID: 5036 ( 596) sua.exe
PID: 1552 ( 596) iPodService.exe
PID: 3120 (3520) SynTPHelper.exe
PID: 1484 ( 596) OSPPSVC.EXE
PID: 1488 ( 596) btwdins.exe
PID: 4944 ( 596) iviRegMgr.exe
PID: 2280 ( 596) NASvc.exe
PID: 3672 ( 596) SUService.exe
PID: 2456 ( 596) tvt_reg_monitor_svc.exe
PID: 4564 ( 596) wmpnetwk.exe
PID: 4692 ( 596) avwebgrd.exe
PID: 11524 (12156) csrss.exe
PID: 11008 (12156) winlogon.exe
PID:  928 (1732) tpnumlk.exe
PID: 12056 ( 596) C:\Windows\System32\taskhost.exe
PID: 12084 (1016) C:\Windows\System32\dwm.exe
PID: 11992 (2196) virtscrl.exe
PID: 10192 (11964) C:\Windows\explorer.exe
 size: 2871808
  MD5: 332FEAB1435662FC6C672E25BEB37BE3
PID: 12100 (1068) RAVBg64.exe
PID: 12124 (10192) C:\Windows\System32\TpShocks.exe
PID: 11972 (10192) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
 size: 11049576
  MD5: 21DABCD4A7AF0F0F33CB6DD5BE640391
PID: 3652 (10192) C:\Windows\System32\hkcmd.exe
PID: 9148 (10192) C:\Windows\System32\igfxpers.exe
PID: 8272 ( 736) C:\Windows\System32\igfxsrvc.exe
PID: 8820 (10192) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 size: 2097960
  MD5: E24810944B2EB49862D835CA5B7E6E43
PID: 5828 (10192) C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
 size: 1079584
  MD5: AA26F685222B5F1D87CF9860D4FA2A34
PID: 7388 (8820) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
 size: 146216
  MD5: 1F1E89A31CF9CDCDADA81EFAEB303948
PID: 7392 (5632) C:\Windows\System32\rundll32.exe
 size: 44544
  MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 5600 (8820) SynTPHelper.exe
PID: 3744 (5944) C:\Windows\Samsung\PanelMgr\caller64.exe
 size: 306688
  MD5: EC57F3164C58640D13F6F544BD5DB853
PID: 9524 ( 736) C:\Windows\System32\igfxext.exe
PID: 2260 (10192) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
 size: 1424032
  MD5: 17CE336838362CA5408610D5B8072772
PID: 10836 ( 596) svchost.exe
 size: 20992
PID: 9720 (11032) notepad.exe
 size: 193536


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11.10.2013 17:35:00

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://lenovo.msn.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol  0: AVSDA over [MSAFD-Tcpip [TCP/IP]]
        GUID: {F8E8D1E1-492E-4AC2-B830-1E0F6BB22D23}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  1: AVSDA over [MSAFD-Tcpip [UDP/IP]]
        GUID: {B428C49F-5C05-43F8-AEED-476CA1E76595}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  2: AVSDA over [MSAFD-Tcpip [TCP/IPv6]]
        GUID: {B74A360A-37D1-4E17-B569-F71995F11424}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  3: AVSDA over [MSAFD-Tcpip [UDP/IPv6]]
        GUID: {955B220A-C24F-4BA4-8143-96C16047BD30}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  4: AVSDA over [RSVP-TCPv6-Dienstanbieter]
        GUID: {5AEBD619-6AF2-425A-89EA-66877A3E6795}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  5: AVSDA over [RSVP-TCP-Dienstanbieter]
        GUID: {4FBDE27C-B8AE-47BA-A63D-40B1E00BD42F}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  6: AVSDA over [RSVP-UDPv6-Dienstanbieter]
        GUID: {9635B786-7A00-4427-92E2-FDF25A5013F0}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol  7: AVSDA over [RSVP-UDP-Dienstanbieter]
        GUID: {A413B60A-CFF5-44C8-BD4E-09D4C78A53D4}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Protocol 19: AVSDA
        GUID: {14072000-1136-5503-4156-504F504C5350}
    Filename: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Namespace Provider  1: E-Mail-Namenshimanbieter
        GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename: 

Namespace Provider  2: PNRP-Wolken-Namespaceanbieter
        GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 

Namespace Provider  3: PNRP-Namen-Namespaceanbieter
        GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename: 



--- Uninstall list ---


--- System Services ---
Service (registry key): .NET CLR Data
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET CLR Networking
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET CLR Networking 4.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET Data Provider for Oracle
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): .NETFramework
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): 1394ohci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: OHCI-konformer 1394-Hostcontroller
    Image path: \SystemRoot\system32\drivers\1394ohci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ACPI
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft ACPI-Treiber
    Image path: system32\drivers\ACPI.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): AcpiPmi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ACPI-Energieanzeigetreiber
    Image path: \SystemRoot\system32\drivers\acpipmi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): AcPrfMgrSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Object name: LocalSystem
    Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
    Image size: 124264
     Image MD5: 40C186D35C0E307240D6BCA399332B24
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): AcSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Object name: LocalSystem
    Image path: C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
    Image size: 259432
     Image MD5: 51E12E36BDEB10C0D9DBDB1FA4914800
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 1
 Depends On services: RPCSS,winmgmt

Service (registry key): AdobeFlashPlayerUpdateSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Adobe Flash Player Update Service
   Description: Mit diesem Dienst ist Ihre Flash Player-Installation immer aktuell und verwendet die neuesten Verbesserungen und Sicherheits-Fixes.
   Object name: LocalSystem
    Image path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Image size: 257416
     Image MD5: A283108E14F3970432C21AF4C0CB1BCE
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): adp94xx
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): adpahci
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): adpu320
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): adsi
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): AeLookupSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
   Description: @%SystemRoot%\system32\aelupsvc.dll,-2
   Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): AFD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\afd.sys,-1000
   Description: @%systemroot%\system32\drivers\afd.sys,-1000
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): agp440
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel AGP-Bus-Filter
    Image path: \SystemRoot\system32\drivers\agp440.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ALG
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\Alg.exe,-112
   Description: @%SystemRoot%\system32\Alg.exe,-113
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): aliide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\aliide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): amdide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): AmdK8
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: AMD K8 Processor Driver
    Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): AmdPPM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: AMD Processor Driver
    Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): amdsata
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdsata.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): amdsbs
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): amdxata
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\amdxata.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): AntiVirSchedulerService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Avira Planer
   Description: Dienst zur Steuerung von Avira Free Antivirus Prüfaufträgen und Updates.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
    Image size: 84024
     Image MD5: 3EC77A3849350B40D2D9002BA560E554
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): AntiVirService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Avira Echtzeit-Scanner
   Description: Bietet permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
    Image size: 108088
     Image MD5: 1D6D44493488923CF6E82339E189EAD6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): AntiVirWebService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Avira Browser-Schutz
   Description: Bietet Webbrowsern permanenten Schutz vor Viren und Malware mit der Avira Suchengine.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE"
    Image size: 815160
     Image MD5: 6C5595EC0F009EF7D73EBBE11AA33C3D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: AntiVirService

Service (registry key): APNMCP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Ask Aktualisierungsdienst
   Description: Der Ask Aktualisierungsdienst bringt die Ask Toolbar-Software immer auf den neuesten Stand.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe"
    Image size: 168400
     Image MD5: D41231AECFEE88973D56AEC2EE5B962D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): AppID
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\appidsvc.dll,-102
   Description: @%systemroot%\system32\appidsvc.dll,-103
    Image path: \SystemRoot\system32\drivers\appid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: FltMgr,DisCache

Service (registry key): AppIDSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\appidsvc.dll,-100
   Description: @%systemroot%\system32\appidsvc.dll,-101
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,AppID,CryptSvc

Service (registry key): Appinfo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\appinfo.dll,-100
   Description: @%systemroot%\system32\appinfo.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Apple Mobile Device
   Description: Provides the interface to Apple mobile devices.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
    Image size: 57008
     Image MD5: 4FE5C6D40664AE07BE5105874357D2ED
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): AppMgmt
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): arc
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\arc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): arcsas
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): AsyncMac
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32000
   Description: @%systemroot%\system32\rascfg.dll,-32000
    Image path: system32\DRIVERS\asyncmac.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): atapi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: IDE-Kanal
    Image path: system32\drivers\atapi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): AudioEndpointBuilder
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\audiosrv.dll,-204
   Description: @%SystemRoot%\System32\audiosrv.dll,-205
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay

Service (registry key): AudioSrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\audiosrv.dll,-200
   Description: @%SystemRoot%\System32\audiosrv.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): avgntflt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: avgntflt
   Description: Avira mini-filter driver
    Image path: system32\DRIVERS\avgntflt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): avipbb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: avipbb
   Description: Avira Security Enhancement Driver
    Image path: system32\DRIVERS\avipbb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): avkmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: avkmgr
   Description: Avira Manager Driver
    Image path: system32\DRIVERS\avkmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): AxInstSV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
   Description: @%SystemRoot%\system32\AxInstSV.dll,-104
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): b06bdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Broadcom NetXtreme II VBD
    Image path: \SystemRoot\system32\DRIVERS\bxvbda.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): b57nd60a
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
    Image path: system32\DRIVERS\b57nd60a.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BattC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): BDESVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\bdesvc.dll,-100
   Description: @%SystemRoot%\system32\bdesvc.dll,-101
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Beep
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Beep
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): BFE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\bfe.dll,-1001
   Description: @%SystemRoot%\system32\bfe.dll,-1002
   Object name: NT AUTHORITY\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): BITS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\qmgr.dll,-1000
   Description: @%SystemRoot%\system32\qmgr.dll,-1001
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\blbdrive.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): Bonjour Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Dienst "Bonjour"
   Description: Damit können Hardwaregeräte und Softwaredienste im Netzwerk eine automatische Selbstkonfiguration durchführen und ihre Verfügbarkeit anzeigen.
   Object name: LocalSystem
    Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
    Image size: 462184
     Image MD5: EBBCD5DFBB1DE70E8F4AF8FA59E401FD
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): bowser
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\browser.dll,-102
   Description: @%systemroot%\system32\browser.dll,-103
    Image path: system32\DRIVERS\bowser.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): BrFiltLo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother USB Mass-Storage Lower Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrFiltUp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother USB Mass-Storage Upper Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BridgeMP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\bridgeres.dll,-1
    Image path: system32\DRIVERS\bridge.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Browser
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\browser.dll,-100
   Description: @%systemroot%\system32\browser.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother MFC Serial Port Interface Driver (WDM)
    Image path: \SystemRoot\System32\Drivers\Brserid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrSerWdm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother WDM Serial driver
    Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrUsbMdm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother MFC USB Fax Only Modem
    Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BrUsbSer
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Brother MFC USB Serial WDM Driver
    Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BthEnum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Anforderungsblocktreiber
    Image path: \SystemRoot\system32\drivers\BthEnum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BTHMODEM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth Serial Communications Driver
    Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BthPan
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Gerät (PAN)
   Description: Bluetooth-Gerät (PAN)
    Image path: system32\DRIVERS\bthpan.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): BTHPORT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Porttreiber
    Image path: \SystemRoot\System32\Drivers\BTHport.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): bthserv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\bthserv.dll,-101
   Description: @%SystemRoot%\System32\bthserv.dll,-102
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): BTHUSB
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: USB-Treiber für Bluetooth-Funkgerät
    Image path: \SystemRoot\System32\Drivers\BTHUSB.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwaudio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Audiogerät
    Image path: system32\drivers\btwaudio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwavdt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth AVDT
    Image path: system32\DRIVERS\btwavdt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwdins
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth Service
   Description: Dient zum Installieren und Entfernen von Bluetooth-Geräten.
   Object name: LocalSystem
    Image path: C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
    Image size: 864032
     Image MD5: D65AA164ACD0F6706DBCFBBCC9731584
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): btwl2cap
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth L2CAP Service
    Image path: system32\DRIVERS\btwl2cap.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): btwrchid
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\btwrchid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): catchme
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \??\C:\ComboFix\catchme.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): cdfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: CD/DVD File System Reader
   Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
    Image path: system32\DRIVERS\cdfs.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 2
 Error Control: 1
 Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: CD-ROM-Laufwerktreiber
    Image path: \SystemRoot\system32\drivers\cdrom.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): CertPropSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\certprop.dll,-11
   Description: @%SystemRoot%\System32\certprop.dll,-12
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): circlass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Consumer IR Devices
    Image path: \SystemRoot\system32\DRIVERS\circlass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): CLFS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\clfs.sys,-100
   Description: @%SystemRoot%\system32\clfs.sys,-101
    Image path: System32\CLFS.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Image size: 66384
     Image MD5: D88040F816FDA31C3B466F0FA0918F29
   Control Set: CurrentControlSet
         Start: 4
          Type: 16
 Error Control: 0

Service (registry key): clr_optimization_v2.0.50727_64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v2.0.50727_X64
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    Image size: 89920
     Image MD5: D1CEEA2B47CB998321C579651CE3E4F8
   Control Set: CurrentControlSet
         Start: 4
          Type: 16
 Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_32
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    Image size: 130384
     Image MD5: C5A75EB48E2344ABDC162BDA79E16841
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft .NET Framework NGEN v4.0.30319_X64
   Description: Microsoft .NET Framework NGEN
   Object name: LocalSystem
    Image path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    Image size: 138576
     Image MD5: C6F9AF94DCD58122A4D7E89DB6BED29D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): CmBatt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku
    Image path: system32\DRIVERS\CmBatt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): cmdide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\cmdide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): CNG
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\cng.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): Compbatt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Composite Battery-Treiber
    Image path: system32\DRIVERS\compbatt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): CompositeBus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Busenumeratortreiber für Verbundgeräte
    Image path: \SystemRoot\system32\drivers\CompositeBus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): COMSysApp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-947
   Description: @comres.dll,-948
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 7168
     Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Crcdisk Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 1
 Error Control: 1

Service (registry key): crypt32
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): CryptSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
   Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
   Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): DCLocator
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): DcomLaunch
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @oleres.dll,-5012
   Description: @oleres.dll,-5013
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): defragsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\defragsvc.dll,-101
   Description: @%SystemRoot%\system32\defragsvc.dll,-102
   Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS
         

Alt 11.10.2013, 16:49   #13
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



2. Teil Spybot-result:

Code:
ATTFilter
Service (registry key): DfsC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
   Description: @%systemroot%\system32\drivers\dfsc.sys,-102
    Image path: System32\Drivers\dfsc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1
 Depends On services: Mup

Service (registry key): Dhcp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
   Description: @%SystemRoot%\system32\dhcpcore.dll,-101
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: NSI,Tdx,Afd

Service (registry key): discache
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\discache.sys,-102
   Description: @%systemroot%\system32\drivers\discache.sys,-101
    Image path: System32\drivers\discache.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): Disk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Laufwerktreiber
    Image path: system32\DRIVERS\disk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): Dnscache
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\dnsapi.dll,-101
   Description: @%SystemRoot%\System32\dnsapi.dll,-102
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: Tdx,nsi

Service (registry key): dot3svc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\dot3svc.dll,-1102
   Description: @%systemroot%\system32\dot3svc.dll,-1103
   Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): DPS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\dps.dll,-500
   Description: @%systemroot%\system32\dps.dll,-501
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): drmkaud
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Trusted Audio Drivers
    Image path: system32\drivers\drmkaud.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): DXGKrnl
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: LDDM Graphics Subsystem
   Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
    Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): EapHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\eapsvc.dll,-1
   Description: @%systemroot%\system32\eapsvc.dll,-2
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,KeyIso

Service (registry key): ebdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Broadcom NetXtreme II 10 GigE VBD
    Image path: \SystemRoot\system32\DRIVERS\evbda.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): EFS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\efssvc.dll,-100
   Description: @%SystemRoot%\system32\efssvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): ehRecvr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
   Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
   Object name: NT AUTHORITY\networkService
    Image path: %systemroot%\ehome\ehRecvr.exe
    Image size: 696832
     Image MD5: C4002B6B41975F057D98C439030CEA07
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): ehSched
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\ehome\ehsched.exe,-101
   Description: @%SystemRoot%\ehome\ehsched.exe,-102
   Object name: NT AUTHORITY\networkService
    Image path: %systemroot%\ehome\ehsched.exe
    Image size: 127488
     Image MD5: 4705E8EF9934482C5BB488CE28AFC681
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): elxstor
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ErrDev
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-Hardwarefehler-Gerätetreiber
    Image path: \SystemRoot\system32\drivers\errdev.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ESENT
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): eventlog
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
   Description: @%SystemRoot%\system32\wevtsvc.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): EventSystem
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-2450
   Description: @comres.dll,-2451
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): EvtEng
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) PROSet/Wireless Event Log
   Description: Manages the event trace messages for all the Intel® PROSet/Wireless Software components.
   Object name: LocalSystem
    Image path: C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    Image size: 1420560
     Image MD5: 51643EE2712D9212E1E53CA7E8D8EB4A
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): exfat
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: exFAT File System Driver
   Description: exFAT File System Driver
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): fastfat
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: FAT12/16/32 File System Driver
   Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): Fax
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\fxsresm.dll,-118
   Description: @%systemroot%\system32\fxsresm.dll,-122
   Object name: NT AUTHORITY\NetworkService
    Image path: %systemroot%\system32\fxssvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler

Service (registry key): fdc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Floppy Disk Controller Driver
    Image path: \SystemRoot\system32\DRIVERS\fdc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): fdPHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\fdPHost.dll,-100
   Description: @%systemroot%\system32\fdPHost.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,http

Service (registry key): FDResPub
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\fdrespub.dll,-100
   Description: @%systemroot%\system32\fdrespub.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,http

Service (registry key): FileInfo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
   Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
    Image path: system32\drivers\fileinfo.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 2
 Error Control: 1
 Depends On services: fltmgr

Service (registry key): Filetrace
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
   Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
    Image path: system32\drivers\filetrace.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): flpydisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Floppy Disk Driver
    Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): FltMgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
   Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    Image path: system32\drivers\fltmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 2
 Error Control: 3

Service (registry key): FontCache
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\FntCache.dll,-100
   Description: @%systemroot%\system32\FntCache.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): FontCache3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
   Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
   Object name: NT Authority\LocalService
    Image path: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    Image size: 42856
     Image MD5: A8B7F3818AB65695E3A0BB3279F6DCE6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): FsDepends
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
   Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
    Image path: System32\drivers\FsDepends.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 3
 Depends On services: fltmgr

Service (registry key): Fs_Rec
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 8
 Error Control: 0

Service (registry key): fvevol
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
   Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
    Image path: System32\DRIVERS\fvevol.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): gagp30kx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
    Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): GEARAspiWDM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: GEAR ASPI Filter Driver
    Image path: system32\DRIVERS\GEARAspiWDM.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): gpsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @gpapi.dll,-112
   Description: @gpapi.dll,-113
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,Mup

Service (registry key): gusvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Google Updater Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
    Image size: 136120
     Image MD5: C1B577B2169900F4CF7190C39F085794
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): hcw85cir
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Hauppauge Consumer Infrared Receiver
    Image path: \SystemRoot\system32\drivers\hcw85cir.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HdAudAddService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst
    Image path: \SystemRoot\system32\drivers\HdAudio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HDAudBus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-UAA-Bustreiber für High Definition Audio
    Image path: \SystemRoot\system32\drivers\HDAudBus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HidBatt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: HID UPS Battery Driver
    Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HidBth
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Bluetooth HID Miniport
    Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): HidIr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Infrared HID Driver
    Image path: \SystemRoot\system32\DRIVERS\hidir.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): hidserv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\hidserv.dll,-101
   Description: @%SystemRoot%\System32\hidserv.dll,-102
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): HidUsb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft HID Class-Treiber
    Image path: \SystemRoot\system32\drivers\hidusb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): hkmsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\kmsvc.dll,-6
   Description: @%SystemRoot%\system32\kmsvc.dll,-7
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): HomeGroupListener
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\ListSvc.dll,-100
   Description: @%SystemRoot%\System32\ListSvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: LanmanServer

Service (registry key): HomeGroupProvider
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\provsvc.dll,-100
   Description: @%SystemRoot%\System32\provsvc.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: netprofm,fdrespub,fdphost

Service (registry key): HpSAMD
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\HpSAMD.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): HTTP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\http.sys,-1
   Description: @%SystemRoot%\system32\drivers\http.sys,-2
    Image path: system32\drivers\HTTP.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): hwpolicy
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
   Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
    Image path: System32\drivers\hwpolicy.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): i8042prt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: i8042-Tastatur- und PS/2-Mausanschluss-Treiber
    Image path: \SystemRoot\system32\drivers\i8042prt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ialm
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): iaStor
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel AHCI Controller
    Image path: system32\DRIVERS\iaStor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): iaStorV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel RAID-Controller Windows 7
    Image path: \SystemRoot\system32\drivers\iaStorV.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IBMPMDRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\ibmpmdrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): IBMPMSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ThinkPad PM Service
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\ibmpmsvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0

Service (registry key): IDriverT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: InstallDriver Table Manager
   Description: Provides support for the Running Object Table for InstallShield Drivers
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
    Image size: 69632
     Image MD5: DAF66902F08796F9C694901660E5A64A
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0

Service (registry key): idsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
   Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
   Object name: LocalSystem
    Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
    Image size: 856400
     Image MD5: 5988FC40F8DB5B0739CD1E3A5D0D78BD
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): igfx
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\igdkmd64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): iirsp
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IKEEXT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\ikeext.dll,-501
   Description: @%SystemRoot%\system32\ikeext.dll,-502
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: BFE

Service (registry key): inetaccs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): IntcAzAudAddService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Service for Realtek HD Audio (WDM)
    Image path: system32\drivers\RTKVHD64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IntcHdmiAddService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) High Definition Audio HDMI
    Image path: system32\drivers\IntcHdmi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): intelide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\intelide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): intelppm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel-Prozessortreiber
    Image path: system32\DRIVERS\intelppm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IPBusEnum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\IPBusEnum.dll,-102
   Description: @%systemroot%\system32\IPBusEnum.dll,-103
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32013
   Description: @%systemroot%\system32\rascfg.dll,-32013
    Image path: system32\DRIVERS\ipfltdrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): iphlpsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
   Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IPMIDRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IPNAT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: IP Network Address Translator
    Image path: System32\drivers\ipnat.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): iPod Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: iPod-Dienst
   Description: iPod-Hardwareverwaltungsdienste
   Object name: LocalSystem
    Image path: "C:\Program Files\iPod\bin\iPodService.exe"
    Image size: 641352
     Image MD5: 0FF335D687C85097725A53458160E81E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): IRENUM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
   Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
    Image path: system32\drivers\irenum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): isapnp
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\isapnp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): iScsiPrt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: iScsiPort-Treiber
    Image path: \SystemRoot\system32\drivers\msiscsi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): IviRegMgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: IviRegMgr
   Description: InterVideo Register Manager
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
    Image size: 112152
     Image MD5: 213822072085B5BBAD9AF30AB577D817
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): JMCR
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\jmcr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): kbdclass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Tastaturklassentreiber
    Image path: \SystemRoot\system32\drivers\kbdclass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): kbdhid
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Tastatur-HID-Treiber
    Image path: \SystemRoot\system32\drivers\kbdhid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): KeyIso
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @keyiso.dll,-100
   Description: @keyiso.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): KSecDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\ksecdd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): KSecPkg
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\Drivers\ksecpkg.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): ksthunk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Kernel Streaming Thunks
    Image path: \SystemRoot\system32\drivers\ksthunk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): KtmRm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-2946
   Description: @comres.dll,-2947
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\srvsvc.dll,-100
   Description: @%systemroot%\system32\srvsvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-100
   Description: @%systemroot%\system32\wkssvc.dll,-101
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): LENOVO.CAMMUTE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Camera Mute
   Object name: LocalSystem
    Image path: C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
    Image size: 50536
     Image MD5: CAB9C6C37FD0F9612B269349116504B6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): LENOVO.MICMUTE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Microphone Mute
   Object name: LocalSystem
    Image path: C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
    Image size: 45496
     Image MD5: C88EB33793420A79F601FB5E33E2EDD9
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
 Depends On services: TPHKSVC

Service (registry key): lenovo.smi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo System Interface Driver
    Image path: system32\DRIVERS\smiifx64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): LENOVO.TPKNRSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Keyboard Noise Reduction
   Object name: LocalSystem
    Image path: C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
    Image size: 74088
     Image MD5: 04B5F7F44CCB2FAB615C67ED0E6C8323
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): Lenovo.VIRTSCRLSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Auto Scroll
   Object name: LocalSystem
    Image path: C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
    Image size: 93032
     Image MD5: 6F2CC57EB5836D2AC9BD37F3554D55F8
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): lltdio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Link-Layer Topology Discovery Mapper I/O Driver
    Image path: system32\DRIVERS\lltdio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): lltdsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\lltdres.dll,-1
   Description: @%SystemRoot%\system32\lltdres.dll,-2
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss,lltdio

Service (registry key): lmhosts
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
   Description: @%SystemRoot%\system32\lmhsvc.dll,-102
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: NetBT,Afd

Service (registry key): Lsa
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): LSI_FC
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): LSI_SAS
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): LSI_SAS2
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): LSI_SCSI
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): luafv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\luafv.sys,-100
   Description: @%systemroot%\system32\drivers\luafv.sys,-101
    Image path: \SystemRoot\system32\drivers\luafv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): Mcx2Svc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\ehome\ehres.dll,-15501
   Description: @%SystemRoot%\ehome\ehres.dll,-15502
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1
 Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\megasas.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MegaSR
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Microsoft SharePoint Workspace Audit Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft SharePoint Workspace Audit Service
   Object name: NT AUTHORITY\LocalService
    Image path: "C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" /auditservice
    Image size: 50899608
     Image MD5: 358DBCEAED372DD6C4C61AE8E5CAD195
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): MMCSS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\mmcss.dll,-100
   Description: @%systemroot%\system32\mmcss.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): Modem
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\modem.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): monitor
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Monitor-Klassenfunktionstreiber-Dienst
    Image path: system32\DRIVERS\monitor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): mouclass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Mausklassentreiber
    Image path: \SystemRoot\system32\drivers\mouclass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): mouhid
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Maus-HID-Treiber
    Image path: system32\DRIVERS\mouhid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): mountmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
   Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
    Image path: System32\drivers\mountmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): mpio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Multipfad-Bustreiber
    Image path: \SystemRoot\system32\drivers\mpio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): mpsdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
   Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
    Image path: System32\drivers\mpsdrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MpsSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
   Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: mpsdrv,bfe

Service (registry key): MRxDAV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\webclnt.dll,-104
   Description: @%systemroot%\system32\webclnt.dll,-105
    Image path: \SystemRoot\system32\drivers\mrxdav.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: rdbss

Service (registry key): mrxsmb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1002
   Description: @%systemroot%\system32\wkssvc.dll,-1003
    Image path: system32\DRIVERS\mrxsmb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: rdbss

Service (registry key): mrxsmb10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1004
   Description: @%systemroot%\system32\wkssvc.dll,-1005
    Image path: system32\DRIVERS\mrxsmb10.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: mrxsmb

Service (registry key): mrxsmb20
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1006
   Description: @%systemroot%\system32\wkssvc.dll,-1007
    Image path: system32\DRIVERS\mrxsmb20.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: mrxsmb

Service (registry key): msahci
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\msahci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): msdsm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Multipfadgeräte-spezifisches Modul
    Image path: \SystemRoot\system32\drivers\msdsm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSDTC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @comres.dll,-2797
   Description: @comres.dll,-2798
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\msdtc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): MSDTC Bridge 4.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): Msfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1

Service (registry key): mshidkmdf
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
   Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
    Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): msisadrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\drivers\msisadrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): MSiSCSI
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
   Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): msiserver
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\msimsg.dll,-27
   Description: @%SystemRoot%\system32\msimsg.dll,-32
   Object name: LocalSystem
    Image path: %systemroot%\system32\msiexec.exe /V
    Image size: 73216
     Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: rpcss

Service (registry key): MSKSSRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Streaming Service Proxy
    Image path: system32\drivers\MSKSSRV.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSPCLOCK
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Proxy für Streaming Clock
    Image path: system32\drivers\MSPCLOCK.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSPQM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Proxy für Streaming Quality Manager
    Image path: system32\drivers\MSPQM.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MsRPC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MSSCNTRS
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): mssmbios
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-Systemverwaltungs-BIOS-Treiber
    Image path: \SystemRoot\system32\drivers\mssmbios.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): MSTEE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung
    Image path: system32\drivers\MSTEE.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): MTConfig
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Input Configuration Driver
    Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Mup
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\mup.sys,-101
   Description: @%systemroot%\system32\drivers\mup.sys,-102
    Image path: System32\Drivers\mup.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 2
 Error Control: 1

Service (registry key): napagent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\qagentrt.dll,-6
   Description: @%SystemRoot%\system32\qagentrt.dll,-7
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): NativeWifiP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NativeWiFi Filter
    Image path: system32\DRIVERS\nwifi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NAUpdate
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200
   Description: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-201
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Nero\Update\NASvc.exe"
    Image size: 687400
     Image MD5: 934BB0D23A25C8C136570800A5A149B6
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): NDIS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
   Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
    Image path: system32\drivers\ndis.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): NdisCap
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NDIS Capture LightWeight Filter
   Description: NDIS Capture LightWeight Filter
    Image path: system32\DRIVERS\ndiscap.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NdisTapi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32001
   Description: @%systemroot%\system32\rascfg.dll,-32001
    Image path: system32\DRIVERS\ndistapi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Ndisuio
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NDIS Usermode I/O Protocol
    Image path: system32\DRIVERS\ndisuio.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NdisWan
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32002
   Description: @%systemroot%\system32\rascfg.dll,-32002
    Image path: system32\DRIVERS\ndiswan.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NDProxy
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NetBIOS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NetBIOS Interface
   Description: NetBIOS Interface
    Image path: system32\DRIVERS\netbios.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1

Service (registry key): NetBT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
   Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
    Image path: System32\DRIVERS\netbt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1
 Depends On services: Tdx,tcpip

Service (registry key): Netlogon
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\netlogon.dll,-102
   Description: @%SystemRoot%\System32\netlogon.dll,-103
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: LanmanWorkstation

Service (registry key): Netman
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\netman.dll,-109
   Description: @%SystemRoot%\system32\netman.dll,-110
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,nsi

Service (registry key): netprofm
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\netprofm.dll,-202
   Description: @%SystemRoot%\system32\netprofm.dll,-203
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
   Description: @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
   Object name: NT AUTHORITY\LocalService
    Image path: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe"
    Image size: 116560
     Image MD5: 3E5A36127E201DDF663176B66828FAFE
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1

Service (registry key): NETw5s64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit
    Image path: system32\DRIVERS\NETw5s64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): netw5v64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit
    Image path: system32\DRIVERS\netw5v64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): nfrd960
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): NlaSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\nlasvc.dll,-1
   Description: @%SystemRoot%\System32\nlasvc.dll,-2
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: NSI,RpcSs,TcpIp

Service (registry key): Npfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1

Service (registry key): nsi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\nsisvc.dll,-200
   Description: @%SystemRoot%\system32\nsisvc.dll,-201
   Object name: NT Authority\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: nsiproxy

Service (registry key): nsiproxy
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
   Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
    Image path: system32\drivers\nsiproxy.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): NTDS
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): Ntfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): Null
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): nvraid
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\nvraid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): nvstor
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\nvstor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): nv_agp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: NVIDIA nForce AGP-Busfilter
    Image path: \SystemRoot\system32\drivers\nv_agp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ohci1394
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: OHCI-konformer 1394-Hostcontroller (alt)
    Image path: \SystemRoot\system32\drivers\ohci1394.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ose64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Office 64 Source Engine
   Description: Speichert Installationsdateien, die für Updates und Reparieren verwendet werden, und ist zum Herunterladen von Setup-Updates und Watson-Fehlerberichten erforderlich.
   Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    Image size: 174440
     Image MD5: 4965B005492CBA7719E82B71E3245495
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): osppsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Office Software Protection Platform
   Description: Office Software Protection Platform Service (unlocalized description)
   Object name: NT AUTHORITY\NetworkService
    Image path: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
    Image size: 4925184
     Image MD5: 61BFFB5F57AD12F83AB64B7181829B34
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): Outlook
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): p2pimsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
   Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): p2psvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
   Description: @%SystemRoot%\system32\p2psvc.dll,-8007
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Parallel port driver
    Image path: \SystemRoot\system32\DRIVERS\parport.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): partmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
   Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
    Image path: System32\drivers\partmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): PcaSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pcasvc.dll,-1
   Description: @%SystemRoot%\system32\pcasvc.dll,-2
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): PCDSRVC{127174DC-C366ED8B-06020101}_0
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver
    Image path: \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): pci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PCI-Bus-Treiber
    Image path: system32\drivers\pci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): pciide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\pciide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): pcmcia
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): pcw
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Performance Counters for Windows Driver
    Image path: System32\drivers\pcw.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): PEAUTH
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PEAUTH
    Image path: system32\drivers\peauth.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): PerfDisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): PerfHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\sysWow64\perfhost.exe,-2
   Description: @%systemroot%\SysWow64\perfhost.exe,-1
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\SysWow64\perfhost.exe
    Image size: 20992
     Image MD5: E495E408C93141E8FC72DC0C6046DDFA
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): PerfNet
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): PerfOS
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): PerfProc
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): pla
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\pla.dll,-500
   Description: @%systemroot%\system32\pla.dll,-501
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): PlugPlay
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
   Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): PNRPAutoReg
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
   Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: pnrpsvc

Service (registry key): PNRPsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
   Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: p2pimsvc

Service (registry key): PolicyAgent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\polstore.dll,-5010
   Description: @%SystemRoot%\system32\polstore.dll,-5011
   Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: Tcpip,bfe

Service (registry key): PortProxy
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): Power
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\umpo.dll,-100
   Description: @%SystemRoot%\system32\umpo.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): Power Manager DBC Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Power Manager DBC Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE"
    Image size: 75112
     Image MD5: BAC02775CF629E5FE80BEA952F4448EF
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: SENS

Service (registry key): PptpMiniport
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32006
   Description: @%systemroot%\system32\rascfg.dll,-32006
    Image path: system32\DRIVERS\raspptp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Processor
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Processor Driver
    Image path: \SystemRoot\system32\DRIVERS\processr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ProfSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\profsvc.dll,-300
   Description: @%systemroot%\system32\profsvc.dll,-301
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): ProtectedStorage
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\psbase.dll,-300
   Description: @%systemroot%\system32\psbase.dll,-301
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): psadd
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Lenovo Parties Service Access Device Driver
    Image path: system32\DRIVERS\psadd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Psched
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
   Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
    Image path: system32\DRIVERS\pacer.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): PSI
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PSI
   Description: PSI mini-filter driver
    Image path: system32\DRIVERS\psi_mf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: FltMgr

Service (registry key): PxHlpa64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: PxHlpa64
    Image path: System32\Drivers\PxHlpa64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): ql2300
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ql40xx
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): QWAVE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\qwave.dll,-1
   Description: @%SystemRoot%\system32\qwave.dll,-2
   Object name: NT AUTHORITY\LocalService
    Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
   Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
    Image path: \SystemRoot\system32\drivers\qwavedrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasAcd
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Remote Access Auto Connection Driver
   Description: Remote Access Auto Connection Driver
    Image path: System32\DRIVERS\rasacd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasAgileVpn
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WAN Miniport (IKEv2)
   Description: WAN Miniport (IKEv2)
    Image path: system32\DRIVERS\AgileVpn.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasAuto
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\rasauto.dll,-200
   Description: @%Systemroot%\system32\rasauto.dll,-201
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RasMan,TapiSrv,RasAcd

Service (registry key): Rasl2tp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32005
   Description: @%systemroot%\system32\rascfg.dll,-32005
    Image path: system32\DRIVERS\rasl2tp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasMan
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\rasmans.dll,-200
   Description: @%Systemroot%\system32\rasmans.dll,-201
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32007
   Description: @%systemroot%\system32\rascfg.dll,-32007
    Image path: system32\DRIVERS\raspppoe.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RasSstp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\sstpsvc.dll,-202
   Description: @%systemroot%\system32\sstpsvc.dll,-202
    Image path: system32\DRIVERS\rassstp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): rdbss
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wkssvc.dll,-1000
   Description: @%systemroot%\system32\wkssvc.dll,-1001
    Image path: system32\DRIVERS\rdbss.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 2
 Error Control: 1
 Depends On services: Mup

Service (registry key): rdpbus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Remote Desktop Device Redirector Bus Driver
    Image path: \SystemRoot\system32\DRIVERS\rdpbus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): RDPCDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
   Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
    Image path: System32\DRIVERS\RDPCDD.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): RDPDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): RDPENCDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
   Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
    Image path: system32\drivers\rdpencdd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): RDPNP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drprov.dll,-100
   Description: @%systemroot%\system32\drprov.dll,-101
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): RDPREFMP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
   Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
    Image path: system32\drivers\rdprefmp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): RDPWD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: RDP Winstation Driver
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): rdyboost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ReadyBoost
   Description: ReadyBoost
    Image path: System32\drivers\rdyboost.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): RegSrvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Intel(R) PROSet/Wireless Registry Service
   Description: Provides registry access to all Intel® PROSet/Wireless Software components
   Object name: LocalSystem
    Image path: C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    Image size: 831760
     Image MD5: 3B71B5B91E7DCA93585D5A86C897ADC4
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): RemoteAccess
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\mprdim.dll,-200
   Description: @%Systemroot%\system32\mprdim.dll,-201
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 4
          Type: 32
 Error Control: 1
 Depends On services: RpcSS,Bfe,RasMan,Http
 Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @regsvc.dll,-1
   Description: @regsvc.dll,-2
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k regsvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): RFCOMM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
   Description: Bluetooth-Gerät (RFCOMM-Protokoll-TDI)
    Image path: system32\DRIVERS\rfcomm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Roxio UPnP Renderer 10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Roxio UPnP Renderer 10
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe"
    Image size: 313840
     Image MD5: 14A99FD851272C73B758546EF8F0E641
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 0

Service (registry key): Roxio Upnp Server 10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Roxio Upnp Server 10
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe"
    Image size: 362992
     Image MD5: BA917F2F2BD5033E70823797C73CDFCB
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0

Service (registry key): RoxLiveShare10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: LiveShare P2P Server 10
   Description: Allows remote users to view through WEB browsers your authorized multimedia content managed by Roxio Media Manager9.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe"
    Image size: 309744
     Image MD5: 8986D20CF294D794A79FB18FF697B68B
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): RoxMediaDB10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: RoxMediaDB10
   Description: Roxio RoxMediaDB10 Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe"
    Image size: 1124848
     Image MD5: D8C44229EB2495E774350529ED9BE08D
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 0

Service (registry key): RoxWatch10
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Roxio Hard Drive Watcher 10
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe"
    Image size: 166384
     Image MD5: 53716357F4B3C99112CF0A21932C5688
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 0

Service (registry key): RpcEptMapper
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%windir%\system32\RpcEpMap.dll,-1001
   Description: @%windir%\system32\RpcEpMap.dll,-1002
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): RpcLocator
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\Locator.exe,-2
   Description: @%systemroot%\system32\Locator.exe,-3
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\locator.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): RpcSs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @oleres.dll,-5010
   Description: @oleres.dll,-5011
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k rpcss
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcEptMapper,DcomLaunch

Service (registry key): rspndr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Link-Layer Topology Discovery Responder
    Image path: system32\DRIVERS\rspndr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): RtkAudioService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Realtek Audio Service
   Description: To check external HDMI device availability, HDMI device audio capability and update HDMI device capability into audio control panel
   Object name: LocalSystem
    Image path: C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    Image size: 199272
     Image MD5: 24452CCCC3808B5AB0341A384BB72200
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): RTL8167
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Realtek 8167 NT Driver
    Image path: system32\DRIVERS\Rt64win7.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SamSs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\samsrv.dll,-1
   Description: @%SystemRoot%\system32\samsrv.dll,-2
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): sbp2port
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Bustreiber für SBP2-Transport/Protokoll
    Image path: \SystemRoot\system32\drivers\sbp2port.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SBSDWSCService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SBSD Security Center Service
   Object name: LocalSystem
    Image path: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    Image size: 1153368
     Image MD5: 794D4B48DFB6E999537C7C3947863463
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: wscsvc

Service (registry key): SCardSvr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
   Description: @%SystemRoot%\System32\SCardSvr.dll,-5
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay

Service (registry key): scfilter
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
   Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
    Image path: System32\DRIVERS\scfilter.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Schedule
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\schedsvc.dll,-100
   Description: @%SystemRoot%\system32\schedsvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\certprop.dll,-13
   Description: @%SystemRoot%\System32\certprop.dll,-14
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): sdbus
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\sdbus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SDRSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
   Description: @%SystemRoot%\system32\sdrsvc.dll,-102
   Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): secdrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Security Driver
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): seclogon
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\seclogon.dll,-7001
   Description: @%SystemRoot%\system32\seclogon.dll,-7000
   Object name: LocalSystem
    Image path: %windir%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): Secunia PSI Agent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Secunia PSI Agent
   Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service
    Image size: 993848
     Image MD5: 2D0599DD0124764FC939C59985C860DE
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): Secunia Update Agent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Secunia Update Agent
   Description: Performs routine software inspections of the system, the results of which can be seen in your Secunia Customer Area account
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service
    Image size: 399416
     Image MD5: 20B9E1ADBC58958B480933E4DA005DFB
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1

Service (registry key): SENS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\Sens.dll,-200
   Description: @%SystemRoot%\system32\Sens.dll,-201
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: EventSystem

Service (registry key): SensrSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\sensrsvc.dll,-1000
   Description: @%SystemRoot%\System32\sensrsvc.dll,-1001
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Serenum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Serenum Filter Driver
    Image path: \SystemRoot\system32\DRIVERS\serenum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Serial
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\serial.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): sermouse
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Serial Mouse Driver
    Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): SessionEnv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
   Description: @%SystemRoot%\System32\SessEnv.dll,-1027
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SFF-Speicherklassentreiber
    Image path: \SystemRoot\system32\drivers\sffdisk.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
         

Geändert von PeterPan3 (11.10.2013 um 17:00 Uhr)

Alt 11.10.2013, 17:01   #14
PeterPan3
 
Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



3. und letzter Teil spybot-result:

Code:
ATTFilter
Service (registry key): sffp_mmc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SFF-Speicherprotokolltreiber für MMC
    Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): sffp_sd
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SFF-Speicherprotokolltreiber für SDBus
    Image path: \SystemRoot\system32\drivers\sffp_sd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): sfloppy
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: High-Capacity Floppy Disk Drive
    Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SharedAccess
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
   Description: @%SystemRoot%\system32\ipnathlp.dll,-107
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
   Description: @%SystemRoot%\System32\shsvcs.dll,-12289
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 0
 Depends On services: RpcSs

Service (registry key): Shockprf
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\Apsx64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): SiSRaid2
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SiSRaid4
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SkypeUpdate
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Skype Updater
   Description: Enables the detection, download and installation of updates for Skype.
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Skype\Updater\Updater.exe"
    Image size: 160944
     Image MD5: F07AF60B152221472FBDB2FECEC4896D
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0
 Depends On services: RpcSs

Service (registry key): Smb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
   Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
    Image path: system32\DRIVERS\smb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): SMSvcHost 4.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): SNMPTRAP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\snmptrap.exe,-3
   Description: @%SystemRoot%\system32\snmptrap.exe,-4
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\snmptrap.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): spldr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Security Processor Loader Driver
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): Spooler
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\spoolsv.exe,-1
   Description: @%systemroot%\system32\spoolsv.exe,-2
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\spoolsv.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 272
 Error Control: 1
 Depends On services: RPCSS,http

Service (registry key): sppsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sppsvc.exe,-101
   Description: @%SystemRoot%\system32\sppsvc.exe,-100
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\sppsvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): sppuinotify
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
   Description: @%SystemRoot%\system32\sppuinotify.dll,-102
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: EventSystem

Service (registry key): srv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\srvsvc.dll,-102
   Description: @%systemroot%\system32\srvsvc.dll,-103
    Image path: System32\DRIVERS\srv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: srv2

Service (registry key): srv2
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\srvsvc.dll,-104
   Description: @%systemroot%\system32\srvsvc.dll,-105
    Image path: System32\DRIVERS\srv2.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1
 Depends On services: srvnet

Service (registry key): SrvHsfHDA
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\VSTAZL6.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): SrvHsfV92
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\VSTDPV6.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): SrvHsfWinac
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\VSTCNXT6.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): srvnet
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\DRIVERS\srvnet.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): SSDPSRV
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\ssdpsrv.dll,-100
   Description: @%systemroot%\system32\ssdpsrv.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: HTTP

Service (registry key): SSPORT
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: SSPORT
    Image path: \??\C:\Windows\system32\Drivers\SSPORT.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1

Service (registry key): SstpSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
   Description: @%SystemRoot%\system32\sstpsvc.dll,-201
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): stexstor
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): stisvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wiaservc.dll,-9
   Description: @%SystemRoot%\system32\wiaservc.dll,-10
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RpcSs,ShellHWDetection

Service (registry key): stllssvr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: stllssvr
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe"
    Image size: 74392
     Image MD5: FF5EB78AF7DFB68C2FB363537AAF753E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 0

Service (registry key): SUService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: System Update
   Description: ThinkVantage System Update
   Object name: LocalSystem
    Image path: "c:\Program Files (x86)\Lenovo\System Update\SUService.exe"
    Image size: 28672
     Image MD5: 7F7958C5B40F9441D1E8D704310D46FF
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: winmgmt

Service (registry key): swenum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Software-Bus-Treiber
    Image path: \SystemRoot\system32\drivers\swenum.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): swprv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\swprv.dll,-103
   Description: @%SystemRoot%\System32\swprv.dll,-102
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k swprv
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): SynTP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Synaptics TouchPad Driver
    Image path: system32\DRIVERS\SynTP.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): SysMain
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\sysmain.dll,-1000
   Description: @%SystemRoot%\system32\sysmain.dll,-1001
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 0
 Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\TabSvc.dll,-100
   Description: @%SystemRoot%\system32\TabSvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
   Description: @%SystemRoot%\system32\tapisrv.dll,-10101
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tbssvc.dll,-100
   Description: @%SystemRoot%\system32\tbssvc.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): Tcpip
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
   Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
    Image path: System32\drivers\tcpip.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): TCPIP6
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft IPv6 Protocol Driver
   Description: Microsoft IPv6 Protocol Driver
    Image path: system32\DRIVERS\tcpip.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): TCPIP6TUNNEL
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): tcpipreg
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TCP/IP Registry Compatibility
   Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
    Image path: System32\drivers\tcpipreg.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 1
 Error Control: 1
 Depends On services: tcpip

Service (registry key): TCPIPTUNNEL
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): TDPIPE
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TDPIPE
    Image path: system32\drivers\tdpipe.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): TDTCP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TDTCP
    Image path: system32\drivers\tdtcp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): tdx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
   Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
    Image path: system32\DRIVERS\tdx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): TermDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Terminal-Gerätetreiber
    Image path: \SystemRoot\system32\drivers\termdd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): TermService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\termsrv.dll,-268
   Description: @%SystemRoot%\System32\termsrv.dll,-267
   Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,TermDD

Service (registry key): Themes
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\themeservice.dll,-8192
   Description: @%SystemRoot%\System32\themeservice.dll,-8193
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): ThinkVantage Registry Monitor Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ThinkVantage Registry Monitor Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe"
    Image size: 1019904
     Image MD5: 39AC444E07FDBD8C2E8E291A65D515D3
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): THREADORDER
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\mmcss.dll,-102
   Description: @%systemroot%\system32\mmcss.dll,-103
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): TPDIGIMN
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Description: APS Digitizer Activity Monitor
    Image path: System32\DRIVERS\ApsHM64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): TPHDEXLGSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: ThinkPad HDD APS Logging Service
   Object name: LocalSystem
    Image path: System32\TPHDEXLG64.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): TPHKSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Anzeige am Bildschirm
   Object name: LocalSystem
    Image path: C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
    Image size: 63928
     Image MD5: 2CF225E19490F499528B926263FE4554
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 0

Service (registry key): TPM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TPM
   Description: TPM Driver
    Image path: system32\drivers\tpm.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): TPPWRIF
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: System32\drivers\Tppwr64v.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): TrkWks
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\trkwks.dll,-1
   Description: @%SystemRoot%\system32\trkwks.dll,-2
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): TrustedInstaller
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
   Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
   Object name: localSystem
    Image path: %SystemRoot%\servicing\TrustedInstaller.exe
    Image size: 194048
     Image MD5: 773212B2AAA24C1E31F10246B15B276C
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): TSDDD
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): tssecsrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
   Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
    Image path: System32\DRIVERS\tssecsrv.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): TsUsbFlt
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1000
    Image path: system32\drivers\tsusbflt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): tunnel
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft-Tunnelminiport-Adaptertreiber
    Image path: system32\DRIVERS\tunnel.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): TVT Backup Service
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: TVT Backup Service
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe"
    Image size: 1475896
     Image MD5: 003AFB1490828615B041849ABB40EAA1
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 0

Service (registry key): uagp35
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft AGPv3.5 Filter
    Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): udfs
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: udfs
   Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
    Image path: system32\DRIVERS\udfs.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 4
          Type: 2
 Error Control: 1

Service (registry key): UGatherer
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): UGTHRSVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): UI0Detect
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\ui0detect.exe,-101
   Description: @%SystemRoot%\system32\ui0detect.exe,-102
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\UI0Detect.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 272
 Error Control: 1

Service (registry key): uliagpkx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Uli AGP-Bus-Filter
    Image path: \SystemRoot\system32\drivers\uliagpkx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): umbus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: UMBusenumerator-Treiber
    Image path: \SystemRoot\system32\drivers\umbus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): UmPass
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft UMPass Driver
    Image path: \SystemRoot\system32\DRIVERS\umpass.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): upnphost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\upnphost.dll,-213
   Description: @%systemroot%\system32\upnphost.dll,-214
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: SSDPSRV,HTTP

Service (registry key): USBAAPL64
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Apple Mobile USB Driver
    Image path: System32\Drivers\usbaapl64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbccgp
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Standard-USB-Haupttreiber
    Image path: system32\DRIVERS\usbccgp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbcir
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: eHome-Infrarotempfänger (USBCIR)
    Image path: \SystemRoot\system32\drivers\usbcir.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbehci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller
    Image path: system32\DRIVERS\usbehci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbhub
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft USB-Standardhubtreiber
    Image path: system32\DRIVERS\usbhub.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbohci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Miniporttreiber für Microsoft USB Open Host-Controller
    Image path: \SystemRoot\system32\drivers\usbohci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbprint
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft USB-Druckerklasse
    Image path: system32\DRIVERS\usbprint.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): USBSTOR
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: USB-Massenspeichertreiber
    Image path: system32\DRIVERS\USBSTOR.SYS
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbuhci
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Miniporttreiber für universellen Microsoft USB-Hostcontroller
    Image path: system32\DRIVERS\usbuhci.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): usbvideo
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: USB-Videogerät (WDM)
    Image path: \SystemRoot\System32\Drivers\usbvideo.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): UxSms
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\dwm.exe,-2000
   Description: @%SystemRoot%\system32\dwm.exe,-2001
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1

Service (registry key): VaultSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
   Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\lsass.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): vdrvroot
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Enumerator-Treiber für Microsoft Virtual Drive
    Image path: system32\drivers\vdrvroot.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): vds
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\vds.exe,-100
   Description: @%SystemRoot%\system32\vds.exe,-112
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\vds.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RpcSs,PlugPlay

Service (registry key): vga
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\vgapnp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 0

Service (registry key): VgaSave
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\System32\drivers\vga.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 0

Service (registry key): vhdmp
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\vhdmp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): viaide
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\viaide.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 3

Service (registry key): volmgr
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Treiber für Volume-Manager
    Image path: system32\drivers\volmgr.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): volmgrx
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
   Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
    Image path: System32\drivers\volmgrx.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): volsnap
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Speichervolumes
    Image path: system32\drivers\volsnap.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 3

Service (registry key): vpnagent
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Cisco AnyConnect VPN Agent
   Description: Cisco AnyConnect VPN Agent for Windows
   Object name: LocalSystem
    Image path: "C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe"
    Image size: 603896
     Image MD5: 34756733F0480D68E519E80E22E05D12
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: Tcpip

Service (registry key): vpnva
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Image path: system32\DRIVERS\vpnva64.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): vsmraid
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): VSS
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\vssvc.exe,-102
   Description: @%systemroot%\system32\vssvc.exe,-101
   Object name: LocalSystem
    Image path: %systemroot%\system32\vssvc.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): vwifibus
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Virtueller WiFi-Bustreiber
   Description: Virtueller WiFi-Bustreiber
    Image path: system32\DRIVERS\vwifibus.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): vwififlt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Virtual WiFi Filter Driver
   Description: Virtual WiFi Filter Driver
    Image path: system32\DRIVERS\vwififlt.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): W32Time
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\w32time.dll,-200
   Description: @%SystemRoot%\system32\w32time.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): W3SVC
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): WacomPen
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Wacom Serial Pen HID Driver
    Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): WANARP
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32011
   Description: @%systemroot%\system32\rascfg.dll,-32011
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Wanarpv6
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\rascfg.dll,-32012
   Description: @%systemroot%\system32\rascfg.dll,-32012
    Image path: system32\DRIVERS\wanarp.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): wbengine
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wbengine.exe,-104
   Description: @%systemroot%\system32\wbengine.exe,-105
   Object name: localSystem
    Image path: "%systemroot%\system32\wbengine.exe"
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): WbioSrvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wbiosrvc.dll,-100
   Description: @%systemroot%\system32\wbiosrvc.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,VaultSvc,WUDFSvc

Service (registry key): wcncsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
   Description: @%SystemRoot%\system32\wcncsvc.dll,-4
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): WcsPlugInService
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
   Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): Wd
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\DRIVERS\wd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Wdf01000
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
    Image path: system32\drivers\Wdf01000.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 0
          Type: 1
 Error Control: 1

Service (registry key): WdiServiceHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wdi.dll,-502
   Description: @%systemroot%\system32\wdi.dll,-503
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): WdiSystemHost
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wdi.dll,-500
   Description: @%systemroot%\system32\wdi.dll,-501
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): WebClient
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\webclnt.dll,-100
   Description: @%systemroot%\system32\webclnt.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: MRxDAV

Service (registry key): Wecsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wecsvc.dll,-200
   Description: @%SystemRoot%\system32\wecsvc.dll,-201
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: HTTP,Eventlog

Service (registry key): wercplsupport
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
   Description: @%SystemRoot%\System32\wercplsupport.dll,-100
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1

Service (registry key): WerSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wersvc.dll,-100
   Description: @%SystemRoot%\System32\wersvc.dll,-101
   Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 0

Service (registry key): WfpLwf
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WFP Lightweight Filter
   Description: WFP Lightweight Filter
    Image path: system32\DRIVERS\wfplwf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): WIMMount
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WIMMount
   Description: WIM Image mount service driver
    Image path: system32\drivers\wimmount.sys
    Image size: 19008
     Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
   Control Set: CurrentControlSet
         Start: 3
          Type: 2
 Error Control: 1

Service (registry key): WinDefend
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
   Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
   Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): WinHttpAutoProxySvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\winhttp.dll,-100
   Description: @%SystemRoot%\system32\winhttp.dll,-101
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: Dhcp

Service (registry key): Winmgmt
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
   Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
   Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 0
 Depends On services: RPCSS

Service (registry key): WinRM
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\wsmsvc.dll,-101
   Description: @%Systemroot%\system32\wsmsvc.dll,-102
   Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RPCSS,HTTP

Service (registry key): Winsock
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 3
          Type: 4
 Error Control: 1

Service (registry key): WinSock2
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): WinUsb
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: WinUsb
    Image path: system32\DRIVERS\WinUsb.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): Wlansvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wlansvc.dll,-257
   Description: @%SystemRoot%\System32\wlansvc.dll,-258
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Microsoft Windows Management Interface for ACPI
    Image path: \SystemRoot\system32\drivers\wmiacpi.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): WmiApRpl
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): wmiApSrv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
   Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
   Object name: localSystem
    Image path: %systemroot%\system32\wbem\WmiApSrv.exe
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 16
 Error Control: 1

Service (registry key): WMPNetworkSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
   Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
   Object name: NT AUTHORITY\NetworkService
    Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: http

Service (registry key): WPCSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
   Description: @%SystemRoot%\system32\wpcsvc.dll,-101
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): WPDBusEnum
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
   Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: RpcSs

Service (registry key): ws2ifsl
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung
   Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
    Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 1
          Type: 1
 Error Control: 1

Service (registry key): wscsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wscsvc.dll,-200
   Description: @%SystemRoot%\System32\wscsvc.dll,-201
   Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: RpcSs,winmgmt

Service (registry key): WSearch
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\SearchIndexer.exe,-103
   Description: @%systemroot%\system32\SearchIndexer.exe,-104
   Object name: LocalSystem
    Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
    Image size: 427520
     Image MD5: 236F286E103FD44BD85FDD93097FD5DD
   Control Set: CurrentControlSet
         Start: 2
          Type: 16
 Error Control: 1
 Depends On services: RPCSS

Service (registry key): WSearchIdxPi
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): wuauserv
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%systemroot%\system32\wuaueng.dll,-105
   Description: @%systemroot%\system32\wuaueng.dll,-106
   Object name: LocalSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 2
          Type: 32
 Error Control: 1
 Depends On services: rpcss

Service (registry key): WudfPf
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
    Image path: system32\drivers\WudfPf.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): WUDFRd
 Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: system32\DRIVERS\WUDFRd.sys
    Image size: 0
     Image MD5: D41D8CD98F00B204E9800998ECF8427E
   Control Set: CurrentControlSet
         Start: 3
          Type: 1
 Error Control: 1

Service (registry key): wudfsvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
   Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
   Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,WudfPf

Service (registry key): WwanSvc
 Registry path: \SYSTEM\CurrentControlSet\Services\
  Display name: @%SystemRoot%\System32\wwansvc.dll,-257
   Description: @%SystemRoot%\System32\wwansvc.dll,-258
   Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 20992
     Image MD5: 54A47F6B5E09A77E61649109C6A08866
   Control Set: CurrentControlSet
         Start: 3
          Type: 32
 Error Control: 1
 Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc

Service (registry key): xmlprov
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {5AD29A40-F331-4821-9CC5-70729D07D4AD}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {B39160C2-8AE5-4CC7-A88C-EB64E0E7E411}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {D07D5F26-17E3-4D04-B6FA-74D8C7645EB5}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0

Service (registry key): {FCEDB62C-4188-4CBA-AAF4-EAAD9581F5C0}
 Registry path: \SYSTEM\CurrentControlSet\Services\
   Control Set: CurrentControlSet
         Start: 0
          Type: 0
 Error Control: 0
         

Alt 12.10.2013, 14:54   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Windows7, Spybot findet multiple Malware - Standard

Windows7, Spybot findet multiple Malware



Java, Adobe, Firefox und Thunderbird updaten.

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.


Spybot wird eigentlisch shcon lange nimmer empfohlen.

Lass die Funde mal löschen, dann ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Windows7, Spybot findet multiple Malware
4d36e972-e325-11ce-bfc1-08002be10318, avira, avira searchfree toolbar, bildschirm, excel, farbar, farbar recovery scan tool, flash player, malware, pdfforge toolbar, pup.optional.bandoo.a, pup.optional.datamngr.a, pup.optional.digitalsite.a, pup.optional.installcore, pup.optional.searchqu, pwmtr64v.dll, safer networking, scan, services.exe, svchost.exe, system, viren, windows



Ähnliche Themen: Windows7, Spybot findet multiple Malware


  1. Spybot findet win32.downloader.gen
    Plagegeister aller Art und deren Bekämpfung - 13.09.2015 (9)
  2. Scan mit Spybot & Destroy findet Malware
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (9)
  3. Windows7; SpyBot findet Win32.downloader.gen
    Log-Analyse und Auswertung - 05.10.2013 (19)
  4. Windows7: Malwarebytes findet 8 infizierte Dateien
    Log-Analyse und Auswertung - 19.09.2013 (9)
  5. ESET findet "multiple threats" trotz grünem Licht von MalwareBytes, AdwCleaner und JRT
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  6. multiple Malware: Live Security Platinum, SpyHunter
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (22)
  7. Antivir findet 9 Viren, malware findet nichts mehr
    Plagegeister aller Art und deren Bekämpfung - 28.05.2012 (18)
  8. Viren, Trojaner, Malware auf meinem PC. AntiVir findet, löscht und findet wieder.
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (6)
  9. Spybot findet mehr als 30 Einträge :(
    Log-Analyse und Auswertung - 17.05.2009 (2)
  10. Spybot findet win32.agent.sd
    Plagegeister aller Art und deren Bekämpfung - 21.11.2008 (1)
  11. Spy Eraser findet Adware.CWS, Malware - Avira findet HEUR/HTML.Malware
    Log-Analyse und Auswertung - 20.10.2008 (1)
  12. Escan findet multiple Viren + Malware
    Plagegeister aller Art und deren Bekämpfung - 23.08.2007 (7)
  13. Spybot findet Winantivirus Pro 2006
    Log-Analyse und Auswertung - 31.01.2007 (1)
  14. Spybot findet immer die gleichen Sachen !
    Antiviren-, Firewall- und andere Schutzprogramme - 21.10.2006 (7)
  15. Spybot findet dauerdn gleiche Einträge
    Antiviren-, Firewall- und andere Schutzprogramme - 27.10.2005 (25)
  16. Spybot S&D v.1.3 findet....
    Plagegeister aller Art und deren Bekämpfung - 02.09.2004 (8)
  17. spybot findet netspy
    Plagegeister aller Art und deren Bekämpfung - 14.07.2004 (4)

Zum Thema Windows7, Spybot findet multiple Malware - Hallo Zusammen, Nach längerer Zeit habe ich nun erstmals mein Spybot über mein System laufen lassen. Leider zeigten sich unzählige Viren bzw. Malware, woraufhin ich hiermit Eure Hilfe ersuche. Wie - Windows7, Spybot findet multiple Malware...
Archiv
Du betrachtest: Windows7, Spybot findet multiple Malware auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.