Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   win32.katusha.o (https://www.trojaner-board.de/100001-win32-katusha-o.html)

Fabo63 06.06.2011 12:29
win32.katusha.o
 
Hallo,

vielleicht könnt ihr mir weiter helfen... (VISTA)
Hab mir den oben genannten trojaner eingefangen (entdeckt via Spybot).

Dann mal hier rumgeschaut...
hab mir dann "Malwarebytes' Anti-Malware und OTL runtergeladen"

Ergebnis ist... und was dann?

OTL.TxtOTL Logfile:
Code:
OTL logfile created on: 06.06.2011 13:02:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Fabo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 389,68 Mb Available Physical Memory | 38,14% Memory free
2,26 Gb Paging File | 1,00 Gb Available in Paging File | 44,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 17,74 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive D: | 45,22 Gb Total Space | 44,01 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FABO-PC | User Name: Fabo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fabo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
Extras.Txt
OTL Extras logfile created on: 06.06.2011 13:02:25 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Fabo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 389,68 Mb Available Physical Memory | 38,14% Memory free
2,26 Gb Paging File | 1,00 Gb Available in Paging File | 44,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 17,74 Gb Free Space | 10,19% Space Free | Partition Type: NTFS
Drive D: | 45,22 Gb Total Space | 44,01 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FABO-PC | User Name: Fabo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0413632B-5EC7-4525-984D-B745E8E9596E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aolsoftware.exe |
"{2EBBD3A2-D382-4047-ABCE-60F97E1D43EC}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{39582C3D-2398-4EAD-94C9-29A4B2CB004B}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{3A346966-F733-4DCE-95B7-0DC55CAE854F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{551A332E-82B1-45F2-B6D0-E47BED548AE3}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5655B0B8-D57C-4388-88D6-74B1E92C880E}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{6A77C70C-8523-446B-B008-2725B1B3294E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aim6.exe |
"{945C6A96-6390-46BB-8DB5-D5744336E980}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aim6.exe |
"{976F9394-DAB8-451E-A656-F5FCECA878AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{9A1346DA-79A3-4815-89AD-D589E433A227}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AA4E11D7-C8C6-4D1B-9AF8-83056C2D7627}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{D8BE13D5-79E3-41F0-B6E6-BBF4DD0B5F95}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FC07AB1A-3917-45F7-876B-AEA12098652C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177871231\ee\aolsoftware.exe |
"TCP Query User{04490357-D608-4212-8D0E-4A55A183C010}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{2EE760C8-70A6-473B-A736-6B8919B1B588}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{37649102-D229-46FF-87F7-3D74E6C03399}C:\program files\free internet tv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\free internet tv\internettv.exe |
"TCP Query User{454BCF0B-29E4-499B-81C3-93B9A46D99E6}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"TCP Query User{48AFD5EA-3F9F-4ADF-AB37-4D027C4B1870}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{51C6A75A-821A-4F89-BDB8-5928F4FBAC0D}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{5A03C68E-FD00-422C-A637-D74CEF077410}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{662EE09E-C16F-4B24-B76F-D5733D2BAC9A}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{92406D0F-B784-4F3C-BC9A-C7D236B91D52}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"TCP Query User{B1A5991D-2C13-47CC-82A0-1F90D77F5EBF}C:\program files\kazaa lite\clean.kmd" = protocol=6 | dir=in | app=c:\program files\kazaa lite\clean.kmd |
"TCP Query User{BA3AA1AC-877E-4A6F-AEA4-6B8F014C025A}C:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe |
"TCP Query User{CEB34E3A-A70D-4A34-A744-FC37CC43C500}C:\program files\ea sports\madden nfl 08\updater.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\madden nfl 08\updater.exe |
"TCP Query User{D5D4BB1E-E7D2-48D3-BD37-6B2D0B945BD1}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{05B3CF6C-4AD3-4212-8255-CBD07843C2D2}C:\program files\ea sports\madden nfl 08\updater.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\madden nfl 08\updater.exe |
"UDP Query User{11E1B6AE-5FAB-468C-89B1-6203E03CC73A}C:\program files\free internet tv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\free internet tv\internettv.exe |
"UDP Query User{17FF0DE8-6738-42B6-8645-C3665DC21A7C}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{1DB50B4D-DD9F-46CD-B91B-EB3C45EBFA1A}C:\program files\microsoft games\age of empires\empiresx.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empiresx.exe |
"UDP Query User{5B32CA34-B22C-4FA2-B005-77E26324CE8B}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{7CBA7D46-87E3-48F3-9282-F2CDC31CF8FA}C:\program files\bearshare applications\bearshare\bearshare.exe" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe |
"UDP Query User{823F02A0-F177-4B1D-A8D2-33CBE3E2C6F5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8AA04F9D-E1B0-4363-9030-C6A31EAE9754}C:\program files\kazaa lite\clean.kmd" = protocol=17 | dir=in | app=c:\program files\kazaa lite\clean.kmd |
"UDP Query User{996614CB-998A-49DC-90D6-B56CDE926997}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{A7FCD5BB-38AF-4C13-890A-C653F4CCA63A}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{BDBFF406-9967-4924-B254-8F4D87F4A6EC}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{CE2A3224-CD67-4456-B379-F452045703BF}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{E7E9CFF8-33E2-4C9A-9BA7-248FED0D4756}C:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\users\fabo\appdata\roaming\sopcast\adv\sopadver.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AAC464A-4164-48CB-0080-EDA41ADE7D44}" = Madden NFL 08
"{538A1AE6-5D8B-4BF1-B1B3-AE14FDE21C09}" = Test_OnlineDiagnostic
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CA70204D-9437-4646-942E-8172F62F96AD}" = Garmin City Navigator Europe NT 2011.30 Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DC1674-B5E8-4364-009E-B350048DD006}" = NHL 2005
"{DCFFB64E-A757-4430-A455-B947F029BFD4}" = Roxio WinOnCD 9 Basic
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 4.49 beta
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Age of Empires" = Microsoft Age of Empires
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Backgammon_v0.3.2" = Backgammon-v0.3.2
"Billiard Art_is1" = Billiard Art
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.9.33.426
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NVIDIA Drivers" = NVIDIA Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TVEpaDrv" = Conrad Electronic USB 2860 Device Driver
"TVUPlayer" = TVUPlayer 2.4.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WinRAR archiver" = WinRAR archiver
"X264 H.264/AVC Video Codec" = X264 H.264/AVC Video Codec (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2008 18:14:00 | Computer Name = Fabo-PC | Source = H+BEDV AntiVir | ID = 4118
Description =
 
Error - 13.03.2008 18:14:18 | Computer Name = Fabo-PC | Source = H+BEDV AntiVir | ID = 4118
Description =
 
Error - 13.03.2008 18:35:55 | Computer Name = Fabo-PC | Source = H+BEDV AntiVir | ID = 4118
Description =
 
Error - 22.03.2008 16:13:13 | Computer Name = Fabo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.8.20080.20121, Zeitstempel
0x47a4062e, fehlerhaftes Modul nss3.dll, Version 3.11.5.0, Zeitstempel 0x47a40804,
Ausnahmecode 0xc0000005, Fehleroffset 0x000306df, Prozess-ID 0xa1c, Anwendungsstartzeit
01c88c4ab4b3e3a6.
 
Error - 22.03.2008 20:05:48 | Computer Name = Fabo-PC | Source = Application Hang | ID = 1002
Description = Programm msnmsgr.exe, Version 8.5.1302.1018 arbeitet nicht mehr mit
Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 8d8 Anfangszeit: 01c88c7978a5edab Zeitpunkt
der Beendigung: 67
 
Error - 22.03.2008 20:25:09 | Computer Name = Fabo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.04.2008 11:21:09 | Computer Name = Fabo-PC | Source = Application Hang | ID = 1002
Description = Programm wmplayer.exe, Version 11.0.6000.6344 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1204 Anfangszeit: 01c894d5245e2e68 Zeitpunkt
der Beendigung: 9
 
Error - 03.04.2008 11:09:22 | Computer Name = Fabo-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 05.04.2008 07:52:38 | Computer Name = Fabo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aolsoftware.exe, Version 1.4.16.3, Zeitstempel
0x4447c056, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x00061ad5, Prozess-ID 0xe6c, Anwendungsstartzeit
01c89713470b2348.
 
Error - 05.04.2008 07:53:08 | Computer Name = Fabo-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung aolsoftware.exe, Version 1.4.16.3, Zeitstempel
0x4447c056, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000005, Fehleroffset 0x000627af, Prozess-ID 0xe6c, Anwendungsstartzeit
01c89713470b2348.
 
[ System Events ]
Error - 25.05.2011 00:06:14 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.05.2011 um 00:53:27 unerwartet heruntergefahren.
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 25.05.2011 17:09:08 | Computer Name = Fabo-PC | Source = Service Control Manager | ID = 7031
Description =
 
Error - 26.05.2011 11:08:30 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.05.2011 um 17:01:47 unerwartet heruntergefahren.
 
Error - 26.05.2011 14:27:02 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 26.05.2011 um 20:23:14 unerwartet heruntergefahren.
 
Error - 27.05.2011 00:14:10 | Computer Name = Fabo-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 27.05.2011 um 06:09:10 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---

cosinus 06.06.2011 19:49
Zitat:
Hab mir den oben genannten trojaner eingefangen (entdeckt via Spybot).
Logdatei dazu posten. Auch bitte alle von Malwarebytes

Fabo63 06.06.2011 20:44
--- Search result list ---
Win32.Katusha.o: [SBI $D40E955A] Bibliothek (Datei, nothing done)
C:\Windows\System32\wsnmp32d.dll
Properties.size=28672
Properties.md5=CAD9D400FB09E5824AF153D363BA075B
Properties.filedate=1303431353
Properties.filedatetext=2011-04-22 02:15:52


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-10 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-05-17 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-05-16 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-05-24 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-05-24 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2011-02-24 Includes\Security.sbi (*)
2011-05-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-05-10 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2011-05-17 Includes\Trojans.sbi (*)
2011-05-11 Includes\TrojansC-02.sbi (*)
2011-05-11 Includes\TrojansC-03.sbi (*)
2011-05-24 Includes\TrojansC-04.sbi (*)
2011-05-25 Includes\TrojansC-05.sbi (*)
2011-05-24 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows Vista (Build: 6002) Service Pack 2 (6.0.6002)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 40368
MD5: 7EBAC86F13F61D132126A8EA40E282EE

Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 98616
MD5: EA9DFB81DD12D32FFA1F2A6BB12C0677

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 281768
MD5: 61941D4566C3B09F377E0E1A97BD0D9A

Located: HK_LM:Run, Corel Photo Downloader
command: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
file: C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
size: 106496
MD5: 283BF06355AE4D20D818420F0A695354

Located: HK_LM:Run, ISUSScheduler
command: "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
file: c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 421160
MD5: 638C728F21CCC7EC4F8517A212C34353

Located: HK_LM:Run, MsgCenterExe
command: "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
file: C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
file: C:\Windows\system32\NvCpl.dll
size: 7766016
MD5: 87D69B4E2FA8F6B7D771A29ED94B3C8D

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
file: C:\Windows\system32\NvMcTray.dll
size: 81920
MD5: 2EC6C09A4E1546A7C20A82D662ADE6F3

Located: HK_LM:Run, NvSvc
command: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
file: C:\Windows\system32\nvsvc.dll
size: 90191
MD5: 05A03974FA07394DCC5419C6235750CD

Located: HK_LM:Run, QuickFinder Scheduler
command: "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
file: C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE
size: 77892
MD5: 7D8D4D216F2D68019D5EFABDFF093A23

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F

Located: HK_LM:Run, RtHDVCpl
command: RtHDVCpl.exe
file: C:\Windows\RtHDVCpl.exe
size: 4317184
MD5: A086B1BDCCA45A5D346187B14BE3D7BC

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Windows Defender
command: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
file: C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E

Located: HK_CU:Run, ehTray.exe
where: S-1-5-21-3180720396-1922566386-2137624434-1000...
command: C:\Windows\ehome\ehTray.exe
file: C:\Windows\ehome\ehTray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C

Located: HK_CU:Run, EPSON Stylus DX7400 Series
where: S-1-5-21-3180720396-1922566386-2137624434-1000...
command: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\Windows\TEMP\E_S291B.tmp" /EF "HKCU"
file: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
size: 182272
MD5: 9AD31D8018B72E1013CFD012619E0232

Located: HK_CU:Run, ISUSPM Startup
where: S-1-5-21-3180720396-1922566386-2137624434-1000...
command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
size: 249856
MD5: 1C46FC1AB600766B8554580204806E84

Located: HK_CU:Run, Sidebar
where: S-1-5-21-3180720396-1922566386-2137624434-1000...
command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
file: C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3180720396-1922566386-2137624434-1000...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887

Located: HK_CU:Run, Uniblue RegistryBooster 2
where: S-1-5-21-3180720396-1922566386-2137624434-1000...
command: c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
file: c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (allgemein), PHOTOfunSTUDIO -viewer-.lnk
where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
file: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
size: 40960
MD5: 2240A1A5973B31F9D050C137BD5794EA

Located: Startup (Benutzer), OpenOffice.org 3.0.lnk
where: C:\Users\Fabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
command: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
file: C:\Program Files\OpenOffice.org 3\program\quickstart.exe
size: 384000
MD5: 9C8D9866C818AC54B71BE86B3193A1A3



--- Browser helper object list ---
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 09.03.2010 05:33:40
Date (last access): 30.03.2010 22:32:10
Date (last write): 09.03.2010 05:33:40
Filesize: 41760
Attributes: archive
MD5: 1B9245C09E475DC5AA522CAE5809E659
CRC32: 23F45B66
Version: 6.0.190.4

{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: EpsonToolBandKicker Class
Path: C:\Program Files\EPSON\EPSON Web-To-Page\
Long name: EPSON Web-To-Page.dll
Short name: EPSONW~1.DLL
Date (created): 06.02.2008 23:51:26
Date (last access): 06.02.2008 23:51:26
Date (last write): 21.02.2005 22:50:34
Filesize: 368640
Attributes: archive
MD5: 01319CF4030B3740BA8261E7024ACAD1
CRC32: D484DB79
Version: 1.1.0.0



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_19
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11.12.2008 22:56:30
Date (last access): 09.03.2010 04:29:16
Date (last write): 09.03.2010 04:28:24
Filesize: 108320
Attributes: archive
MD5: 012CEBF724A4A67673B6F4A0ADD0165D
CRC32: 10745532
Version: 6.0.190.4

{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_19
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 11.12.2008 22:56:30
Date (last access): 09.03.2010 04:29:16
Date (last write): 09.03.2010 04:28:24
Filesize: 108320
Attributes: archive
MD5: 012CEBF724A4A67673B6F4A0ADD0165D
CRC32: 10745532
Version: 6.0.190.4

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_19
Installer:
Codebase: hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_19.dll
Short name: NPJPI1~1.DLL
Date (created): 09.03.2010 02:16:14
Date (last access): 09.03.2074 04:29:28
Date (last write): 09.03.2010 04:28:22
Filesize: 136992
Attributes: archive
MD5: BF86AAF1E914C153F32A9ACD04C91918
CRC32: 4660C324
Version: 6.0.190.4

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\Windows\system32\Macromed\Flash\
Long name: Flash9d.ocx
Short name:
Date (created): 11.06.2007 13:04:32
Date (last access): 11.06.2007 13:04:32
Date (last write): 11.06.2007 13:04:32
Filesize: 2267368
Attributes: readonly archive
MD5: B01E2A41389FBA42B7B5A026EA88C9B7
CRC32: 8980B6EC
Version: 9.0.47.0



--- Process list ---
PID: 2648 (1172) C:\Windows\system32\Dwm.exe
size: 81920
MD5: 01DD1004181FD46ECDC3628228EB269D
PID: 2684 (2632) C:\Windows\Explorer.EXE
size: 2926592
MD5: D07D4C3038F3578FFCE1C0237F2A1253
PID: 2696 (1184) C:\Windows\system32\taskeng.exe
size: 171520
MD5: 3D50C4B10352367D5CB20ED1F50F8DA2
PID: 2928 (2684) C:\Program Files\Windows Defender\MSASCui.exe
size: 1008184
MD5: 0D392EDE3B97E0B3131B2F63EF1DB94E
PID: 2940 (2684) C:\Windows\RtHDVCpl.exe
size: 4317184
MD5: A086B1BDCCA45A5D346187B14BE3D7BC
PID: 2948 (2684) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
size: 81920
MD5: 7D58C9BDF9C0A3955BDCDE7387AD12AC
PID: 2972 (2684) C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
size: 106496
MD5: 283BF06355AE4D20D818420F0A695354
PID: 3016 (2684) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 98616
MD5: EA9DFB81DD12D32FFA1F2A6BB12C0677
PID: 3024 (2684) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
size: 281768
MD5: 61941D4566C3B09F377E0E1A97BD0D9A
PID: 3268 ( 840) C:\Windows\System32\mobsync.exe
size: 95744
MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
PID: 3368 (2684) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
PID: 3504 (2684) C:\Program Files\iTunes\iTunesHelper.exe
size: 421160
MD5: 638C728F21CCC7EC4F8517A212C34353
PID: 3512 (2684) C:\Program Files\Windows Sidebar\sidebar.exe
size: 1233920
MD5: 9E35FF7F943AE0FB89192BFE058B7FD4
PID: 3528 (2684) C:\Windows\ehome\ehtray.exe
size: 125952
MD5: BF08674925F151BD4537B89A493E3E0C
PID: 3592 (2684) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2260480
MD5: 390679F7A217A5E73D756276C40AE887
PID: 3608 (2980) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 4B555106290BD117334E9A08761C035A
PID: 3636 (3268) C:\Program Files\Windows Media Player\wmplayer.exe
size: 168960
MD5: 2D821AFA5A1A9CA7F9F997A1AAD09E72
PID: 3756 (2684) C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
size: 40960
MD5: 2240A1A5973B31F9D050C137BD5794EA
PID: 3772 ( 840) C:\Windows\ehome\ehmsas.exe
size: 37376
MD5: 0F4195B9B348DE5CF9B822F81704B20E
PID: 4036 (3796) C:\Program Files\OpenOffice.org 3\program\soffice.exe
size: 7424000
MD5: 76DAC52F7A6D3AD3C8307D012ACF46CE
PID: 3248 (4036) C:\Program Files\OpenOffice.org 3\program\soffice.bin
size: 7418368
MD5: EEBF2F715C02C8A6CE6DBE844DD1B4E3
PID: 3348 (2684) C:\Program Files\Mozilla Firefox\firefox.exe
size: 912344
MD5: D938FB6915EA338BDFC0DCF8773634C5
PID: 1136 (3348) C:\Program Files\Mozilla Firefox\plugin-container.exe
size: 16856
MD5: E68C1EFDA668BFF3E2023C72E9EF7A93
PID: 2612 (2684) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 436 ( 4) smss.exe
size: 64000
PID: 536 ( 524) csrss.exe
size: 6144
PID: 584 ( 524) wininit.exe
size: 96768
PID: 596 ( 576) csrss.exe
size: 6144
PID: 628 ( 584) services.exe
size: 279552
PID: 644 ( 584) lsass.exe
size: 9728
PID: 652 ( 584) lsm.exe
size: 229888
PID: 704 ( 576) winlogon.exe
size: 314368
PID: 840 ( 628) svchost.exe
size: 21504
PID: 964 ( 628) svchost.exe
size: 21504
PID: 1016 ( 628) svchost.exe
size: 21504
PID: 1092 ( 628) svchost.exe
size: 21504
PID: 1172 ( 628) svchost.exe
size: 21504
PID: 1184 ( 628) svchost.exe
size: 21504
PID: 1252 (1092) audiodg.exe
size: 88576
PID: 1284 ( 628) svchost.exe
size: 21504
PID: 1308 ( 628) SLsvc.exe
size: 3408896
PID: 1360 ( 628) svchost.exe
size: 21504
PID: 1544 ( 628) svchost.exe
size: 21504
PID: 1748 ( 628) spoolsv.exe
size: 128000
PID: 1772 ( 628) sched.exe
PID: 1788 ( 628) svchost.exe
size: 21504
PID: 2024 ( 628) ACService.exe
PID: 208 ( 628) avguard.exe
PID: 272 ( 628) AppleMobileDeviceService.exe
PID: 300 ( 628) mDNSResponder.exe
PID: 280 ( 628) svchost.exe
size: 21504
PID: 540 ( 628) svchost.exe
size: 21504
PID: 524 ( 208) avshadow.exe
PID: 1208 ( 628) TestHandler.exe
PID: 1532 ( 628) svchost.exe
size: 21504
PID: 824 ( 628) SearchIndexer.exe
size: 441344
PID: 2056 ( 628) SDWinSec.exe
PID: 2376 (1172) WUDFHost.exe
size: 142336
PID: 3936 (1184) taskeng.exe
size: 171520
PID: 4016 ( 628) iPodService.exe
PID: 3392 ( 628) svchost.exe
size: 21504
PID: 2248 ( 824) SearchProtocolHost.exe
size: 185344
PID: 2164 ( 824) SearchFilterHost.exe
size: 87552


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 06.06.2011 21:32:55

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
hxxp://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://www.google.de/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://de.search.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\System32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
hxxp://de.yahoo.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
hxxp://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
hxxp://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Namespace Provider 1: E-Mail-Namenshimanbieter
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP-Wolken-Namespaceanbieter
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP-Namen-Namespaceanbieter
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:



--- Uninstall list ---
7-Zip 4.49 beta (7-Zip)
uninstall cmd: "C:\Program Files\7-Zip\Uninstall.exe"

EA SPORTS online 2008 (82A44D22-9452-49FB-00FB-CEC7DCAF7E23)
uninstall cmd: C:\Program Files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe

AC3Filter (remove only) (AC3Filter)
uninstall cmd: C:\Program Files\AC3Filter\uninstall.exe

(AddressBook)

Adobe Flash Player 10 Plugin 10.3.181.14 (Adobe Flash Player Plugin)
version (major): 10
version (minor): 3
estimated size: 6144
uninstall cmd: C:\Windows\system32\Macromed\Flash\FlashUtil10q_Plugin.exe -maintain plugin
publisher: Adobe Systems Incorporated
help link: hxxp://www.adobe.com/go/flashplayer_support/

Adobe Shockwave Player 11.5 11.5.9.620 (Adobe Shockwave Player)
version (major): 11
version (minor): 1
install location: C:\Windows\system32\Adobe
uninstall cmd: "C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
publisher: Adobe Systems, Inc.
help link: hxxp://www.adobe.com/support/shockwave

Microsoft Age of Empires (Age of Empires)
uninstall cmd: C:\Program Files\Microsoft Games\Age of Empires\Uninstal.exe /uninstall

Microsoft Age of Empires II (Age of Empires 2.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall

Microsoft Age of Empires Expansion (Age of Empires Expansion 1.0)
uninstall cmd: "C:\Program Files\Microsoft Games\Age of Empires\UNINSTX.EXE" /runtemp

Avira AntiVir Personal - Free Antivirus 10.0.0.648 (Avira AntiVir Desktop)
version (major): 10
estimated size: 61268
install location: C:\Program Files\Avira\AntiVir Desktop\
uninstall cmd: C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
publisher: Avira GmbH
help link: hxxp://www.avira.de/personal-support

Backgammon-v0.3.2 (Backgammon_v0.3.2)
uninstall cmd: "C:\Program Files\Backgammon-v0.3.2\uninstall.exe"

(bearsharetb)

Billiard Art 1.0 (Billiard Art_is1)
install date: 20090119
install location: C:\Program Files\Net-Games.biz\Billiard Art\
uninstall cmd: "C:\Program Files\Net-Games.biz\Billiard Art\unins000.exe"
publisher: MyPlayCity, Inc.
help link: hxxp://www.MyPlayCity.com/support

(Connection Manager)

(DirectDrawEx)

(DXM_Runtime)

EPSON-Drucker-Software (EPSON Printer and Utilities)
uninstall cmd: C:\Windows\system32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
publisher: SEIKO EPSON Corporation

EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Program Files\epson\escndv\setup\setup.exe /r

EPSON Stylus CX7300_CX8300_DX7400_DX8400 Handbuch (EPSON Stylus CX7300_CX8300_DX7400_DX8400 Benutzerhandbuch)
install location: C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\DEU\USE_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\DEU\USE_G\DOCUNINS.EXE

(Fontcore)

Free Studio version 5.0.9 (Free Studio_is1)
install date: 20110519
install location: C:\Program Files\DVDVideoSoft\Free Studio\
uninstall cmd: "C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
publisher: DVDVideoSoft Limited.

Free YouTube to iPod Converter version 3.9.33.426 (Free YouTube to iPod Converter_is1)
install date: 20110503
install location: C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\
uninstall cmd: "C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
publisher: DVDVideoSoft Limited.

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

EPSON Attach To Email 1.01.0000 (InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1108
install date: 20080206
install location: C:\Program Files\EPSON\Creativity Suite\Attach To Email\
install source: F:\COMMON\CreativitySuite\AttachToEmail\
uninstall cmd: C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
publisher: SEIKO EPSON
comments: Attach To Email - Email support app
help link: hxxp://www.epson.com/

Security Update for CAPICOM (KB931906) 2.1.0.2 (KB931906)
uninstall cmd: MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation
help link: hxxp://support.microsoft.com?kbid=931906

Malwarebytes' Anti-Malware Version 1.51.0.1200 1.51.0.1200 (Malwarebytes' Anti-Malware_is1)
install date: 20110606
install location: C:\Program Files\Malwarebytes' Anti-Malware\
uninstall cmd: "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
publisher: Malwarebytes Corporation

Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (Microsoft .NET Framework 3.5 Language Pack SP1 - deu)
install location: C:\Windows\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
publisher: Microsoft Corporation
help link: hxxp://go.microsoft.com/fwlink/?LinkId=120337

Microsoft .NET Framework 3.5 SP1 (Microsoft .NET Framework 3.5 SP1)
install location: C:\Windows\Microsoft.NET\Framework\v3.5\
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
publisher: Microsoft Corporation
help link: hxxp://go.microsoft.com/fwlink/?LinkId=120337

Microsoft .NET Framework 4 Client Profile 4.0.30319 (Microsoft .NET Framework 4 Client Profile)
estimated size: 39732
install location: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
publisher: Microsoft Corporation
readme: hxxp://go.microsoft.com/fwlink/?LinkId=164156

Microsoft .NET Framework 4 Client Profile DEU Language Pack 4.0.30319 (Microsoft .NET Framework 4 Client Profile DEU Language Pack)
estimated size: 3010
install location: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1031 /parameterfolder ClientLP
publisher: Microsoft Corporation
readme: hxxp://go.microsoft.com/fwlink/?LinkId=164156

(MobileOptionPack)

Mozilla Firefox (3.6.17) 3.6.17 (de) (Mozilla Firefox (3.6.17))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

(MPlayer2)

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\Windows\system32\NVUNINST.EXE UninstallGUI

(SchedulingAgent)

(Shockwave)

Adobe Flash Player 9 ActiveX 9 (ShockwaveFlash)
uninstall cmd: C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
publisher: Adobe Systems
help link: hxxp://www.adobe.com/go/flashplayer_support/

Conrad Electronic USB 2860 Device Driver (TVEpaDrv)
uninstall cmd: C:\Windows\emunist.exe

TVUPlayer 2.4.9.1 2.4.9.1 (TVUPlayer)
uninstall cmd: C:\Program Files\TVUPlayer\uninst.exe
publisher: TVU networks

Uninstall 1.0.0.1 (Uninstall_is1)
install date: 20110519
install location: C:\Program Files\Common Files\DVDVideoSoft\
uninstall cmd: "C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"

Viewpoint Media Player (ViewpointMediaPlayer)
uninstall cmd: C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u

VLC media player 1.0.5 1.0.5 (VLC media player)
install location: C:\Program Files\VideoLAN\VLC
uninstall cmd: C:\Program Files\VideoLAN\VLC\uninstall.exe
publisher: VideoLAN Team

VIA Rhine-Family Fast-Ethernet Adapter (VN_VUIns_Rhine_VIA)
uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

(WIC)

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

X264 H.264/AVC Video Codec (remove only) (X264 H.264/AVC Video Codec)
uninstall cmd: "C:\Windows\system32\x264-uninstall.exe"

3.3.0 ({0394CDC8-FABD-4ed8-B104-03393876DFDF})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 354
install date: 20070215
install source: c:\WinOnCD\RCP_TOOLS_33\
uninstall cmd: MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
publisher: Roxio

Microsoft .NET Framework 3.5 Language Pack SP1 - deu 3.5.30729 ({052FDD78-A6EA-3187-8386-C82F4CA3A929})
version: 50690057
version (major): 3
version (minor): 5
estimated size: 8991
install date: 20090822
install source: d:\cc6da2e01bacb5482f6b590330\
uninstall cmd: MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
publisher: Microsoft Corporation

4.0 ({0D330013-4A99-46D6-83C6-2C959C68DBFF})
version: 67108864
version (major): 4
estimated size: 1696
install date: 20070215
install source: c:\WinOnCD\DVDINFOPRO_40\
uninstall cmd: MsiExec.exe /I{0D330013-4A99-46D6-83C6-2C959C68DBFF}
publisher: Roxio

3.3.0 ({0D397393-9B50-4c52-84D5-77E344289F87})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 993
install date: 20070215
install source: c:\WinOnCD\RCP_DATA_33\
uninstall cmd: MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
publisher: Roxio

Security Update for CAPICOM (KB931906) 2.1.0.2 ({0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 770
install date: 20080309
install source: C:\Windows\TEMP\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
publisher: Microsoft Corporation

3.3.0 ({11F93B4B-48F0-4A4E-AE77-DFA96A99664B})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 1546
install date: 20070215
install source: c:\WinOnCD\RCP_EASYARCHIVE_33\
uninstall cmd: MsiExec.exe /I{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
publisher: Roxio

Corel Paint Shop Pro X 10.01 ({1A15507A-8551-4626-915D-3D5FA095CC1B})
version: 167837696
version (major): 10
version (minor): 1
estimated size: 175104
install date: 20070215
install location: c:\Program Files\Corel\Corel Paint Shop Pro X\
install source: c:\PC_Suite_2007\PaintShopProX\
uninstall cmd: MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
publisher: Corel Inc
comments: Installiert Paint Shop Pro X
contact: Corel Kundenservice
help link: hxxp://www.corel.com/support
help telephone: USA: 1-800-772-6735; Außerhalb der USA: +441628 581601, GB: 0870 774 0202
readme: c:\Program Files\Corel\Corel Paint Shop Pro X\readme.html

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 9.0.30729.4148 ({1F1C2DFC-2D24-3E06-BCB8-725134ADF989})
version: 151025673
version (major): 9
estimated size: 590
install date: 20100408
install source: d:\fc560bf2bf8fc04d373bbb6e41\
uninstall cmd: MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
publisher: Microsoft Corporation

EPSON Attach To Email 1.01.0000 ({20C45B32-5AB6-46A4-94EF-58950CAF05E5})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 1108
install date: 20080206
install location: C:\Program Files\EPSON\Creativity Suite\Attach To Email\
install source: F:\COMMON\CreativitySuite\AttachToEmail\
publisher: SEIKO EPSON
comments: Attach To Email - Email support app
help link: hxxp://www.epson.com/

Java(TM) 6 Update 19 6.0.190 ({26A24AE4-039D-4CA4-87B4-2F83216011FF})
version: 100663406
version (major): 6
estimated size: 96644
install date: 20081211
install location: C:\Program Files\Java\jre6\
install source: C:\Users\Fabo\AppData\LocalLow\Sun\Java\jre1.6.0_11\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
publisher: Sun Microsystems, Inc.
contact: hxxp://java.com
help link: hxxp://java.com
readme: C:\Program Files\Java\jre6\README.txt

({26A24AE4-039D-4CA4-87B4-2F83216013FB})

({26A24AE4-039D-4CA4-87B4-2F83216015FB})

({26A24AE4-039D-4CA4-87B4-2F83216017FB})

({26A24AE4-039D-4CA4-87B4-2F83216019FB})

EPSON Scan Assistant 1.10.00 ({2A88F1BF-7041-4E42-84B1-6B4ACB83AC64})
version: 17432576
install location: C:\Program Files\EPSON\Creativity Suite\Scan Assistant
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x7 -u

7.1.20101113b1 ({2CCBABCB-6427-4A55-B091-49864623C43F})
version (major): 7
version (minor): 1

EPSON File Manager 1.3.0.0 ({2EB81825-E9EE-44F4-8F51-1240C3898DC6})
version: 16973824
install location: C:\Program Files\EPSON\Creativity Suite\File Manager
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x7 UNINST

Roxio Drag-to-Disc 9.0 ({2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668})
version: 150994944
version (major): 9
estimated size: 8174
install date: 20070215
install source: c:\WinOnCD\D2D32_90\
uninstall cmd: MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
publisher: Roxio

iTunes 10.2.2.12 ({353FE16B-30FE-469A-BF55-B978F4218003})
version: 167903234
version (major): 10
version (minor): 2
estimated size: 147371
install date: 20110426
install location: C:\Program Files\iTunes\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{353FE16B-30FE-469A-BF55-B978F4218003}
publisher: Apple Inc.
contact: AppleCare Support
help link: hxxp://www.apple.com/de/support/
help telephone: 01805 009 433

1.0 ({35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0})
version: 16777216
version (major): 1
estimated size: 8202
install date: 20070215
install source: c:\WinOnCD\ACTIVATION_103\
uninstall cmd: MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
publisher: Roxio

Microsoft .NET Framework 4 Client Profile 4.0.30319 ({3C3901C5-3455-3E0A-A214-0B093A5070A6})
version: 67139183
version (major): 4
estimated size: 565012
install date: 20110421
install source: C:\Users\Fabo\AppData\Local\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319\
uninstall cmd: MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
publisher: Microsoft Corporation
readme: hxxp://go.microsoft.com/fwlink/?LinkId=164156

({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2160841)

({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2162169)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) 1 ({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708)
uninstall cmd: C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {3E0806DB-3085-378A-840A-F0D3AE3609D1} /parameterfolder Client
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 4 Client Profile.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit hxxp://support.microsoft.com/kb/2446708.
help link: hxxp://support.microsoft.com/kb/2446708

({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871)

({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2473228)

({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478063)

({3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663)

EPSON Easy Photo Print 1.5.0.0 ({3D78F2A2-C893-4ABD-B5FE-AD7011837755})
version: 17104896
install location: C:\Program Files\EPSON\Creativity Suite\Easy Photo Print
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x7 UNINST
publisher: SEIKO EPSON CORPORATION

ArcSoft Software Suite ({497A1721-088F-41EF-8876-B43C9DA5528B})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{497A1721-088F-41EF-8876-B43C9DA5528B}\Setup.exe" -l0x7
publisher: ArcSoft

Java Auto Updater 2.0.2.1 ({4A03706F-666A-4037-7777-5F2748764D10})
version: 33554434
version (major): 2
estimated size: 1197
install date: 20100330
install source: C:\Users\Fabo\AppData\LocalLow\Sun\Java\AU\
publisher: Sun Microsystems, Inc.

Madden NFL 08 ({4AAC464A-4164-48CB-0080-EDA41ADE7D44})
uninstall cmd: C:\Program Files\EA Sports\Madden NFL 08\EAUninstall.exe
publisher: Electronic Arts

Test_OnlineDiagnostic 1.00.0000 ({538A1AE6-5D8B-4BF1-B1B3-AE14FDE21C09})
version: 16777216
version (major): 1
estimated size: 4680
install date: 20070215
install location: C:\firststeps\
install source: C:\FirstSteps\
uninstall cmd: MsiExec.exe /I{538A1AE6-5D8B-4BF1-B1B3-AE14FDE21C09}
publisher: Ihr Firmenname

WordPerfect Office X3 13.0 ({54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8})
version: 218103808
version (major): 13
estimated size: 569276
install date: 20070215
install location: C:\Program Files\WordPerfect Office X3\
install source: C:\PC_Suite_2007\WordPerfectOfficeX3\WPOX3\
uninstall cmd: MsiExec.exe /I{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}
publisher: Corel Corporation
comments: Installiert WordPerfect Office X3
contact: Corel Kundendienst
help link: hxxp://www.corel.com/support

QuickTime 7.69.80.9 ({57752979-A1C9-4C02-856B-FBB27AC4E02C})
version: 121962576
version (major): 7
version (minor): 69
estimated size: 75499
install date: 20110426
install location: C:\Program Files\QuickTime\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
publisher: Apple Inc.
contact: AppleCare Support
help link: hxxp://www.apple.com/de/support
help telephone: 01805 009 433

3.3.0 ({619CDD8A-14B6-43a1-AB6C-0F4EE48CE048})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 668
install date: 20070215
install source: c:\WinOnCD\RCP_COPY_33\
uninstall cmd: MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
publisher: Roxio

({62369F2F77534556AEF4C58152E3BDE5})

2.1.0 ({6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA})
version: 33619968
version (major): 2
version (minor): 1
estimated size: 16015
install date: 20070215
install source: c:\WinOnCD\EXPRESSLABELER_30\
uninstall cmd: MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
publisher: Roxio

EPSON Copy Utility 3 3.3.0.0 ({67EDD823-135A-4D59-87BD-950616D6E857})
version: 50528256
install location: C:\Program Files\EPSON\Creativity Suite
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x7 -UnInstall

Apple Software Update 2.1.1.116 ({6956856F-B6B3-4BE0-BA0B-8F495BE32033})
version: 33619969
version (major): 2
version (minor): 1
estimated size: 2208
install date: 20090926
install location: C:\Program Files\Apple Software Update\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
publisher: Apple Inc.
contact: AppleCare Support
help link: hxxp://www.apple.com/de/support
help telephone: 01805 009 433

Windows Media Player Firefox Plugin 1.0.0.8 ({69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4})
version: 16777216
version (major): 1
estimated size: 296
install date: 20070515
install source: C:\Users\Fabo\AppData\Local\Temp\IXP000.TMP\
uninstall cmd: MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
publisher: Microsoft Corp

Safari 5.33.21.1 ({6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1})
version: 86048789
version (major): 5
version (minor): 33
estimated size: 42257
install date: 20110426
install location: C:\Program Files\Safari\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}
publisher: Apple Inc.
contact: AppleCare Support
help link: hxxp://www.apple.com/de/support
help telephone: 01805 009 433

6.6.0 ({7585478E9D9B42108671C12F8714CEFE})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

6.8.2 ({7B63B2922B174135AFC0E1377DD81EC2})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
publisher: DivX, Inc.

OpenOffice.org 3.0 3.0.9379 ({7EC19307-7C22-47A8-922B-3FA965291260})
version: 50341027
version (major): 3
estimated size: 356831
install date: 20090214
install location: C:\Program Files\
install source: C:\Users\Fabo\Desktop\Desktop\OpenOffice.org 3.0 (de) Installation Files\
uninstall cmd: MsiExec.exe /I{7EC19307-7C22-47A8-922B-3FA965291260}
publisher: OpenOffice.org
comments: OpenOffice.org 3.0 (de) (OOO300m15(Build:9379))
contact: Abteilung für die technische Unterstützung
help link: hxxp://de.openoffice.org
help telephone: x-xxx-xxx-xxx

EPSON Web-To-Page ({7F14F68C-17FA-4F88-B3FD-7F449C1EBF32})
install location: C:\Program Files\EPSON\EPSON Web-To-Page
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\Setup.exe" -l0x7 -anything

3.3.0 ({83FFCFC7-88C6-41c6-8752-958A45325C82})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 1278
install date: 20070215
install source: c:\WinOnCD\RCP_AUDIO_33\
uninstall cmd: MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
publisher: Roxio

Apple Application Support 1.5.1 ({853A4763-6643-4604-8D64-28BDD8925F4C})
version: 17104897
version (major): 1
version (minor): 5
estimated size: 52197
install date: 20110426
install location: C:\Program Files\Common Files\Apple\Apple Application Support\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{853A4763-6643-4604-8D64-28BDD8925F4C}
publisher: Apple Inc.
contact: AppleCare Support
help link: hxxp://www.apple.com/support/
help telephone: 1-800-275-2273

MSXML 4.0 SP2 (KB954430) 4.20.9870.0 ({86493ADD-824D-4B8E-BD72-8C5DCDC52A71})
version: 68429454
version (major): 4
version (minor): 20
estimated size: 1309
install date: 20081116
install source: c:\bb6f9dd03ce94f0dadfca15a\
uninstall cmd: MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
publisher: Microsoft Corporation
help link: hxxp://support.microsoft.com/kb/954430

Corel Photo Album 6 6.31 ({8A9B8148-DDD7-448F-BD6C-358386D32354})
version: 102694912
version (major): 6
version (minor): 31
estimated size: 93289
install date: 20070215
install location: c:\Program Files\Corel\Corel Photo Album 6\
install source: c:\PC_Suite_2007\PhotoAlbum6\
uninstall cmd: MsiExec.exe /X{8A9B8148-DDD7-448F-BD6C-358386D32354}
publisher: Corel, Inc.
comments: Installiert Corel Photo Album 6
contact: Corel Kundendienst
help link: hxxp://www.corel.com/support
help telephone: USA: 1-800-772-6735; außerhalb der USA: +441628 581601; Vereinigtes Königreich: 0870 774 0202

Camera RAW Plug-In for EPSON Creativity Suite 2.2.0.0 ({93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD})
version: 33685504
install location: C:\Program Files\EPSON\Creativity Suite\Common\Module\RawPlugIn2
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x7 UNINST
publisher: SEIKO EPSON CORPORATION

PHOTOfunSTUDIO -viewer- 2.00.000 ({9A9DBEBC-C800-4776-A970-D76D6AA405B1})
version: 33554432
install date: 20080828
install location: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-
install source: F:\PHOTOFUN\Setup\
uninstall cmd: C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\setup.exe -runfromtemp -l0x0007 -z"Uninstall" -removeonly
publisher: Panasonic

Adobe Reader 8.2.5 - Deutsch 8.2.5 ({AC76BA86-7AD7-1031-7B44-A82000000003})
version: 134348805
version (major): 8
version (minor): 2
estimated size: 104443
install date: 20110111
install source: C:\Users\Fabo\AppData\Local\Adobe\Updater5\Install\reader8rdr-de_DE\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A82000000003}
publisher: Adobe Systems Incorporated
comments:
contact: Kundendienst
help link: hxxp://www.adobe.de/support/main.html
readme: C:\Program Files\Adobe\Reader 8.0\Reader\Readme.htm

Spelling Dictionaries Support For Adobe Reader 8 8.0.0 ({AC76BA86-7AD7-5464-3428-800000000003})
version: 134217728
version (major): 8
estimated size: 33322
install date: 20081221
install source: C:\Users\Fabo\AppData\Local\Adobe\Updater5\Install\reader8rdr-de_DE\
uninstall cmd: MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
publisher: Adobe Systems
comments: This is a placeholder for ARP comments for Spelling Dictionaries for Adobe Reader 8.0
contact: Customer Support
help link: hxxp://www.adobe.com/support/main.html
help telephone: 1-800-833-6687

DivX Converter 6.6.0 ({B13A7C41581B411290FBC0395694E2A9})
install location: C:\Program Files\DivX
uninstall cmd: C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
publisher: DivX, Inc.

Spybot - Search & Destroy 1.6.2 ({B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1)
install date: 20100110
install location: C:\Program Files\Spybot - Search & Destroy\
uninstall cmd: "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
publisher: Safer Networking Limited
help link: hxxp://www.safer-networking.org/index.php?page=support

Bonjour 2.0.5.0 ({C2E4B5BD-32DB-4817-A060-341AB17C3F90})
version: 33554437
version (major): 2
estimated size: 1130
install date: 20110426
install location: C:\Program Files\Bonjour\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /X{C2E4B5BD-32DB-4817-A060-341AB17C3F90}
publisher: Apple Inc.
contact: AppleCare-Support
help link: hxxp://www.apple.com/de/support
help telephone: 01805 009 433

3.3.0 ({C8B0680B-CDAE-4809-9F91-387B6DE00F7C})
version: 50528256
version (major): 3
version (minor): 3
estimated size: 17860
install date: 20070215
install source: c:\WinOnCD\RCP_CORE_33\
uninstall cmd: MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
publisher: Roxio

Garmin City Navigator Europe NT 2011.30 Update 14.30.0.0 ({CA70204D-9437-4646-942E-8172F62F96AD})
version: 236847104
version (major): 14
version (minor): 30
estimated size: 2657018
install date: 20101129
install source: C:\Users\Fabo\AppData\Local\Temp\IMG\
uninstall cmd: MsiExec.exe /X{CA70204D-9437-4646-942E-8172F62F96AD}
publisher: Garmin Ltd or its subsidiaries
comments: Please contact Garmin with comments and concerns.
contact: Customer Support Department
help link: hxxp://www.garmin.com/support

Apple Mobile Device Support 3.4.0.25 ({CACAEB5F-174D-4C7C-AC56-A33289A807CA})
version: 50593792
version (major): 3
version (minor): 4
estimated size: 22273
install date: 20110426
install location: C:\Program Files\Common Files\Apple\Mobile Device Support\
install source: C:\Users\Fabo\AppData\Local\Apple\Apple Software Update\
uninstall cmd: MsiExec.exe /I{CACAEB5F-174D-4C7C-AC56-A33289A807CA}
publisher: Apple Inc.
contact: AppleCare Support
help link: hxxp://www.apple.com/de/support/
help telephone: 01805 009 433

Microsoft .NET Framework 3.5 SP1 3.5.30729 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9})
version: 50690057
version (major): 3
version (minor): 5
estimated size: 84556
install date: 20101009
install source: d:\8c8ee38fe98fc086ce76fa434d\
uninstall cmd: MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
publisher: Microsoft Corporation

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB2416473)
uninstall cmd: C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This security update is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this security update will be uninstalled automatically.
For more information, visit hxxp://support.microsoft.com/kb/2416473.
help link: hxxp://support.microsoft.com/kb/2416473

({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595)
uninstall cmd: C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit hxxp://support.microsoft.com/kb/953595.
help link: hxxp://support.microsoft.com/kb/953595

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484)
uninstall cmd: C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This hotfix is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this hotfix will be uninstalled automatically.
For more information, visit hxxp://support.microsoft.com/kb/958484.
help link: hxxp://support.microsoft.com/kb/958484

({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) 1 ({CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707)
uninstall cmd: C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
publisher: Microsoft Corporation
comments: This update is for Microsoft .NET Framework 3.5 SP1.
If you later install a more recent service pack, this update will be uninstalled automatically.
For more information, visit hxxp://support.microsoft.com/kb/963707.
help link: hxxp://support.microsoft.com/kb/963707

NHL 2005 ({D0DC1674-B5E8-4364-009E-B350048DD006})
uninstall cmd: C:\Program Files\EA SPORTS\NHL 2005\EAUninstall.exe

Roxio WinOnCD 9 Basic 9.0.138 ({DCFFB64E-A757-4430-A455-B947F029BFD4})
version: 150995082
version (major): 9
estimated size: 195713
install date: 20070215
install location: c:\Program Files\Roxio\
install source: c:\WinOnCD\
uninstall cmd: MsiExec.exe /I{DCFFB64E-A757-4430-A455-B947F029BFD4}
publisher: Roxio
comments: Hauptinstallationsprogramm für Digital Media Suite
contact: hxxp://support.roxio.com
help link: hxxp://support.roxio.com
readme: c:\Program Files\Roxio\ReadMe.htm

Realtek High Definition Audio Driver ({F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC})
uninstall cmd: RtlUpd.exe -r -m

Update Manager 4.60 ({F428D0FB-765D-40EB-BDD8-A1E7F5C597FA})
version: 71041024
version (major): 4
version (minor): 60
estimated size: 2651
install date: 20070215
install location: C:\Program Files\My Company Name\My Product Name\
install source: C:\PC_Suite_2007\WordPerfectOfficeX3\WPOX3\
uninstall cmd: MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
publisher: Corel Corporation

MSXML 4.0 SP2 (KB973688) 4.20.9876.0 ({F662A8E6-F4DC-41A2-901E-8C11F044BDEC})
version: 68429460
version (major): 4
version (minor): 20
estimated size: 1368
install date: 20091125
install source: d:\05ad589032bc9778ccc93e6ecb0c\
uninstall cmd: MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
publisher: Microsoft Corporation
help link: hxxp://support.microsoft.com/kb/973688

Microsoft .NET Framework 4 Client Profile DEU Language Pack 4.0.30319 ({F750C986-5310-3A5A-95F8-4EC71C8AC01C})
version: 67139183
version (major): 4
estimated size: 24787
install date: 20101128
install source: D:\e1f9562fe241f8858f47\
uninstall cmd: MsiExec.exe /X{F750C986-5310-3A5A-95F8-4EC71C8AC01C}
publisher: Microsoft Corporation
readme: hxxp://go.microsoft.com/fwlink/?LinkId=164156



--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ACDaemon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ArcSoft Connect Daemon
Object name: LocalSystem
Image path: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
Image size: 102712
Image MD5: 61A581E5481E22A76A88490C57015105
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI-Treiber
Image path: system32\drivers\acpi.sys
Image size: 265688
Image MD5: 82B296AE1892FE3DBEE00C9CF92F8AC7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu160m
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu160m.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Afc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PPdus ASPI Shell
Image path: system32\drivers\Afc.sys
Image size: 11776
Image MD5: A7B8A3A79D35215D798A300DF49ED23F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Ancilliary Function Driver for Winsock
Description: Ancilliary Function Driver for Winsock
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: A1545B731579895D8CC44FC0481C1192
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): AmdK7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K7 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\drivers\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AntiVirSchedulerService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Planer
Description: Dienst zur Steuerung von Avira AntiVir Personal - Free Antivirus Prüfaufträgen und Updates.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
Image size: 136360
Image MD5: C27D46B06D340293670450FCE9DFB166
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): AntiVirService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Avira AntiVir Guard
Description: Bietet permanenten Schutz vor Viren und Malware mit der AntiVir Suchengine.
Object name: LocalSystem
Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
Image size: 269480
Image MD5: C9FB073FD3C306B9EB32993BE72F8AB7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): Apple Mobile Device
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile Device
Description: Enthält die Schnittstelle zu Mobilgeräten von Apple.
Object name: LocalSystem
Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
Image size: 37664
Image MD5: 20F6F19FE9E753F2780DC2FA083AD597
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Asynchroner RAS -Medientreiber
Description: Asynchroner RAS -Medientreiber
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17408
Image MD5: 53B202ABEE6455406254444303E87BE1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE-Kanal
Image path: system32\drivers\atapi.sys
Image size: 19944
Image MD5: 1F05B78AB91C9075565A9D8A4B880BC4
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): avgntflt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avgntflt
Description: Avira mini-filter driver
Image path: system32\DRIVERS\avgntflt.sys
Image size: 61960
Image MD5: 47B879406246FFDCED59E18D331A0E7D
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): avipbb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: avipbb
Description: Avira Security Enhancement Driver
Image path: system32\DRIVERS\avipbb.sys
Image size: 137656
Image MD5: 5FEDEF54757B34FB611B9EC8FB399364
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Bonjour Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Dienst "Bonjour"
Description: Damit können Hardwaregeräte und Softwaredienste im Netzwerk eine automatische Selbstkonfiguration durchführen und ihre Verfügbarkeit anzeigen.
Object name: LocalSystem
Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
Image size: 349472
Image MD5: F2060A34C8A75BC24A9222EB4F8C07BD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: Tcpip

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bowser
Description: Implements the datagram receiver for the computer browser browser service.
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: 35F376253F687BDE63976CCB3F2108CA
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltlo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\drivers\brfiltup.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\system32\drivers\brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\system32\drivers\brserwdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\system32\drivers\brusbmdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\system32\drivers\brusbser.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\drivers\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70144
Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM-Laufwerktreiber
Image path: system32\DRIVERS\cdrom.sys
Image size: 67072
Image MD5: 6B4BFFB9BECD728097024276430DB314
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\drivers\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Common Log (CLFS)
Description: Common Log (CLFS)
Image path: System32\CLFS.sys
Image size: 245736
Image MD5: D7659D3B5B92C31E84E53C1431F35132
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66368
Image MD5: 8EE772032E2FE80A924F3B8DD5082194
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0

Service (registry key): clr_optimization_v4.0.30319_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v4.0.30319_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
Image size: 130384
Image MD5: C5A75EB48E2344ABDC162BDA79E16841
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 0

Service (registry key): CLTNetCnService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Symantec Lic NetConnect service
Description: Symantec Lic NetConnect Service
Object name: LocalSystem
Image path: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: \SystemRoot\system32\drivers\compbatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: BE01E566D1F569AAB32D0335613E1EEA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: system32\drivers\crcdisk.sys
Image size: 22632
Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Crusoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Transmeta Crusoe Processor Driver
Image path: \SystemRoot\system32\drivers\crusoe.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 75264
Image MD5: 218D8AE46C88E82014F5D73D0236D9B2
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): DFSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @dfsrres.dll,-101
Description: @dfsrres.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\DFSR.exe
Image size: 2092544
Image MD5: 2CC3DCFB533A1035B13DCAB6160AB38B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Laufwerktreiber
Image path: system32\drivers\disk.sys
Image size: 53736
Image MD5: 5D4AEFC3386920236A548271F8F1AF6A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): DLABMFSM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLABMFSM.SYS
Image size: 35096
Image MD5: A53723176D0002FEB486EFF8E17812F2
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLABOIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLABOIOM.SYS
Image size: 32472
Image MD5: D4587063ACEA776699251E177D719586
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLACDBHM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLACDBHM.SYS
Image size: 12856
Image MD5: 5230CDB7E715F3A3B4A882E254CDD35D
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0

Service (registry key): DLADResM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLADResM.SYS
Image size: 9432
Image MD5: 1CC77BF6481567B617F7D204932A10E4
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAIFS_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAIFS_M.SYS
Image size: 104536
Image MD5: 24400137E387A24410C52A591F3CFB4D
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAOPIOM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAOPIOM.SYS
Image size: 26296
Image MD5: 29A303FECEB28641ECEBDAE89EB71C63
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAPoolM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAPoolM.SYS
Image size: 14520
Image MD5: C93E33A22A1AE0C5508F3FB1F6D0A50C
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLARTL_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DLARTL_M.SYS
Image size: 28184
Image MD5: 91886FED52A3F9966207BCE46CFD794F
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 0

Service (registry key): DLAUDFAM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAUDFAM.SYS
Image size: 94648
Image MD5: B953498C35A31E5AC98F49ADBCF3E627
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DLAUDF_M
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DLA\DLAUDF_M.SYS
Image size: 97848
Image MD5: 4897704C093C1F59CE58FC65E1E1EF1E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Fabo63 06.06.2011 20:45
Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Kernel-DRM-Audioentschlüsselung
Image path: system32\drivers\drmkaud.sys
Image size: 5632
Image MD5: 97FEF831AB90BEE128C9AF390E243F80
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DRVMCDB
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVMCDB.SYS
Image size: 99176
Image MD5: C00440385CF9F3D142917C63F989E244
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 0

Service (registry key): DRVNDDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\DRVNDDM.SYS
Image size: 51768
Image MD5: FFC371525AA55D1BAE18715EBCB8797C
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 0

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): E1G60
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver
Image path: system32\DRIVERS\E1G60I32.sys
Image size: 117760
Image MD5: F88FB26547FD2CE6D0A5AF2985892C48
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): Ecache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost Caching Driver
Description: ReadyBoost Caching Driver
Image path: System32\drivers\ecache.sys
Image size: 141288
Image MD5: 7F64EA048DCFAC7ACF8B4D7B4E6FE371
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): ehRecvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehRecvr.exe
Image size: 292352
Image MD5: 9BE3744D295A7701EB425332014F0797
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehsched.exe,-101
Description: @%SystemRoot%\ehome\ehsched.exe,-102
Object name: NT AUTHORITY\networkService
Image path: %systemroot%\ehome\ehsched.exe
Image size: 131072
Image MD5: AD1870C8E5D6DD340C829E6074BF3C3F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): ehstart
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehstart.dll,-101
Description: @%SystemRoot%\ehome\ehstart.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): EmdCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): EMDMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\emdmgmt.dll,-1000
Description: @%SystemRoot%\system32\emdmgmt.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,ecache,slsvc,fileinfo

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: system32\DRIVERS\fdc.sys
Image size: 25088
Image MD5: 63BDADA84951B9C03E641800E176898A
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FET5X86V
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA Rhine-Family Fast-Ethernet Adapter Driver Service
Image path: system32\DRIVERS\fetnd5bv.sys
Image size: 42496
Image MD5: 8787449F8EF116DB0E8E06C3555746A7
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): FETNDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA Rhine-Familie--Fast-Ethernet-Adaptertreiberdienst
Image path: system32\DRIVERS\fetnd5.sys
Image size: 45568
Image MD5: B2B2C38E916184FF8523C7439DDD417F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: File Information FS MiniFilter
Description: Collects information about files in memory to be consumed by other system services.
Image path: system32\drivers\fileinfo.sys
Image size: 58936
Image MD5: A8C0139A884861E3AAE9CFE73B208A9F
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FileTrace
Description: ETW File Trace Filter
Image path: system32\drivers\filetrace.sys
Image size: 27648
Image MD5: 0AE429A696AECBC5970E3CF2C62635AE
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: system32\DRIVERS\flpydisk.sys
Image size: 20480
Image MD5: 6603957EFF5EC62D25075EA8AC27DE68
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FltMgr
Description: File System Filter Manager Driver
Image path: system32\drivers\fltmgr.sys
Image size: 190424
Image MD5: 01334F9EA68E6877C4EF05D3EA8ABB05
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 43904
Image MD5: C7FBDD1ED42F82BFA35167A5C9803EA3
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 8
Error Control: 0

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\drivers\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GEARAspiWDM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GEAR ASPI Filter Driver
Image path: System32\Drivers\GEARAspiWDM.sys
Image size: 26600
Image MD5: 8182FF89C65E4D38B2DE4BB0FB18564E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k GPSvcGroup
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst
Image path: system32\drivers\HdAudio.sys
Image size: 235520
Image MD5: CB04C744BE0A61B1D648FAED182C3B59
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-UAA-Bustreiber für High Definition Audio
Image path: system32\DRIVERS\HDAudBus.sys
Image size: 561152
Image MD5: 062452B7FFD68C8C042A6261FE8DFF4A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\drivers\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\drivers\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class-Treiber
Image path: system32\DRIVERS\hidusb.sys
Image size: 12800
Image MD5: CCA4B519B17E23A00B826C55716809CC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HpCISSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\hpcisss.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HTTP
Description: This service implements the hypertext transfer protocol (HTTP). If this service is disabled, any services that explicitly depend on it will fail to start.
Image path: system32\drivers\HTTP.sys
Image size: 411648
Image MD5: F870AA3E254628EBEAFE754108D664DE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): i2omp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\i2omp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 54784
Image MD5: 22D56C8184586B7A1F6FA60BE5F5A2BD
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iaStor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AHCI Controller
Image path: \SystemRoot\system32\drivers\iastor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Vista
Image path: \SystemRoot\system32\drivers\iastorv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IDriverT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: InstallDriver Table Manager
Description: Provides support for the Running Object Table for InstallShield Drivers
Object name: LocalSystem
Image path: "c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Image size: 73728
Image MD5: 6F95324909B502E2651442C1548AB12F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 879448
Image MD5: 98477B08E61945F974ED9FDC4CB6BDAB
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IntcAzAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Service for Realtek HD Audio (WDM)
Image path: system32\drivers\RTKVHDA.sys
Image size: 1668456
Image MD5: C61B3B87F3856CEF0C9F204028C6860D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel-Prozessortreiber
Image path: system32\DRIVERS\intelppm.sys
Image size: 41472
Image MD5: 224191001E78C89DFA78924C3EA595FF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 47616
Image MD5: 62C265C38769B864CB25B4BCF62DF6C3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-200
Description: @%SystemRoot%\system32\iphlpsvc.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IpInIp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP in IP Tunnel Driver
Description: IP in IP Tunnel Driver
Image path: system32\DRIVERS\ipinip.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ipmidrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Description: IP Network Address Translator
Image path: system32\DRIVERS\ipnat.sys
Image size: 100864
Image MD5: 8793643A67B42CEC66490B2A0CF92D68
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iPod Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iPod-Dienst
Description: iPod-Hardwareverwaltungsdienste
Object name: LocalSystem
Image path: "C:\Program Files\iPod\bin\iPodService.exe"
Image size: 820520
Image MD5: CA9D4B998BFF311A539604ED87318FA0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IR Bus Enumerator
Description: IR Bus Enumerator
Image path: system32\drivers\irenum.sys
Image size: 13312
Image MD5: 109C0DFB82C3632FBD11949B73AEEAC9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PnP ISA/EISA Bus Driver
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort-Treiber
Image path: system32\DRIVERS\msiscsi.sys
Image size: 180712
Image MD5: 232FA340531D940AAC623B121A595034
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): iteatapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITEATAPI_Service_Install
Image path: \SystemRoot\system32\drivers\iteatapi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): iteraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ITERAID_Service_Install
Image path: \SystemRoot\system32\drivers\iteraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastaturklassentreiber
Image path: system32\DRIVERS\kbdclass.sys
Image size: 35384
Image MD5: 37605E0A8CF00CBBA538E753E4344C6E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Tastatur-HID-Treiber
Image path: system32\DRIVERS\kbdhid.sys
Image size: 17408
Image MD5: EDE59EC70E25C24581ADD1FBEC7325F7
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: 3978F3540329E16C0AC3BCF677E5669F
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 439864
Image MD5: 86165728AF9BF72D6442A894FDFB4F8B
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: E/A-Treiber für Verbindungsschicht-Topologieerkennungszuordnung
Image path: system32\DRIVERS\lltdio.sys
Image size: 47104
Image MD5: D1C5883087A0C3F1344D9D55A44901F6
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UAC File Virtualization
Description: Virtualizes file write failures to per-user locations.
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): Mcx2Svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\ehome\ehres.dll,-15501
Description: @%SystemRoot%\ehome\ehres.dll,-15502
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,IPBusEnum,TermService,fdphost

Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 31744
Image MD5: E13B5EA0F51BA5B1512EC671393D09BA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor-Klassenfunktionstreiber-Dienst
Image path: system32\DRIVERS\monitor.sys
Image size: 41984
Image MD5: EC839BA91E45CCE6EADAFC418FFF8206
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mausklassentreiber
Image path: system32\DRIVERS\mouclass.sys
Image size: 34360
Image MD5: 5BF6A1326A335C5298477754A506D263
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Maus-HID-Treiber
Image path: system32\DRIVERS\mouhid.sys
Image size: 15872
Image MD5: 93B8D4869E12CFBE663915502900876F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): MountMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mount Point Manager
Description: Driver responsible with maintaining persistent drive letters and names for volumes
Image path: System32\drivers\mountmgr.sys
Image size: 57400
Image MD5: BDAFC88AA6B92F7842416EA6A48E1600
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 64000
Image MD5: 22241FEBA9B2DEFA669C8CB0A8DD7D2E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): Mraid35x
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\mraid35x.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WebDav Client Redirector Driver
Description: WebDav Client Redirector Driver
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB MiniRedirector Wrapper and Engine
Description: Implements the framework for the SMB filesystem redirector
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 106496
Image MD5: 5FE5CF325F5B02EBC60832D3440CB414
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB 1.x MiniRedirector
Description: Implements the SMB 1.x (CIFS) protocol. This protocol provides connectivity to network resources on pre-Windows Vista servers
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 213504
Image MD5: 30B9C769446AF379A2AFB72B0392604D
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SMB 2.0 MiniRedirector
Description: Implements the SMB 2.0 protocol, which provides connectivity to network resources on Windows Vista and later servers
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 79360
Image MD5: FEA239B3EC4877E2B7E23204AF589DDF
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\msahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 105984
Image MD5: FD7520CC3A80C5FC8C48852BB24C6DED
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): MSDTC Bridge 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ISA/EISA-Klassentreiber
Image path: system32\drivers\msisadrv.sys
Image size: 16440
Image MD5: 0F400E306F385C56317357D6DEA56F62
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec /V
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 8192
Image MD5: D8C63D34D9C9E56C059E24EC7185CC07
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Proxy für Streaming Clock
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5888
Image MD5: 1D373C90D62DDB641D50E55B9E78D65E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Proxy für Streaming Quality Manager
Image path: system32\drivers\MSPQM.sys
Image size: 5504
Image MD5: B572DA05BF4E098D4BBA3A4734FB505B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-Systemverwaltungs-BIOS-Treiber
Image path: system32\DRIVERS\mssmbios.sys
Image size: 31288
Image MD5: E384487CB84BE41D09711C30CA79646C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink-Konvertierung
Image path: system32\drivers\MSTEE.sys
Image size: 6016
Image MD5: 7199C1EEC1E4993CAF96B8C0A26BD58A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mup
Description: Multiple UNC Provider
Image path: System32\Drivers\mup.sys
Image size: 48104
Image MD5: 6A57B5733D4CB702C8EA4542E836B96C
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi-Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 148480
Image MD5: 85C44FDFF9CF7E72A40DCB7EC06A4416
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS System Driver
Description: NDIS System Driver
Image path: system32\drivers\ndis.sys
Image size: 527848
Image MD5: 1357274D1883F68300AEADD15D7BBB42
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 20992
Image MD5: 0E186E90404980569FB449BA7519AE61
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS-Benutzermodus-E/A-Protokoll
Image path: system32\DRIVERS\ndisuio.sys
Image size: 16896
Image MD5: D6973AA34C4D5D76C0430B181C3CD389
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 121344
Image MD5: 818F648618AE34F729FDB47EC68345C3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 35840
Image MD5: BCD093A5A6777CF626434568DC7DBA78
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): netbt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NETBT
Description: This service implements NetBios over TCP/IP.
Image path: System32\DRIVERS\netbt.sys
Image size: 185856
Image MD5: ECD64230A59CBD93C85F1CD1CAB9F3F6
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %systemroot%\system32\lsass.exe
Image size: 9728
Image MD5: 3978F3540329E16C0AC3BCF677E5669F
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprof.dll,-246
Description: @%SystemRoot%\system32\netprof.dll,-247
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 129880
Image MD5: D6C4E4A39A36029AC0813D476FBD0248
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NSI proxy service
Description: NSI proxy service
Image path: system32\drivers\nsiproxy.sys
Image size: 16384
Image MD5: 609773E344A97410CE4EBF74A8914FCF
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): ntrigdigi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: N-trig HID Tablet Driver
Image path: \SystemRoot\system32\drivers\ntrigdigi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvatabus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvatabus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): nvlddmkm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\nvlddmkm.sys
Image size: 4456384
Image MD5: 7D80FF0E34A0D04BEF343DF07B4707CF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce(tm) RAID Class Driver
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NwlnkFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Filter Driver
Description: IPX Traffic Filter Driver
Image path: system32\DRIVERS\nwlnkflt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: NwlnkFwd

Service (registry key): NwlnkFwd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IPX Traffic Forwarder Driver
Description: IPX Traffic Forwarder Driver
Image path: system32\DRIVERS\nwlnkfwd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA OHCI-konformer IEEE 1394-Hostcontroller
Image path: system32\DRIVERS\ohci1394.sys
Image size: 62208
Image MD5: 6F310E890D46E246E0E261A63D9B36B4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8004
Description: @%SystemRoot%\system32\p2psvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\drivers\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Partition Manager
Description: Disk class filter driver that auctions out partitions to volume managers
Image path: System32\drivers\partmgr.sys
Image size: 54248
Image MD5: 57389FA59A36D96B3EB09D0CB91E9CDC
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Parvdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\parvdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI-Bus-Treiber
Image path: system32\drivers\pci.sys
Image size: 149480
Image MD5: 941DC1D19E7E8620F40BBC206981EFDB
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 878080
Image MD5: 6349F6ED9C623B44B52EA3C63C831A92
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8002
Description: @%SystemRoot%\system32\p2psvc.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8000
Description: @%SystemRoot%\system32\p2psvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN-Miniport (PPTP)
Description: WAN-Miniport (PPTP)
Image path: system32\DRIVERS\raspptp.sys
Image size: 62976
Image MD5: ECFFFAEC0C1ECD8DBC77F39070EA1DB1
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\drivers\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: 3978F3540329E16C0AC3BCF677E5669F
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): PSched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 72192
Image MD5: 99514FAA8DF93D34B5589187DB3AA0BA
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): PxHelp20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PxHelp20
Image path: System32\Drivers\PxHelp20.sys
Image size: 45200
Image MD5: 40FEDD328F98245AD201CF5F9F311724
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QLogic Fibre Channel Miniport Driver
Image path: \SystemRoot\system32\drivers\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Fabo63 06.06.2011 20:45
Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: QLogic iSCSI Miniport Driver
Image path: \SystemRoot\system32\drivers\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 11776
Image MD5: 147D7F9C556D259924351FEB0DE606C3
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,Tapisrv

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN-Miniport (L2TP)
Description: WAN-Miniport (L2TP)
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 76288
Image MD5: A214ADBAF4CB47DD2728859EF31F26B0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 41472
Image MD5: 509A98DD18AF4375E1FC40BC175F1DEF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 69120
Image MD5: 2005F4A1E05FA09389AC85840F0A9E4D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Redirected Buffering Sub Sysytem
Description: Provides the framework for network mini-redirectors
Image path: system32\DRIVERS\rdbss.sys
Image size: 225280
Image MD5: B14C9D5B9ADD2F84F70570BBBFAA7935
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDPCDD
Description: RDPDD Chained DD
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 6144
Image MD5: 89E59BE9A564262A3FB6C4F4F1CD9899
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): rdpdr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Server Device Redirector Driver
Image path: \SystemRoot\system32\drivers\rdpdr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Encoder Mirror Driver
Description: RDP Encoder Mirror Driver
Image path: system32\drivers\rdpencdd.sys
Image size: 6144
Image MD5: 9D91FE5286F748862ECFFA05F8A0710C
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,RasMan,bfe
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RoxMediaDB9
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RoxMediaDB9
Description: Roxio RoxMediaDB9 Service
Object name: LocalSystem
Image path: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
Image size: 887544
Image MD5: 369FFB73BF61751E43CA589E3A0E4B90
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 0

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 7680
Image MD5: 5123F83CBC4349D065534EEB6BBDC42B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: DcomLaunch

Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Antwort für Verbindungsschicht-Topologieerkennung
Image path: system32\DRIVERS\rspndr.sys
Image size: 60416
Image MD5: 9C508F4074A39E8B4B31D27198146FAD
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): RT73
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: D-Link USB Wireless LAN Card Driver
Image path: system32\DRIVERS\Dr71WU.sys
Image size: 429440
Image MD5: 5EFF124BFABAC3E7FC2908BE28906B1B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RxFilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RxFilter
Description: RxFilter mini-filter driver
Image path: system32\DRIVERS\RxFilter.sys
Image size: 50688
Image MD5: 85ECEB9936E1112D055409647FC8579A
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On services: FltMgr
Depends On group: ""

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 9728
Image MD5: 3978F3540329E16C0AC3BCF677E5669F
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBSD Security Center Service
Object name: LocalSystem
Image path: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Image size: 1153368
Image MD5: 794D4B48DFB6E999537C7C3947863463
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: wscsvc

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum-Filtertreiber
Image path: system32\DRIVERS\serenum.sys
Image size: 17920
Image MD5: CE9EC966638EF0B10B864DDEDF62A099
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Treiber für seriellen Anschluss
Image path: system32\DRIVERS\serial.sys
Image size: 83456
Image MD5: 6D663022DB3E7058907784AE14B69898
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\drivers\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\drivers\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\drivers\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sisraid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): slsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\SLsvc.exe,-101
Description: @%SystemRoot%\system32\SLsvc.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\SLsvc.exe
Image size: 3408896
Image MD5: 862BB4CBC05D80C5B45BE430E5EF872F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): SLUINotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\SLUINotify.dll,-103
Description: @%SystemRoot%\system32\SLUINotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SLSvc,netprofm,EventSystem

Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 66560
Image MD5: 7B75299A4D201D6A6533603D6914AB04
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SMSvcHost 4.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 12800
Image MD5: 2A146A055B4401C16EE62D18B8E2A032
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\spoolsv.exe,-1
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 128000
Image MD5: 8554097E5136C3BF9F69FE578A1B35F4
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srv.sys
Image size: 305152
Image MD5: 41987F9FC0E61ADF54F581E15029AD91
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: srv2
Description: Default SDDL for Windows Resource Protected file
Image path: System32\DRIVERS\srv2.sys
Image size: 146432
Image MD5: A5940CA32ED206F90BE9FABDF6E92DE4
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 102400
Image MD5: 37AA1D560D5FA486C4B11C2F276ADA61
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): ssmdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ssmdrv
Description: Avira Snapshot Driver
Image path: system32\DRIVERS\ssmdrv.sys
Image size: 28520
Image MD5: A36EE93698802CD899F98BFD553D8185
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): stisvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): stllssvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: stllssvr
Object name: LocalSystem
Image path: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
Image size: 73728
Image MD5: 51778FD315C9882F1CBD932743E62A72
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software-Bus-Treiber
Image path: system32\DRIVERS\swenum.sys
Image size: 15288
Image MD5: 7BA58ECF0C0A9A69D44B3DCA62BECF56
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Symc8xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\symc8xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_hi
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sym_hi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Sym_u3
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sym_u3.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 905088
Image MD5: A474879AFA4A596B3A531F3E69730DBF
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Tcpip6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6-Protokolltreiber
Description: Microsoft IPv6-Protokolltreiber
Image path: system32\DRIVERS\tcpip.sys
Image size: 905088
Image MD5: A474879AFA4A596B3A531F3E69730DBF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 30720
Image MD5: 608C345A255D82A6289C2D468EB41FD7
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 17920
Image MD5: 5DCF5E267BE67A1AE926F2DF77FBCC56
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 29184
Image MD5: 389C63E32B3CEFED425B61ED92D3F021
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 72192
Image MD5: 76B06EB8A01FC8624D699E7045303E54
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal-Gerätetreiber
Image path: system32\DRIVERS\termdd.sys
Image size: 53224
Image MD5: 3CAD38910468EAB9A6479E2F01DB43C7
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): TestHandler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Fujitsu Siemens Computers Diagnostic Testhandler
Description: Manages and controls the Fujitsu Siemens Computers Diagnostic Tools.
Object name: LocalSystem
Image path: C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
Image size: 204800
Image MD5: 1489A8B70AF925D983D399BEAB1E701F
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-8192
Description: @%SystemRoot%\System32\shsvcs.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 39424
Image MD5: 97D9D6A04E3AD9B6C626B9931DB78DBA
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Services Security Filter Driver
Description: Terminal Services Security Filter Driver
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 23552
Image MD5: DCF0F056A2E4F52287264F5AB29CF206
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): tunmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tun-Miniportadaptertreiber
Image path: system32\DRIVERS\tunmp.sys
Image size: 15360
Image MD5: CAECC0120AC49E3D2F758B9169872D38
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft-IPv6-Tunnelminiport-Adaptertreiber
Image path: system32\DRIVERS\tunnel.sys
Image size: 25088
Image MD5: 300DB877AC094FEAB0BE7688C3454A9C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\drivers\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 226816
Image MD5: D9728AF68C4C7693CB100B8441CBDEC6
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 35840
Image MD5: ECEF404F62863755951E09C802C94AD5
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uliahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\uliahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): UlSata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ulsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): ulsata2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\ulsata2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus-Enumerator-Treiber
Image path: system32\DRIVERS\umbus.sys
Image size: 34816
Image MD5: 32CFF9F809AE9AED85464492BF3E32D2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\upnphost.dll,-213
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): usb
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): USB28xxBGA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB 2860 Device
Image path: system32\DRIVERS\emBDA.sys
Image size: 579840
Image MD5: 75860C1E8F36D13A96A8CB426E4C18AE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USB28xxOEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB 28xx OEM Filter
Image path: system32\DRIVERS\emOEM.sys
Image size: 551424
Image MD5: 67BBBFB2528CE47D715884BCE634CF9E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBAAPL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Apple Mobile USB Driver
Image path: System32\Drivers\usbaapl.sys
Image size: 41984
Image MD5: D4FB6ECC60A428564BA8768B0E23C0FC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Standard-USB-Haupttreiber
Image path: system32\DRIVERS\usbccgp.sys
Image size: 73216
Image MD5: CAF811AE4C147FFCD5B51750C7F09142
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller
Image path: system32\DRIVERS\usbehci.sys
Image size: 39936
Image MD5: 79E96C23A97CE7B8F14D310DA2DB0C9B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB2-aktivierter Hub
Image path: system32\DRIVERS\usbhub.sys
Image size: 196096
Image MD5: 4673BBCB006AF60E7ABDDBE7A130BA42
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB-Druckerklasse
Image path: system32\DRIVERS\usbprint.sys
Image size: 18944
Image MD5: E75C4B5269091D15A2E7DC0B6D35F2F5
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbscan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Scannertreiber
Image path: system32\DRIVERS\usbscan.sys
Image size: 35328
Image MD5: A508C9BD8724980512136B039BBA65E9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB-Massenspeichertreiber
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 65536
Image MD5: BE3DA31C191BC222D9AD503C5224F2AD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Miniporttreiber für universellen Microsoft USB-Hostcontroller
Image path: system32\DRIVERS\usbuhci.sys
Image size: 23552
Image MD5: 814D653EFC4D48BE3B04A307ECEFF56F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 385536
Image MD5: CD88D1B7776DC17A119049742EC07EB4
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 26112
Image MD5: 7D92BE0028ECDEDEC74617009084B5EF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\drivers\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ViaC7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA C7 Processor Driver
Image path: \SystemRoot\system32\drivers\viac7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 3

Service (registry key): viamraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viamraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): videX32
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\videX32.sys
Image size: 9216
Image MD5: F95C0FCFBCBDA6D8F202D2DF4052F88D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Treiber für Volume-Manager
Image path: system32\drivers\volmgr.sys
Image size: 52792
Image MD5: 69503668AC66C77C6CD7AF86FBDF8C43
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Dynamic Volume Manager
Description: Extension of the volume manager driver that manages software RAID volumes (spanned, striped, mirrored, RAID-5) on dynamic disks
Image path: System32\drivers\volmgrx.sys
Image size: 292840
Image MD5: 23E41B834759917BFD6B9A0D625D0C28
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Speichervolumes
Image path: system32\drivers\volsnap.sys
Image size: 226280
Image MD5: 147281C01FCB1DF9252DE2A10D5E7093
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\vsmraid.sys
Image size: 112232
Image MD5: D984439746D42B30FC65A4C3546C6829
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 1055232
Image MD5: DB3D19F850C6EB32BDCB9BC0836ACDDB
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\w32time.dll,-200
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\drivers\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wanarp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IP ARP Driver
Description: Remote Access IP ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 62464
Image MD5: 55201897378CCA7AF8B5EFD874374A26
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access IPv6 ARP Driver
Description: Remote Access IPv6 ARP Driver
Image path: system32\DRIVERS\wanarp.sys
Image size: 62464
Image MD5: 55201897378CCA7AF8B5EFD874374A26
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Watchdog Timer Driver
Image path: \SystemRoot\system32\drivers\wd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Kernel Mode Driver Frameworks service
Image path: system32\drivers\Wdf01000.sys
Image size: 503864
Image MD5: B6F0A7AD6D4BD325FBCD8BAC96CD8D96
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k wdisvc
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog

Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0

Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-3068
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 137728
Image MD5: 43BE3875207DCB62A85C8C49970B66CC
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
Description: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%ProgramFiles%\Windows Media Player\wmpnetwk.exe"
Image size: 896512
Image MD5: 3978704576A121A9204F8CC49A301A9B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: UPnPHost,http

Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WpdUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WpdUsb
Image path: system32\DRIVERS\wpdusb.sys
Image size: 40448
Image MD5: DE9D36F91A4DF3D911626643DEBF11EA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WPFFontCache_v0400
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100
Description: @C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-101
Object name: NT AUTHORITY\LocalService
Image path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
Image size: 753504
Image MD5: DCF3E3EDF5109EE8BC02FE6E1F045795
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Winsock IFS driver
Description: Winsock IFS driver
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs,WinMgmt

Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 441344
Image MD5: AED0DFF80C6B3914769407E78D7AB21A
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 83328
Image MD5: AC13CB789D93412106B0FB6C7EB2BCB6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 21504
Image MD5: 3794B461C45882E06856F282EEF025AF
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): xfilt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA SATA IDE Hot-plug Driver
Image path: system32\DRIVERS\xfilt.sys
Image size: 17920
Image MD5: BEC604CDC548A528EBD3D7AA1DD46A89
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {70030A13-5769-4568-9373-CD5AA27913CA}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {75E90B5A-1CC2-4D91-8455-2FCE5E456DF4}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {86767E20-BE7B-4290-997F-EE75D6C86697}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {B494D7EB-2229-4D3A-8EDB-4A0614F10747}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {B97E5D3C-21C0-44D3-A3A4-3F2B92785551}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Fabo63 06.06.2011 23:01
und das kam bei Malwarebytes' Anti-Malware raus

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6779

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

06.06.2011 23:56:58
mbam-log-2011-06-06 (23-56-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 302423
Laufzeit: 2 Stunde(n), 10 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Ehrlich gesagt, weiss ich nicht warum der nichts anzeigt...
Versteh nur noch BAHNHOF... :headbang:

cosinus 07.06.2011 10:54
Hat Malwarebytes zuvor auch nihts gefunden oder war das der erste Scan mit diesem Tool?

Fabo63 07.06.2011 13:18
Beim erstmal hat der schon was angezeigt. Hab auch geschaut ob ich die logdaitei finde. Ist aber nichts mehr drauf...

Hab den mittlerweile 3mal gemacht... findet nichts mehr.


Zitat:
Zitat von cosinus (Beitrag 668907)
Hat Malwarebytes zuvor auch nihts gefunden oder war das der erste Scan mit diesem Tool?

cosinus 07.06.2011 13:31
Die Logdateien sind im Reiter Logdateien....

Fabo63 07.06.2011 15:12
Hab in den Logdatein 3 Daten gefunden...

1.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6688

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.05.2011 03:40:47
mbam-log-2011-05-27 (03-40-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300830
Laufzeit: 2 Stunde(n), 59 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

2.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6779

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

06.06.2011 02:46:11
mbam-log-2011-06-06 (02-46-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 302277
Laufzeit: 1 Stunde(n), 41 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

3.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6779

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

06.06.2011 23:56:58
mbam-log-2011-06-06 (23-56-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 302423
Laufzeit: 2 Stunde(n), 10 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Keine Ahnung wo die 4. Datei ist, hab die vor meinem Urlaub gemacht, also vor etwa 10 Tagen...


Zitat:
Zitat von cosinus (Beitrag 668983)
Die Logdateien sind im Reiter Logdateien....

cosinus 07.06.2011 17:37
MIt einem anderen Benutzerkonto vllt?

Fabo63 08.06.2011 00:20
so hab das ganz mal runtergeworfen und nochmal installiert... hat nicht viel genützt,aber die erste Datei hab ich gefunden... Allerdings hat die auch nichts angezeigt...

VON 27.5.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6688

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

27.05.2011 03:40:47
mbam-log-2011-05-27 (03-40-47).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 300830
Laufzeit: 2 Stunde(n), 59 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Zitat:
Zitat von cosinus (Beitrag 669106)
MIt einem anderen Benutzerkonto vllt?

cosinus 08.06.2011 09:19
Beim POsten der OTL.txt ist dir ein Fehler unterlaufen. Es ist unvollständig und direkt darunter ist das Log der Extras. Ich brauch die OTL.txt vollständig.

Fabo63 08.06.2011 10:37
So hier noch mal OTL.txtOTL Logfile:
Code:
OTL logfile created on: 08.06.2011 11:17:59 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Fabo\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1021,76 Mb Total Physical Memory | 302,76 Mb Available Physical Memory | 29,63% Memory free
2,26 Gb Paging File | 1,19 Gb Available in Paging File | 52,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 173,99 Gb Total Space | 17,57 Gb Free Space | 10,10% Space Free | Partition Type: NTFS
Drive D: | 45,22 Gb Total Space | 44,01 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
Drive E: | 2,10 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: FABO-PC | User Name: Fabo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.08 11:16:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fabo\Downloads\OTL.exe
PRC - [2011.04.30 14:20:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.28 19:00:14 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.20 23:38:57 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.03 17:15:44 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009.01.09 21:14:48 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.01.09 21:14:42 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008.04.17 14:14:00 | 000,098,616 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2008.01.19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.11.16 14:43:16 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2006.12.29 12:11:00 | 004,317,184 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.14 17:07:08 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2005.11.16 19:08:40 | 000,106,496 | ---- | M] (Corel, Inc.) -- C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.08 11:16:46 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Fabo\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2011.04.28 19:00:14 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.20 23:38:57 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.04.17 14:14:48 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.11.14 17:07:08 | 000,204,800 | ---- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.20 23:38:58 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.23 11:03:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.10.09 00:55:50 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2009.09.17 10:01:18 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007.04.27 18:55:12 | 000,429,440 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Dr71WU.sys -- (RT73)
DRV - [2007.02.08 23:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006.12.05 11:21:00 | 004,456,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.11.01 13:19:12 | 000,050,688 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RxFilter.sys -- (RxFilter)
DRV - [2006.10.26 17:22:00 | 000,009,432 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006.10.26 17:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.10.26 17:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006.10.26 17:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.10.26 17:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.10.26 17:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.10.26 17:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.10.26 17:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.10.18 18:39:58 | 000,017,920 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\xfilt.sys -- (xfilt)
DRV - [2006.10.17 21:22:26 | 000,009,216 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\videX32.sys -- (videX32)
DRV - [2006.08.11 11:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006.07.14 14:55:34 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 5C 84 1D 6D 27 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {937f343c-c9c2-4235-b544-7fc4da2f2594}:2.5.6.0
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 14:21:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.30 14:21:02 | 000,000,000 | ---D | M]
 
[2008.09.01 18:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabo\AppData\Roaming\mozilla\Extensions
[2011.06.08 01:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions
[2010.11.28 23:27:40 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.09.15 11:17:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.25 15:32:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.03.30 22:37:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.02.05 19:11:52 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.11.13 01:45:43 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.02.22 16:37:07 | 000,000,000 | ---D | M] (Suche Deutschland Toolbar) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{937f343c-c9c2-4235-b544-7fc4da2f2594}
[2010.07.14 16:56:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.22 16:37:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.10.15 16:32:23 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.09.03 00:51:15 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\firefox@tvunetworks.com
[2010.10.15 16:32:23 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2010.09.03 00:50:39 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Users\Fabo\AppData\Roaming\mozilla\Firefox\Profiles\tj9n2h07.default\extensions\vshare@toolbar
[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Fabo\AppData\Roaming\Mozilla\Firefox\Profiles\tj9n2h07.default\searchplugins\BearShareWebSearch.xml
[2010.07.14 18:57:14 | 000,000,873 | ---- | M] () -- C:\Users\Fabo\AppData\Roaming\Mozilla\Firefox\Profiles\tj9n2h07.default\searchplugins\conduit.xml
[2010.12.13 03:23:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2007.05.21 21:13:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.09.01 18:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.12.11 22:57:33 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.03.25 16:50:31 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.09 16:21:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.11.10 02:52:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.30 22:34:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.10.31 11:45:42 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.07.18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
[2010.10.31 11:45:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.31 11:45:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.31 11:45:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.31 11:45:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.05.30 17:07:46 | 000,000,736 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Programme\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [MsgCenterExe]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE (Corel Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EPSON Stylus DX7400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2]  File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Fabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fabo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fabo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.05.01 18:16:32 | 000,000,148 | R--- | M] () - E:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007.07.04 05:19:48 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.07.04 05:19:47 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.07.04 04:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\Shell - "" = AutoRun
O33 - MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Madden08.exe -- [2007.07.04 05:00:31 | 000,144,648 | R--- | M] (EA - Salt Lake)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.07 23:03:57 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.07 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.07 23:03:52 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.27 00:39:23 | 000,000,000 | ---D | C] -- C:\Users\Fabo\AppData\Roaming\Malwarebytes
[2011.05.27 00:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.27 00:38:56 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.24 00:08:17 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.19 23:07:12 | 000,000,000 | ---D | C] -- C:\Users\Fabo\AppData\Roaming\DVDVideoSoft
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.08 10:40:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.08 10:40:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.08 10:40:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.08 01:23:15 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.08 01:23:15 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.08 01:23:15 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.08 01:23:15 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.07 23:03:57 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.06.07 22:42:42 | 000,326,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.07 22:42:25 | 1072,160,768 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.05.24 19:14:10 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2011.05.24 00:08:17 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.05.19 23:08:54 | 000,001,044 | ---- | M] () -- C:\Users\Fabo\Desktop\Desktop\DVDVideoSoft Free Studio.lnk
 
========== Files Created - No Company Name ==========
 
[2011.06.07 23:03:57 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.22 02:15:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\wsnmp32d.dll
[2010.06.20 13:15:13 | 000,001,301 | ---- | C] () -- C:\Windows\TVEpaDrv.ini
[2010.06.20 12:28:56 | 000,303,104 | ---- | C] () -- C:\Windows\emunist.exe
[2009.10.19 23:11:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.10.19 23:11:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.04.14 23:57:46 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.09.10 18:40:20 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.06.01 02:22:11 | 000,001,356 | ---- | C] () -- C:\Users\Fabo\AppData\Local\d3d9caps.dat
[2008.05.02 00:09:29 | 000,000,074 | ---- | C] () -- C:\Windows\tm.ini
[2008.03.21 22:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.02.06 23:54:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.02.06 23:54:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.02.06 23:54:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.02.06 23:54:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.02.06 23:54:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.02.06 23:54:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.02.06 23:54:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.02.06 23:54:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.02.06 23:54:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.02.06 23:54:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.02.06 23:54:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.02.06 23:54:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.02.06 23:54:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.02.06 23:54:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.02.06 23:54:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.02.06 23:54:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.02.06 23:54:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.02.06 23:54:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.02.06 23:54:16 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.02.06 23:52:40 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX7400DEFGIPS.ini
[2007.09.19 21:05:56 | 000,073,216 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2007.07.30 23:56:24 | 000,149,504 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2007.07.30 23:56:24 | 000,006,067 | ---- | C] () -- C:\Windows\UNWISE.INI
[2007.06.16 22:48:00 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.06.14 16:41:11 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2007.05.31 21:38:25 | 000,055,949 | ---- | C] () -- C:\Windows\System32\x264-uninstall.exe
[2007.04.24 10:14:36 | 000,194,560 | ---- | C] () -- C:\Users\Fabo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.02.15 23:45:41 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL
[2007.02.15 23:45:36 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
[2007.02.15 22:55:55 | 000,069,632 | ---- | C] () -- C:\Windows\System32\vuins32.dll
[2007.02.15 15:20:34 | 000,135,168 | ---- | C] () -- C:\Windows\System32\property.dll
[2006.11.06 18:03:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 17:33:31 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,326,800 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2005.08.17 16:10:56 | 000,542,208 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2007.04.29 20:28:21 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\acccore
[2009.02.04 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\CoSoSys
[2011.05.19 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\DVDVideoSoft
[2011.05.03 21:10:26 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.02.23 18:03:19 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\EPSON
[2008.01.30 17:04:21 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\FloodLightGames
[2010.10.02 21:18:54 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\GARMIN
[2007.05.15 16:20:34 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\Kazaa Lite
[2008.12.20 12:55:49 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\OpenOffice.org
[2008.08.28 22:58:51 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\Panasonic
[2007.09.28 13:08:19 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\PTV Game
[2009.08.21 01:06:16 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\StreamTorrent
[2007.09.05 15:25:10 | 000,000,000 | ---D | M] -- C:\Users\Fabo\AppData\Roaming\Uniblue
[2011.06.07 22:41:23 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 48 bytes -> C:\Windows:01131222C357D2C5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8AB6C1D7

< End of report >
--- --- ---

cosinus 08.06.2011 10:51
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "BearShare Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
O4 - HKLM..\Run: [MsgCenterExe]  File not found
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2]  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.05.01 18:16:32 | 000,000,148 | R--- | M] () - E:\AUTORUN.inf -- [ UDF ]
O32 - AutoRun File - [2007.07.04 05:19:48 | 000,000,000 | R--D | M] - E:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.07.04 05:19:47 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.07.04 04:23:42 | 000,585,728 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\Shell - "" = AutoRun
O33 - MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O33 - MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Madden08.exe -- [2007.07.04 05:00:31 | 000,144,648 | R--- | M] (EA - Salt Lake)
[2011.04.22 02:15:52 | 000,028,672 | ---- | C] () -- C:\Windows\System32\wsnmp32d.dll
@Alternate Data Stream - 48 bytes -> C:\Windows:01131222C357D2C5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8AB6C1D7
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Fabo63 08.06.2011 12:42
Ich hoffe mal das ich es richtig gemacht hab...

Resultat ist...


========== OTL ==========
Prefs.js: "BearShare Web Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "BearShare Web Search" removed from browser.search.order.1
Prefs.js: "Search" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MsgCenterExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Uniblue RegistryBooster 2 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. E:\AUTORUN.inf scheduled to be moved on reboot.
File not found.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65d4206-6194-11de-8226-0019db518a3f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65d4206-6194-11de-8226-0019db518a3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65d4206-6194-11de-8226-0019db518a3f}\ not found.
File M:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d00ca5fe-f22e-11db-a252-806e6f6e6963}\ not found.
File move failed. E:\Madden08.exe scheduled to be moved on reboot.
C:\Windows\System32\wsnmp32d.dll moved successfully.
ADS C:\Windows:01131222C357D2C5 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06082011_133509

Files\Folders moved on Reboot...
File move failed. E:\AUTORUN.inf scheduled to be moved on reboot.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
File move failed. E:\AutoRunGUI.dll scheduled to be moved on reboot.
File move failed. E:\Madden08.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 08.06.2011 13:24
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Fabo63 08.06.2011 13:47
Blöde Frage... muß ich Antivir deinstallieren oder geht Kaspersky auch so?

cosinus 08.06.2011 14:11
Deaktivier mal lieber vorher.

Fabo63 08.06.2011 14:38
So das kam raus...

2011/06/08 15:30:32.0839 4100 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/06/08 15:30:35.0971 4100 ================================================================================
2011/06/08 15:30:35.0971 4100 SystemInfo:
2011/06/08 15:30:35.0971 4100
2011/06/08 15:30:35.0971 4100 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/08 15:30:35.0971 4100 Product type: Workstation
2011/06/08 15:30:35.0971 4100 ComputerName: FABO-PC
2011/06/08 15:30:35.0976 4100 UserName: Fabo
2011/06/08 15:30:35.0976 4100 Windows directory: C:\Windows
2011/06/08 15:30:35.0976 4100 System windows directory: C:\Windows
2011/06/08 15:30:35.0976 4100 Processor architecture: Intel x86
2011/06/08 15:30:35.0976 4100 Number of processors: 2
2011/06/08 15:30:35.0976 4100 Page size: 0x1000
2011/06/08 15:30:35.0976 4100 Boot type: Normal boot
2011/06/08 15:30:35.0976 4100 ================================================================================
2011/06/08 15:30:38.0482 4100 Initialize success
2011/06/08 15:30:43.0328 2684 ================================================================================
2011/06/08 15:30:43.0328 2684 Scan started
2011/06/08 15:30:43.0328 2684 Mode: Manual;
2011/06/08 15:30:43.0328 2684 ================================================================================
2011/06/08 15:30:50.0323 2684 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/06/08 15:30:50.0735 2684 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/06/08 15:30:51.0109 2684 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/06/08 15:30:51.0600 2684 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/06/08 15:30:52.0085 2684 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/06/08 15:30:52.0666 2684 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
2011/06/08 15:30:53.0243 2684 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/06/08 15:30:53.0763 2684 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/06/08 15:30:54.0161 2684 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/06/08 15:30:54.0577 2684 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/06/08 15:30:54.0920 2684 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/06/08 15:30:55.0574 2684 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/06/08 15:30:56.0080 2684 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/06/08 15:30:56.0517 2684 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/06/08 15:30:57.0003 2684 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/06/08 15:30:57.0451 2684 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/06/08 15:30:57.0791 2684 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/08 15:30:58.0300 2684 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/06/08 15:30:58.0807 2684 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/06/08 15:30:59.0591 2684 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/08 15:31:00.0034 2684 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/08 15:31:00.0383 2684 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/06/08 15:31:00.0856 2684 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/06/08 15:31:01.0373 2684 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/06/08 15:31:01.0833 2684 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/08 15:31:02.0331 2684 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/06/08 15:31:02.0688 2684 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/06/08 15:31:03.0211 2684 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/08 15:31:03.0452 2684 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/08 15:31:03.0790 2684 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/06/08 15:31:04.0053 2684 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/06/08 15:31:04.0472 2684 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/06/08 15:31:04.0558 2684 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
2011/06/08 15:31:04.0664 2684 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/08 15:31:04.0767 2684 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/06/08 15:31:05.0004 2684 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/06/08 15:31:05.0515 2684 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/06/08 15:31:05.0706 2684 DLABMFSM (a53723176d0002feb486eff8e17812f2) C:\Windows\system32\DLA\DLABMFSM.SYS
2011/06/08 15:31:06.0056 2684 DLABOIOM (d4587063acea776699251e177d719586) C:\Windows\system32\DLA\DLABOIOM.SYS
2011/06/08 15:31:06.0391 2684 DLACDBHM (5230cdb7e715f3a3b4a882e254cdd35d) C:\Windows\system32\Drivers\DLACDBHM.SYS
2011/06/08 15:31:06.0579 2684 DLADResM (1cc77bf6481567b617f7d204932a10e4) C:\Windows\system32\DLA\DLADResM.SYS
2011/06/08 15:31:06.0769 2684 DLAIFS_M (24400137e387a24410c52a591f3cfb4d) C:\Windows\system32\DLA\DLAIFS_M.SYS
2011/06/08 15:31:06.0988 2684 DLAOPIOM (29a303feceb28641ecebdae89eb71c63) C:\Windows\system32\DLA\DLAOPIOM.SYS
2011/06/08 15:31:07.0280 2684 DLAPoolM (c93e33a22a1ae0c5508f3fb1f6d0a50c) C:\Windows\system32\DLA\DLAPoolM.SYS
2011/06/08 15:31:07.0572 2684 DLARTL_M (91886fed52a3f9966207bce46cfd794f) C:\Windows\system32\Drivers\DLARTL_M.SYS
2011/06/08 15:31:07.0993 2684 DLAUDFAM (b953498c35a31e5ac98f49adbcf3e627) C:\Windows\system32\DLA\DLAUDFAM.SYS
2011/06/08 15:31:08.0362 2684 DLAUDF_M (4897704c093c1f59ce58fc65e1e1ef1e) C:\Windows\system32\DLA\DLAUDF_M.SYS
2011/06/08 15:31:08.0762 2684 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/06/08 15:31:09.0151 2684 DRVMCDB (c00440385cf9f3d142917c63f989e244) C:\Windows\system32\Drivers\DRVMCDB.SYS
2011/06/08 15:31:09.0535 2684 DRVNDDM (ffc371525aa55d1bae18715ebcb8797c) C:\Windows\system32\Drivers\DRVNDDM.SYS
2011/06/08 15:31:10.0105 2684 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/08 15:31:11.0177 2684 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/06/08 15:31:11.0804 2684 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/06/08 15:31:12.0264 2684 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/06/08 15:31:12.0823 2684 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/06/08 15:31:13.0141 2684 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/06/08 15:31:13.0569 2684 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/08 15:31:14.0144 2684 FET5X86V (8787449f8ef116db0e8e06c3555746a7) C:\Windows\system32\DRIVERS\fetnd5bv.sys
2011/06/08 15:31:14.0476 2684 FETNDIS (b2b2c38e916184ff8523c7439ddd417f) C:\Windows\system32\DRIVERS\fetnd5.sys
2011/06/08 15:31:14.0925 2684 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/06/08 15:31:15.0146 2684 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/06/08 15:31:15.0434 2684 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/08 15:31:15.0711 2684 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/06/08 15:31:16.0299 2684 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/08 15:31:16.0804 2684 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/08 15:31:17.0389 2684 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2011/06/08 15:31:17.0983 2684 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/06/08 15:31:18.0354 2684 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/08 15:31:18.0765 2684 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/06/08 15:31:18.0953 2684 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/06/08 15:31:19.0204 2684 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/08 15:31:19.0421 2684 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/06/08 15:31:19.0797 2684 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/06/08 15:31:20.0033 2684 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/06/08 15:31:20.0488 2684 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/08 15:31:20.0840 2684 iaStor (294110966cedd127629c5be48367c8cf) C:\Windows\system32\drivers\iastor.sys
2011/06/08 15:31:21.0028 2684 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/06/08 15:31:21.0391 2684 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/06/08 15:31:22.0159 2684 IntcAzAudAddService (c61b3b87f3856cef0c9f204028c6860d) C:\Windows\system32\drivers\RTKVHDA.sys
2011/06/08 15:31:23.0080 2684 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
2011/06/08 15:31:23.0351 2684 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/08 15:31:23.0706 2684 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/08 15:31:24.0035 2684 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/08 15:31:24.0317 2684 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/08 15:31:24.0625 2684 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/06/08 15:31:24.0865 2684 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/06/08 15:31:25.0256 2684 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/08 15:31:25.0340 2684 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/06/08 15:31:25.0650 2684 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/06/08 15:31:25.0787 2684 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/08 15:31:25.0862 2684 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/08 15:31:26.0631 2684 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
2011/06/08 15:31:27.0049 2684 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
2011/06/08 15:31:27.0457 2684 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
2011/06/08 15:31:27.0859 2684 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
2011/06/08 15:31:28.0230 2684 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
2011/06/08 15:31:28.0685 2684 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/08 15:31:29.0413 2684 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/08 15:31:29.0748 2684 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/08 15:31:30.0083 2684 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/08 15:31:30.0363 2684 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/08 15:31:30.0935 2684 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/06/08 15:31:31.0267 2684 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/06/08 15:31:31.0561 2684 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/06/08 15:31:31.0822 2684 monitor (ec839ba91e45cce6eadafc418fff8206) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/08 15:31:32.0193 2684 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/08 15:31:32.0529 2684 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/08 15:31:32.0920 2684 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/06/08 15:31:33.0247 2684 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/06/08 15:31:33.0747 2684 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/08 15:31:34.0171 2684 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/08 15:31:34.0491 2684 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/08 15:31:34.0824 2684 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/08 15:31:34.0978 2684 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/08 15:31:35.0258 2684 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/08 15:31:35.0542 2684 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/06/08 15:31:35.0765 2684 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/06/08 15:31:36.0159 2684 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/06/08 15:31:36.0507 2684 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/06/08 15:31:37.0035 2684 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/08 15:31:37.0397 2684 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/08 15:31:37.0689 2684 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/06/08 15:31:38.0031 2684 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/06/08 15:31:38.0551 2684 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/08 15:31:38.0949 2684 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/06/08 15:31:39.0124 2684 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/06/08 15:31:39.0437 2684 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/08 15:31:39.0903 2684 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/06/08 15:31:40.0527 2684 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/08 15:31:40.0888 2684 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/08 15:31:41.0176 2684 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/08 15:31:41.0412 2684 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/06/08 15:31:41.0772 2684 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/08 15:31:41.0990 2684 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/08 15:31:42.0558 2684 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/06/08 15:31:42.0958 2684 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/06/08 15:31:43.0396 2684 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/08 15:31:43.0984 2684 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/06/08 15:31:45.0023 2684 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/06/08 15:31:45.0454 2684 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/06/08 15:31:45.0863 2684 nvatabus (7d960340be5b0e008bb94e4c3b991339) C:\Windows\system32\drivers\nvatabus.sys
2011/06/08 15:31:47.0058 2684 nvlddmkm (7d80ff0e34a0d04bef343df07b4707cf) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/08 15:31:50.0081 2684 nvraid (52f54c59a0ec7920c23638313e99e43c) C:\Windows\system32\drivers\nvraid.sys
2011/06/08 15:31:50.0514 2684 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/06/08 15:31:50.0969 2684 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/06/08 15:31:52.0117 2684 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/08 15:31:52.0627 2684 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/06/08 15:31:53.0038 2684 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/06/08 15:31:53.0435 2684 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/06/08 15:31:53.0890 2684 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/06/08 15:31:54.0542 2684 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/06/08 15:31:55.0137 2684 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/06/08 15:31:56.0550 2684 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/06/08 15:31:57.0684 2684 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/08 15:31:58.0132 2684 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/06/08 15:31:58.0821 2684 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/08 15:31:59.0773 2684 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
2011/06/08 15:32:00.0876 2684 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/06/08 15:32:01.0996 2684 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/06/08 15:32:02.0636 2684 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/08 15:32:03.0125 2684 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/08 15:32:03.0734 2684 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/08 15:32:04.0252 2684 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/08 15:32:04.0812 2684 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/08 15:32:05.0309 2684 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/08 15:32:05.0714 2684 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/08 15:32:06.0306 2684 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/06/08 15:32:07.0488 2684 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/08 15:32:07.0846 2684 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/06/08 15:32:08.0360 2684 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/08 15:32:09.0154 2684 RT73 (5eff124bfabac3e7fc2908be28906b1b) C:\Windows\system32\DRIVERS\Dr71WU.sys
2011/06/08 15:32:09.0739 2684 RxFilter (85eceb9936e1112d055409647fc8579a) C:\Windows\system32\DRIVERS\RxFilter.sys
2011/06/08 15:32:10.0042 2684 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/06/08 15:32:11.0157 2684 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/06/08 15:32:11.0658 2684 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/08 15:32:12.0521 2684 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/06/08 15:32:13.0668 2684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/06/08 15:32:14.0794 2684 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/06/08 15:32:15.0771 2684 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/08 15:32:16.0773 2684 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/08 15:32:17.0395 2684 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/06/08 15:32:17.0689 2684 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/06/08 15:32:18.0375 2684 SiSRaid2 (b8a2f8dcdc75f19962d975727f393920) C:\Windows\system32\drivers\sisraid2.sys
2011/06/08 15:32:18.0822 2684 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/06/08 15:32:19.0234 2684 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/06/08 15:32:19.0771 2684 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/06/08 15:32:20.0029 2684 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/06/08 15:32:20.0294 2684 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/08 15:32:20.0869 2684 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/08 15:32:21.0142 2684 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/06/08 15:32:21.0631 2684 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/08 15:32:22.0519 2684 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/06/08 15:32:23.0029 2684 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/06/08 15:32:24.0241 2684 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/06/08 15:32:25.0959 2684 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/06/08 15:32:27.0624 2684 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/08 15:32:27.0851 2684 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/08 15:32:28.0116 2684 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/06/08 15:32:29.0323 2684 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/06/08 15:32:30.0240 2684 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/08 15:32:31.0406 2684 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/08 15:32:32.0618 2684 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/08 15:32:33.0281 2684 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/08 15:32:34.0501 2684 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/08 15:32:35.0645 2684 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/06/08 15:32:36.0650 2684 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/08 15:32:37.0254 2684 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/08 15:32:37.0766 2684 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/06/08 15:32:39.0019 2684 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/06/08 15:32:39.0935 2684 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/06/08 15:32:40.0672 2684 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/08 15:32:41.0106 2684 USB28xxBGA (75860c1e8f36d13a96a8cb426e4c18ae) C:\Windows\system32\DRIVERS\emBDA.sys
2011/06/08 15:32:41.0551 2684 USB28xxOEM (67bbbfb2528ce47d715884bce634cf9e) C:\Windows\system32\DRIVERS\emOEM.sys
2011/06/08 15:32:42.0431 2684 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
2011/06/08 15:32:43.0144 2684 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/08 15:32:43.0468 2684 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/06/08 15:32:43.0720 2684 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/08 15:32:44.0121 2684 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/08 15:32:44.0273 2684 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/06/08 15:32:44.0489 2684 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/08 15:32:44.0677 2684 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/06/08 15:32:44.0781 2684 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/08 15:32:44.0876 2684 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/08 15:32:45.0225 2684 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/08 15:32:45.0794 2684 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/06/08 15:32:46.0189 2684 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/06/08 15:32:46.0511 2684 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/06/08 15:32:47.0005 2684 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
2011/06/08 15:32:47.0659 2684 viamraid (9f3f276c7300ed211129757a411b605f) C:\Windows\system32\drivers\viamraid.sys
2011/06/08 15:32:47.0772 2684 videX32 (f95c0fcfbcbda6d8f202d2df4052f88d) C:\Windows\system32\DRIVERS\videX32.sys
2011/06/08 15:32:48.0020 2684 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/06/08 15:32:48.0398 2684 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/06/08 15:32:48.0952 2684 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/06/08 15:32:49.0375 2684 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/06/08 15:32:49.0846 2684 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/06/08 15:32:50.0416 2684 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 15:32:50.0825 2684 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/08 15:32:51.0144 2684 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/06/08 15:32:51.0762 2684 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/08 15:32:52.0463 2684 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/08 15:32:53.0177 2684 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/08 15:32:53.0654 2684 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/08 15:32:54.0419 2684 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/08 15:32:55.0060 2684 xfilt (bec604cdc548a528ebd3d7aa1dd46a89) C:\Windows\system32\DRIVERS\xfilt.sys
2011/06/08 15:32:55.0500 2684 ================================================================================
2011/06/08 15:32:55.0500 2684 Scan finished
2011/06/08 15:32:55.0500 2684 ================================================================================

cosinus 08.06.2011 14:50
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Fabo63 08.06.2011 15:45
Ich hoffe das das stimmt...

Ergebnis...

Combofix Logfile:
Code:
ComboFix 11-06-07.03 - Fabo 08.06.2011  16:18:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.1022.434 [GMT 2:00]
ausgeführt von:: c:\users\Fabo\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\firststeps\FirstSteps.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\moviebox
c:\programdata\Microsoft\Windows\Start Menu\Programs\moviebox\Uninstall.lnk
c:\users\Fabo\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-05-08 bis 2011-06-08  ))))))))))))))))))))))))))))))
.
.
2011-06-08 14:34 . 2011-06-08 14:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-06-08 14:11 . 2011-06-08 14:12        --------        d-----w-        C:\32788R22FWJFW
2011-06-08 13:01 . 2011-04-24 21:13        110992        ----a-w-        c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
2011-06-08 13:01 . 2011-04-24 21:13        147856        ----a-w-        c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-06-08 12:56 . 2011-06-08 13:15        115369        ----a-w-        c:\windows\system32\drivers\klin.dat
2011-06-08 12:56 . 2011-06-08 12:56        97859        ----a-w-        c:\windows\system32\drivers\klick.dat
2011-06-08 12:52 . 2011-06-08 13:10        --------        d-----w-        c:\programdata\Kaspersky Lab
2011-06-08 12:52 . 2011-06-08 12:52        --------        d-----w-        c:\program files\Kaspersky Lab
2011-06-08 11:35 . 2011-06-08 11:35        --------        d-----w-        C:\_OTL
2011-06-07 21:03 . 2011-05-29 07:11        39984        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-07 21:03 . 2011-05-29 07:11        22712        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-06-07 13:41 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DADE2822-FD36-4BC7-8925-47A8D559A179}\mpengine.dll
2011-05-26 22:39 . 2011-05-26 22:39        --------        d-----w-        c:\users\Fabo\AppData\Roaming\Malwarebytes
2011-05-26 22:39 . 2011-05-26 22:39        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-26 22:38 . 2011-06-07 21:03        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-23 22:08 . 2011-05-23 22:08        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 21:07 . 2011-05-19 21:08        --------        d-----w-        c:\users\Fabo\AppData\Roaming\DVDVideoSoft
2011-05-11 15:12 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-24 17:14 . 2009-10-03 00:10        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-04-24 21:13 . 2011-04-24 21:13        229776        ----a-w-        c:\windows\system32\klogon.dll
2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\system32\jdns_sd.dll
2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2011-03-12 21:55 . 2011-04-27 13:56        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-03-10 17:03 . 2011-04-21 15:49        1162240        ----a-w-        c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-21 15:49        1136640        ----a-w-        c:\windows\system32\mfc42.dll
2011-03-10 16:36 . 2011-03-10 16:36        23856        ----a-w-        c:\windows\system32\drivers\klim6.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-29 4317184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-11-16 106496]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-05 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-05 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-05 81920]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\users\Fabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO -viewer-.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe [2008-8-28 40960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 23856]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - KLMD25
*Deregistered* - klmd25
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr8/*hxxp://de.search.yahoo.com
IE: Free YouTube Download - c:\users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to iPod Converter - c:\users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm
IE: Free YouTube to Mp3 Converter - c:\users\Fabo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Fabo\AppData\Roaming\Mozilla\Firefox\Profiles\tj9n2h07.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=
FF - Ext: United States English Spellchecker: en-US@dictionaries.addons.mozilla.org - %profile%\extensions\en-US@dictionaries.addons.mozilla.org
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Suche Deutschland Toolbar: {937f343c-c9c2-4235-b544-7fc4da2f2594} - %profile%\extensions\{937f343c-c9c2-4235-b544-7fc4da2f2594}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Virtuelle Tastatur: virtualKeyboard@kaspersky.ru - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Age of Empires 2.0 - c:\program files\Microsoft Games\Age of Empires II\UNINSTAL.EXE
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\DivXConverterUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-06-08 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
 [0] 0x24548908
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180720396-1922566386-2137624434-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8f,40,22,18,14,f5,b1,d4,16,be,7f,93,fc,c3,53,a9,87,ec,13,8e,51,ba,87,
  be,c9,ac,95,e0,9e,71,16,e1,c6,8e,f6,cb,24,27,ac,eb,1a,ce,de,fa,5e,9c,f8,a7,\
"??"=hex:d5,bd,3e,be,24,6f,8d,e4,bb,d5,19,49,b2,b8,56,1d
.
Zeit der Fertigstellung: 2011-06-08  16:40:58
ComboFix-quarantined-files.txt  2011-06-08 14:40
.
Vor Suchlauf: 14 Verzeichnis(se), 19.552.825.344 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.346.364.416 Bytes frei
.
- - End Of File - - 6232BE2965ECB5A4016A9C8535F5A6FA
--- --- ---

cosinus 08.06.2011 20:48
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Fabo63 08.06.2011 21:55
Ich versteh nur nicht wie ich das mit dem Strg+V machen soll...

Das ist übrigens das Ergebnis von GMER

GMER Logfile:
Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-08 22:50:11
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3250820AS rev.3.AAC
Running: r3wtuqob.exe; Driver: C:\Users\Fabo\AppData\Local\Temp\kwtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text  C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                section is writeable [0x8A608340, 0x292767, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text  C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!TrackPopupMenu    761A14F3 5 Bytes  JMP 67F3C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text  C:\Program Files\Mozilla Firefox\firefox.exe[3796] ntdll.dll!LdrLoadDll                  77AB93A8 5 Bytes  JMP 013E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Files - GMER 1.0.15 ----

File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\DD9C6869d01  35562 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\875299D5d01  21677 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\C85D1396d01  20469 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\FADD69FFd01  19390 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\FDE5D754d01  18563 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\A2E3A6E9d01  19348 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\F33F6250d01  23674 bytes
File  C:\Users\Fabo\AppData\Local\Mozilla\Firefox\Profiles\tj9n2h07.default\Cache\F8D0BAF6d01  17031 bytes

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 08.06.2011 22:02
Zitat:
Ich versteh nur nicht wie ich das mit dem Strg+V machen soll...
STRG+V ist bloß eine Tastenkombination für Rechtsklick, Einfügen.
STRG+C für Rechtsklick, kopieren
Und STRG+A markiert alles, ansonsten müsstest du mit der Maus manuell überalles fahren und das dann kopieren

Fabo63 08.06.2011 22:04
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:02:07 on 08.06.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.17

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"bdeadmin.cpl" - "Borland Software Corporation" - C:\Windows\system32\bdeadmin.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\Users\Fabo\AppData\Local\Temp\catchme.sys  (File not found)
"DLABMFSM" (DLABMFSM) - "Roxio" - C:\Windows\System32\DLA\DLABMFSM.SYS
"DLABOIOM" (DLABOIOM) - "Roxio" - C:\Windows\System32\DLA\DLABOIOM.SYS
"DLACDBHM" (DLACDBHM) - "Roxio" - C:\Windows\System32\Drivers\DLACDBHM.SYS
"DLADResM" (DLADResM) - "Roxio" - C:\Windows\System32\DLA\DLADResM.SYS
"DLAIFS_M" (DLAIFS_M) - "Roxio" - C:\Windows\System32\DLA\DLAIFS_M.SYS
"DLAOPIOM" (DLAOPIOM) - "Roxio" - C:\Windows\System32\DLA\DLAOPIOM.SYS
"DLAPoolM" (DLAPoolM) - "Roxio" - C:\Windows\System32\DLA\DLAPoolM.SYS
"DLARTL_M" (DLARTL_M) - "Roxio" - C:\Windows\System32\Drivers\DLARTL_M.SYS
"DLAUDFAM" (DLAUDFAM) - "Roxio" - C:\Windows\System32\DLA\DLAUDFAM.SYS
"DLAUDF_M" (DLAUDF_M) - "Roxio" - C:\Windows\System32\DLA\DLAUDF_M.SYS
"DRVMCDB" (DRVMCDB) - "Sonic Solutions" - C:\Windows\System32\Drivers\DRVMCDB.SYS
"DRVNDDM" (DRVNDDM) - "Roxio" - C:\Windows\System32\Drivers\DRVNDDM.SYS
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwtdypog" (kwtdypog) - ? - C:\Users\Fabo\AppData\Local\Temp\kwtdypog.sys  (Hidden registry entry, rootkit activity | File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\System32\drivers\Afc.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{5E44E225-A408-11CF-B581-008029601108} "Roxio DragToDisc Shell Extension" - "Roxio" - c:\Program Files\Roxio\Drag-to-Disc\Shellex.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "Shell Extensions for RealOne Player" - ? -  (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_19" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_19.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash9d.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{53707962-6F74-2D53-2644-206D7942484F} "ClsidExtension" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "EPSON Web-To-Page" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} "EpsonToolBandKicker Class" - "SEIKO EPSON CORPORATION" - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{53707962-6F74-2D53-2644-206D7942484F} "Spybot-S&D IE Protection" - "Safer Networking Limited" - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "SSVHelper Class" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Fabo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.0.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PHOTOfunSTUDIO -viewer-.lnk" - "Matsushita Electric Industrial Co., Ltd." - C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ISUSPM Startup" - "Macrovision Corporation" - "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"Corel Photo Downloader" - "Corel, Inc." - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
"ISUSScheduler" - "Macrovision Corporation" - "c:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"QuickFinder Scheduler" - "Corel Corporation" - "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SBSD Security Center Service" (SBSDWSCService) - "Safer Networking Ltd." - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Fabo63 08.06.2011 22:07
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 156):
0x8204B000 \SystemRoot\system32\ntkrnlpa.exe
0x82018000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047C000 \SystemRoot\system32\PSHED.dll
0x8048D000 \SystemRoot\system32\BOOTVID.dll
0x80495000 \SystemRoot\system32\CLFS.SYS
0x804D6000 \SystemRoot\system32\CI.dll
0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80691000 \SystemRoot\system32\drivers\acpi.sys
0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E8000 \SystemRoot\system32\drivers\pci.sys
0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
0x8071E000 \SystemRoot\system32\drivers\volmgr.sys
0x8072D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80777000 \SystemRoot\system32\DRIVERS\videX32.sys
0x8077F000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8078D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8079D000 \SystemRoot\system32\drivers\atapi.sys
0x807A5000 \SystemRoot\system32\drivers\ataport.SYS
0x807C3000 \SystemRoot\system32\drivers\vsmraid.sys
0x805B6000 \SystemRoot\system32\drivers\storport.sys
0x8260E000 \SystemRoot\system32\drivers\fltmgr.sys
0x82640000 \SystemRoot\system32\drivers\fileinfo.sys
0x82650000 \SystemRoot\System32\Drivers\DRVMCDB.SYS
0x82666000 \SystemRoot\system32\DRIVERS\xfilt.sys
0x8266F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82679000 \SystemRoot\System32\Drivers\ksecdd.sys
0x826EA000 \SystemRoot\system32\drivers\ndis.sys
0x82C0E000 \SystemRoot\system32\drivers\msrpc.sys
0x82C39000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C74000 \SystemRoot\System32\drivers\tcpip.sys
0x82D5E000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82E03000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F13000 \SystemRoot\system32\drivers\volsnap.sys
0x82F4C000 \SystemRoot\System32\Drivers\spldr.sys
0x82F54000 \SystemRoot\System32\Drivers\mup.sys
0x82F63000 \SystemRoot\System32\drivers\ecache.sys
0x82F8A000 \SystemRoot\system32\drivers\disk.sys
0x82F9B000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82FBC000 \SystemRoot\system32\drivers\crcdisk.sys
0x82FE5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82FF0000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82D79000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8A608000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8AA48000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AAE8000 \SystemRoot\System32\drivers\watchdog.sys
0x8AAF4000 \SystemRoot\system32\drivers\Afc.sys
0x8AAFC000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0x8AAFE000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8AB16000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8AB1C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8AB27000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8AB65000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8AB74000 \SystemRoot\system32\DRIVERS\fetnd5bv.sys
0x8AB7F000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8AB8F000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8AB9D000 \SystemRoot\system32\DRIVERS\serial.sys
0x8ABB7000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8AC0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AC9A000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8ACC9000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8ACD4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8ACEB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8ACF6000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AD19000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AD28000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AD3C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AD51000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AD61000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8AD6C000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8AD77000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AD79000 \SystemRoot\system32\DRIVERS\ks.sys
0x8ADA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8ADAD000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8ADBA000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8ADEF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B004000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8B19A000 \SystemRoot\system32\drivers\portcls.sys
0x8B1C7000 \SystemRoot\system32\drivers\drmk.sys
0x8B1EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B1F5000 \SystemRoot\System32\Drivers\Null.SYS
0x8AC00000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AC07000 \SystemRoot\System32\Drivers\DLARTL_M.SYS
0x8ABCA000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ABD1000 \SystemRoot\System32\drivers\vga.sys
0x8ABDD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x82D88000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8B1FC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ABC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x82D9D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x82DA8000 \SystemRoot\System32\Drivers\Npfs.SYS
0x82DB6000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x82DBF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x82DD5000 \SystemRoot\system32\DRIVERS\smb.sys
0x8B407000 \SystemRoot\system32\drivers\afd.sys
0x8B44F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B481000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B497000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B4A0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8B4B0000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B4BE000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B4D1000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8B4D7000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B513000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8B51B000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B525000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B53C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8B562000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8B579000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8B582000 \SystemRoot\system32\DRIVERS\udfs.sys
0x8B5BD000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B5CA000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B5D5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x930A0000 \SystemRoot\System32\win32k.sys
0x8B5DD000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B5E7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x932C0000 \SystemRoot\System32\TSDDD.dll
0x932E0000 \SystemRoot\System32\cdd.dll
0x82FC5000 \SystemRoot\system32\drivers\luafv.sys
0x82DE9000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x82C00000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0x8B5F6000 \SystemRoot\System32\DLA\DLADResM.SYS
0x807E1000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0x8B5F7000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0x8B5FC000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0x8B400000 \SystemRoot\System32\DLA\DLABMFSM.SYS
0x82FF9000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0x96E02000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0x96E18000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0x96E37000 \SystemRoot\system32\drivers\spsys.sys
0x96EE7000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x96EF7000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x96F21000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x96F2B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x96F3E000 \SystemRoot\system32\drivers\HTTP.sys
0x96FAB000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x96FC8000 \SystemRoot\system32\DRIVERS\bowser.sys
0x96FE1000 \SystemRoot\System32\drivers\mpsdrv.sys
0x98C0B000 \SystemRoot\system32\drivers\mrxdav.sys
0x98C2C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x98C4B000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x98C84000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x98C9C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x98CC4000 \SystemRoot\System32\DRIVERS\srv.sys
0x98D13000 \SystemRoot\system32\drivers\peauth.sys
0x98DF1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x82600000 \SystemRoot\System32\drivers\tcpipreg.sys
0x96400000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x96415000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x96427000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9643D000 \??\C:\Users\Fabo\AppData\Local\Temp\kwtdypog.sys
0x77A90000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
472 C:\Windows\System32\smss.exe
540 csrss.exe
588 C:\Windows\System32\wininit.exe
596 csrss.exe
632 C:\Windows\System32\services.exe
644 C:\Windows\System32\lsass.exe
652 C:\Windows\System32\lsm.exe
736 C:\Windows\System32\winlogon.exe
840 C:\Windows\System32\svchost.exe
964 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\svchost.exe
1264 C:\Windows\System32\audiodg.exe
1288 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\SLsvc.exe
1344 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\svchost.exe
1740 C:\Windows\System32\spoolsv.exe
1768 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1796 C:\Windows\System32\svchost.exe
504 C:\Windows\System32\dwm.exe
600 C:\Windows\System32\taskeng.exe
828 C:\Windows\explorer.exe
956 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
492 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1528 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
732 C:\Windows\RtHDVCpl.exe
1940 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1372 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
2076 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
2092 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2108 C:\Program Files\iTunes\iTunesHelper.exe
2128 C:\Program Files\Bonjour\mDNSResponder.exe
2208 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2240 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2260 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\svchost.exe
2380 C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
2500 C:\Windows\System32\svchost.exe
2524 C:\Program Files\Windows Sidebar\sidebar.exe
2552 C:\Windows\System32\SearchIndexer.exe
2648 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2672 C:\Windows\System32\rundll32.exe
2740 C:\Windows\ehome\ehtray.exe
2912 C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
3168 WUDFHost.exe
3220 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3284 C:\Windows\ehome\ehmsas.exe
3636 C:\Windows\System32\mobsync.exe
4088 C:\Program Files\OpenOffice.org 3\program\soffice.bin
2928 C:\Program Files\iPod\bin\iPodService.exe
3568 C:\Windows\System32\svchost.exe
4076 C:\Windows\System32\wbem\unsecapp.exe
1496 WmiPrvSE.exe
2412 C:\Windows\System32\taskeng.exe
3796 C:\Program Files\Mozilla Firefox\firefox.exe
1328 C:\Program Files\Mozilla Firefox\plugin-container.exe
2568 C:\Users\Fabo\Downloads\r3wtuqob.exe
512 C:\Program Files\WinRAR\WinRAR.exe
960 C:\Users\Fabo\AppData\Local\Temp\Rar$EX01.469\osam.exe
2724 C:\Windows\System32\notepad.exe
1136 taskeng.exe
2948 C:\Windows\System32\SearchProtocolHost.exe
2532 C:\Windows\System32\SearchFilterHost.exe
3728 C:\Users\Fabo\Downloads\MBRCheck.exe
3648 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`ee100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000002e`ea800000 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AAC

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Fabo63 08.06.2011 22:09
So noch was...

Vielen dank erstmal für all die Hilfe! :party:
Ist nicht ohne so ein Trojaner los zu werden!!! :headbang:

cosinus 09.06.2011 09:22
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Fabo63 09.06.2011 14:42
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6803

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

09.06.2011 15:40:06
mbam-log-2011-06-09 (15-40-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304009
Laufzeit: 1 Stunde(n), 46 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 09.06.2011 15:35
Zitat:
Datenbank Version: 6803
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Fabo63 09.06.2011 18:37
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/09/2011 at 07:34 PM

Application Version : 4.53.1000

Core Rules Database Version : 7237
Trace Rules Database Version: 5049

Scan type : Complete Scan
Total Scan Time : 03:37:25

Memory items scanned : 717
Memory threats detected : 0
Registry items scanned : 8641
Registry threats detected : 0
File items scanned : 168301
File threats detected : 63

Adware.Tracking Cookie
C:\Users\Fabo\AppData\Roaming\Microsoft\Windows\Cookies\fabo@2o7[2].txt
C:\Users\Fabo\AppData\Roaming\Microsoft\Windows\Cookies\fabo@perf.overture[1].txt
149.memecounter.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
46.memecounter.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
83.memecounter.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
acvs.mediaonenetwork.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
adserver.new-directions.de [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
atdmt.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
banner.mindshare.de [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
banners.securedataimages.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
bc.youporn.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
cdn-www.pornhub.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
cdn.eyewonder.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
cdn1.eyewonder.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
cdn4.specificclick.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
cdn5.specificclick.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
cds017.am4.media.scanscout.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
core.insightexpressai.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
files.youporn.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
flvplayer2.hardsextube.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
googleads.g.doubleclick.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
ia.media-imdb.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
imagesrv.adition.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
interclick.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
m.de.2mdn.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
m.uk.2mdn.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
m1.2mdn.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
macromedia.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media.ign.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media.jambocast.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media.mtvnservices.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media.noob.us [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media.scanscout.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media01.kyte.tv [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
media1.break.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
mediapartner.bigpoint.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
memecounter.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
naiadsystems.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
objects.tremormedia.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
s0.2mdn.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
secure-us.imrworldwide.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
spe.atdmt.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
stat.radioblogclub.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
static.youporn.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
track.webgains.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
vfsexa.gmx.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
vfsexb.gmx.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
vfsexc.gmx.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
vfsexe.gmx.net [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
vidii.hardsextube.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.deinsexdate.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.freshteen.biz [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.maxporn.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.naiadsystems.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.pornhub.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.pornotube.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.pornpros.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.satzmedia-catalog.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.secmedia.de [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.youporncams.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www.ziporn.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
www2.satzmedia-catalog.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]
youporn.videobox.com [ C:\Users\Fabo\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7534LVJF ]

Fabo63 09.06.2011 18:40
Verdammt, du hast recht... danke.
Wird nochmal gescannt...

Zitat:
Zitat von cosinus (Beitrag 669946)
Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Fabo63 09.06.2011 20:21
So mit update

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6820

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

09.06.2011 21:20:20
mbam-log-2011-06-09 (21-20-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 304784
Laufzeit: 1 Stunde(n), 41 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 09.06.2011 20:30
Ok bislang nur Cookies. ESET fehlt noch.

Fabo63 09.06.2011 21:50
Ist in arbeit... noch 55%

Fabo63 09.06.2011 23:34
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=955a408703dc6f46a30eb3cd8fb04829
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-09 09:58:41
# local_time=2011-06-09 11:58:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 99817 44184689 6116 0
# compatibility_mode=5892 16776573 100 100 193760 145180596 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=172872
# found=1
# cleaned=0
# scan_time=8849
C:\_OTL\MovedFiles\06082011_133509\C_Windows\System32\wsnmp32d.dll a variant of Win32/Spy.Agent.NTN trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 10.06.2011 09:40
Ist nur ein mit OTL isolierter/gefixter Schädling, also harmlos.
Rechner wieder ok?

Fabo63 10.06.2011 09:49
Sieht gut aus... vielen,vielen Dank

Hab noch mal ein Spybot scan gemacht, der hat ihn mir nicht mehr angezeigt...

Andere Frage, die ganzen Sachen die ich runtergeladen habe, Superantispyware, tdsskiller, Malewarebytes... soll ich die auf dem Rechner lassen oder wieder deinstallieren.

Ich hatte Antivir und Spybot drauf.

Tausend dank nochmal... :applaus:

cosinus 10.06.2011 10:11
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /u entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Sucunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 04:18 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131