SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn) Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1) System directory: C:\WINDOWS SystemScan file: C:\Dokumente und Einstellungen\Marina\Desktop\sys80983.exe Running in: User mode Date: 27.06.2008 Time: 18:41:14 Output limited to: -PC accounts -Recent files -Duplicates in BAK folders -Registry Run Keys -Autoplay settings (autorun.inf) -Scheduled jobs -Services and Drivers (all) -Svchost.exe instances -Loaded Dlls -Alternate Data Sreams -Encrypted Files -Hidden objects -Master Boot Record -Network settings -Include HOSTS file -Suspicious Files -Installed Applications -Include HIJACKTHIS.log ===================== ACCOUNTS ON THIS PC ===================== Users on this computer: Is Admin? | Username ------------------ Yes | Administrator | Gast | Hilfeassistent (Disabled) Yes | Marina | SUPPORT_388945a0 (Disabled) ### users folders ### startup files in users folders ===================== RECENT FILES ===================== Showing files newer than 60 days ----- recent files in C:\ 10.05.2008 14:15:36 (DIR) 0 byte 48 days old -- FOUND.000 23.06.2008 21:58:10 211 byte 4 days old -- boot.ini 27.06.2008 18:39:50 1073741824 byte 0 days old -- PAGEFILE.SYS 27.06.2008 18:39:52 (DIR)519426048 byte 0 days old -- hiberfil.sys ----- recent files in C:\WINDOWS\ 14.05.2008 22:55:20 54156 byte 44 days old -- QTFont.qfn 04.06.2008 14:32:10 (DIR) 0 byte 23 days old -- $MSI31Uninstall_KB893803v2$ 08.06.2008 22:30:24 32 byte 19 days old -- azeugnis.INI 16.06.2008 12:10:44 116 byte 11 days old -- NeroDigital.ini 23.06.2008 21:58:10 227 byte 4 days old -- system.ini 27.06.2008 18:09:58 771 byte 0 days old -- win.ini 27.06.2008 18:39:10 1894440 byte 0 days old -- WindowsUpdate.log 27.06.2008 18:39:14 50 byte 0 days old -- wiaservc.log 27.06.2008 18:39:14 32560 byte 0 days old -- SchedLgU.Txt 27.06.2008 18:39:50 38 byte 0 days old -- errord.log 27.06.2008 18:39:52 2048 byte 0 days old -- bootstat.dat 27.06.2008 18:39:56 0 byte 0 days old -- 0.log 27.06.2008 18:41:00 1699 byte 0 days old -- error.log 27.06.2008 18:41:02 159 byte 0 days old -- wiadebug.log ----- recent files in C:\WINDOWS\Downloaded Program Files\ ----- recent files in C:\WINDOWS\system\ ----- recent files in C:\WINDOWS\system32\ 21.06.2008 15:49:30 1158 byte 6 days old -- wpa.dbl 23.06.2008 22:12:36 (DIR) 0 byte 4 days old -- Kaspersky Lab ----- recent files in C:\WINDOWS\system32\drivers\ 03.05.2008 14:58:36 21248 byte 55 days old -- ssmdrv.sys 03.05.2008 14:58:36 79424 byte 55 days old -- avipbb.sys ----- recent files in C:\WINDOWS\temp\ 04.05.2008 23:08:30 1028 byte 54 days old -- etilqs_m5dGLMmlHSbJGBK 04.05.2008 23:08:30 17408 byte 54 days old -- etilqs_TFWW0I0gMKhf7KO 06.05.2008 16:10:14 512 byte 52 days old -- etilqs_fE0refLeycEis3D-journal 15.05.2008 23:04:44 1028 byte 43 days old -- etilqs_j9IzEK4xKyPcRf5 15.05.2008 23:04:44 21504 byte 43 days old -- etilqs_az5RvsXQnbbUKS6 18.05.2008 00:42:42 1028 byte 40 days old -- etilqs_5fKfkoOdYGVKhR2 18.05.2008 00:42:42 21504 byte 40 days old -- etilqs_GyanO91BKrD9ytD 26.05.2008 22:32:50 512 byte 32 days old -- etilqs_TUi0RTDc2S1bguw-journal 26.05.2008 22:32:50 1028 byte 32 days old -- etilqs_CbHGf7p8YFJzsQw 10.06.2008 18:37:44 1028 byte 17 days old -- etilqs_KiRQ73daMYxlhJF 10.06.2008 18:37:44 27648 byte 17 days old -- etilqs_sbncz1ViPOkMThe 12.06.2008 16:54:38 89202 byte 15 days old -- bluesoleilSetup.log 17.06.2008 15:11:46 1028 byte 10 days old -- etilqs_0hJ6AUFCu095Pnt 17.06.2008 15:11:46 27648 byte 10 days old -- etilqs_YaiJckGhM21RDgN 20.06.2008 04:46:04 27648 byte 7 days old -- etilqs_Edagwgz3M0eTzaY 20.06.2008 04:46:06 1028 byte 7 days old -- etilqs_eV0uzmEHmIUAb6i 27.06.2008 12:04:34 432 byte 0 days old -- fpRedmon.log ----- recent files in C:\Programme\ 06.05.2008 14:50:10 (DIR) 0 byte 52 days old -- Reference Manager 11 06.05.2008 15:07:42 (DIR) 0 byte 52 days old -- Google 29.05.2008 14:46:56 (DIR) 0 byte 29 days old -- Arbeitszeugnis 03.06.2008 10:28:00 (DIR) 0 byte 24 days old -- GIMP-2.0 10.06.2008 15:30:06 (DIR) 0 byte 17 days old -- gs 10.06.2008 15:30:28 (DIR) 0 byte 17 days old -- FreePDF_XP 12.06.2008 16:52:16 (DIR) 0 byte 15 days old -- IVT Corporation 26.06.2008 19:43:50 (DIR) 0 byte 1 days old -- Trend Micro 27.06.2008 17:56:00 (DIR) 0 byte 0 days old -- CCleaner ----- recent files in C:\Programme\Gemeinsame Dateien\ 06.05.2008 14:48:40 (DIR) 0 byte 52 days old -- Wise Installation Wizard 06.05.2008 14:51:16 (DIR) 0 byte 52 days old -- Risxtd ----- recent files in C:\Dokumente und Einstellungen\Marina\Anwendungsdaten\ 06.05.2008 14:51:14 (DIR) 0 byte 52 days old -- ISI ResearchSoft 07.05.2008 13:31:28 (DIR) 0 byte 51 days old -- Help 03.06.2008 10:31:38 (DIR) 0 byte 24 days old -- gtk-2.0 ----- recent files in C:\DOKUME~1\Marina\LOKALE~1\Temp\ 30.04.2008 17:46:24 58890 byte 58 days old -- ~WRS1317.tmp 01.05.2008 10:53:38 37450 byte 57 days old -- 20080401105100261_0004.tif 01.05.2008 10:53:58 31741 byte 57 days old -- 20080401105100261_0003.tif 01.05.2008 10:54:10 29320 byte 57 days old -- 20080401105100261_0002.tif 01.05.2008 10:54:20 37450 byte 57 days old -- 20080401105100261_0004-1.tif 01.05.2008 10:54:42 28139 byte 57 days old -- 20080401105100261_0001.tif 01.05.2008 10:54:56 37450 byte 57 days old -- 20080401105100261_0004-2.tif 01.05.2008 11:07:34 36845 byte 57 days old -- 20080401110437624_0004.tif 01.05.2008 11:07:58 36845 byte 57 days old -- 20080401110437624_0004-1.tif 01.05.2008 11:08:10 28192 byte 57 days old -- 20080401110437624_0001.tif 01.05.2008 11:09:56 36845 byte 57 days old -- 20080401110437624_0004-2.tif 02.05.2008 12:06:18 12547 byte 56 days old -- ~org026B.tmp 04.05.2008 12:27:58 111104 byte 54 days old -- ~WRS2199.tmp 04.05.2008 12:36:40 501 byte 54 days old -- ~WRD1717.doc 04.05.2008 12:37:48 2490368 byte 54 days old -- ~WRF1420.tmp 04.05.2008 15:31:40 12818 byte 54 days old -- control.xml 04.05.2008 19:52:10 (DIR) 0 byte 54 days old -- plugtmp-25 05.05.2008 15:42:10 3080 byte 53 days old -- ~WRS0005.tmp 06.05.2008 15:09:02 (DIR) 0 byte 52 days old -- Google Gadget Cache 06.05.2008 15:09:08 7205 byte 52 days old -- undocked-sunny.png 06.05.2008 15:09:12 2883 byte 52 days old -- slate_open.png 06.05.2008 15:09:12 1293 byte 52 days old -- slate_closed.png 06.05.2008 15:09:12 1780 byte 52 days old -- slate_main.png 06.05.2008 15:09:12 16776 byte 52 days old -- gd_weather_cloudy.png 06.05.2008 15:09:12 26675 byte 52 days old -- gd_weather_thunderstorm.png 06.05.2008 15:09:12 3335 byte 52 days old -- icon_chanceofrain.png 06.05.2008 15:09:12 526 byte 52 days old -- hover_glow.png 06.05.2008 15:09:12 9259 byte 52 days old -- gd_weather_sunnyNight.png 06.05.2008 15:09:12 23978 byte 52 days old -- gd_weather_storm.png 06.05.2008 15:09:12 1351 byte 52 days old -- icon_clear_night.png 06.05.2008 15:09:12 3388 byte 52 days old -- icon_chanceofthunderstorm.png 06.05.2008 15:09:12 3579 byte 52 days old -- icon_chanceofstorm.png 06.05.2008 15:09:12 3463 byte 52 days old -- icon_chanceofsleet.png 06.05.2008 15:09:12 3223 byte 52 days old -- icon_chanceofsnow.png 06.05.2008 15:09:12 22162 byte 52 days old -- gd_weather_snow.png 06.05.2008 15:09:12 4989 byte 52 days old -- gd_weather_icy.png 06.05.2008 15:09:12 22987 byte 52 days old -- gd_weather_mostlyCloudyDay.png 06.05.2008 15:09:12 19842 byte 52 days old -- gd_weather_haze.png 06.05.2008 15:09:12 20935 byte 52 days old -- gd_weather_flurries.png 06.05.2008 15:09:12 16687 byte 52 days old -- gd_weather_fog.png 06.05.2008 15:09:12 20549 byte 52 days old -- gd_weather_rain.png 06.05.2008 15:09:12 23053 byte 52 days old -- gd_weather_sleet.png 06.05.2008 15:09:12 19229 byte 52 days old -- gd_weather_mostlySunnyDay.png 06.05.2008 15:09:12 16676 byte 52 days old -- gd_weather_mostlyCloudyNight.png 06.05.2008 15:09:12 14666 byte 52 days old -- gd_weather_mostlySunnyNight.png 06.05.2008 15:09:14 1079 byte 52 days old -- icon_icy.png 06.05.2008 15:09:14 2362 byte 52 days old -- icon_mostlyclear_night.png 06.05.2008 15:09:14 3600 byte 52 days old -- icon_mostlycloudy.png 06.05.2008 15:09:14 2817 byte 52 days old -- icon_haze.png 06.05.2008 15:09:14 2662 byte 52 days old -- icon_cloudy.png 06.05.2008 15:09:14 3296 byte 52 days old -- icon_flurries.png 06.05.2008 15:09:14 2268 byte 52 days old -- icon_fog.png 06.05.2008 15:09:14 3579 byte 52 days old -- icon_storm.png 06.05.2008 15:09:14 2200 byte 52 days old -- icon_sunny.png 06.05.2008 15:09:14 3388 byte 52 days old -- icon_thunderstorm.png 06.05.2008 15:09:14 3223 byte 52 days old -- icon_snow.png 06.05.2008 15:09:14 2725 byte 52 days old -- icon_mostlycloudy_night.png 06.05.2008 15:09:14 3131 byte 52 days old -- icon_mostlysunny.png 06.05.2008 15:09:14 3335 byte 52 days old -- icon_rain.png 06.05.2008 18:59:12 274432 byte 52 days old -- PhotoFeed[0].dll 07.05.2008 20:01:36 274432 byte 51 days old -- PhotoFeed[1].dll 07.05.2008 21:10:56 (DIR) 0 byte 51 days old -- plugtmp-26 07.05.2008 22:33:16 16384 byte 51 days old -- ~WRF0002.tmp 10.05.2008 13:33:28 16384 byte 48 days old -- ~WRF0000.tmp 10.05.2008 13:43:28 49664 byte 48 days old -- ~WRS0006.tmp 10.05.2008 14:59:40 16384 byte 48 days old -- ~WRF0004.tmp 13.05.2008 12:54:58 16384 byte 45 days old -- ~WRF2667.tmp 13.05.2008 12:54:58 47104 byte 45 days old -- ~WRS0476.tmp 20.05.2008 21:32:56 675 byte 38 days old -- jar_cache47301.tmp 20.05.2008 21:32:56 94360 byte 38 days old -- jar_cache47302.tmp 20.05.2008 21:36:06 675 byte 38 days old -- jar_cache47306.tmp 20.05.2008 21:36:08 94501 byte 38 days old -- jar_cache47307.tmp 22.05.2008 22:31:34 327680 byte 36 days old -- Search 21.rmx 22.05.2008 22:31:34 163840 byte 36 days old -- Search 21.rmd 27.05.2008 11:53:50 38912 byte 31 days old -- MasterAntrag2006.doc 27.05.2008 11:54:14 38912 byte 31 days old -- MasterAntrag2006_Düsseldorf.doc 29.05.2008 09:51:44 38912 byte 29 days old -- MasterAntrag2006-1.doc 03.06.2008 10:28:54 (DIR) 0 byte 24 days old -- fontconfig 03.06.2008 17:44:00 157696 byte 24 days old -- ~WRS1144.tmp 03.06.2008 17:44:00 16384 byte 24 days old -- ~WRF0006.tmp 03.06.2008 17:44:00 141 byte 24 days old -- ~WRD0317.doc 03.06.2008 21:37:16 16384 byte 24 days old -- ~WRF3622.tmp 03.06.2008 21:37:16 51712 byte 24 days old -- ~WRS3716.tmp 03.06.2008 22:41:54 141 byte 24 days old -- ~WRD3950.doc 03.06.2008 22:41:54 1262 byte 24 days old -- ~WRS1933.tmp 03.06.2008 22:41:54 16384 byte 24 days old -- ~WRF0007.tmp 04.06.2008 14:32:08 382 byte 23 days old -- HPZIDS.log 07.06.2008 12:43:54 (DIR) 0 byte 20 days old -- plugtmp-29 07.06.2008 17:42:52 38912 byte 20 days old -- MasterAntrag2006-2.doc 12.06.2008 20:20:26 797676 byte 15 days old -- IMTC.xml 12.06.2008 20:20:26 426 byte 15 days old -- IMTB.xml 12.06.2008 20:20:26 2036 byte 15 days old -- IMTA.xml 15.06.2008 23:22:08 62976 byte 12 days old -- ~WRC0000.tmp 15.06.2008 23:32:42 19990 byte 12 days old -- ~WRS0008.tmp 15.06.2008 23:32:42 16384 byte 12 days old -- ~WRF1673.tmp 15.06.2008 23:32:42 573 byte 12 days old -- ~WRD2905.doc 16.06.2008 01:15:40 1536 byte 11 days old -- ~WRS0007.tmp 16.06.2008 01:15:40 16384 byte 11 days old -- ~WRF0503.tmp 18.06.2008 22:22:54 (DIR) 0 byte 9 days old -- plugtmp-30 21.06.2008 16:23:24 16384 byte 6 days old -- ~WRF0008.tmp 21.06.2008 16:23:24 3156 byte 6 days old -- ~WRS2377.tmp 23.06.2008 09:19:10 62976 byte 4 days old -- ~WRC0001.tmp 23.06.2008 09:19:16 5724 byte 4 days old -- ~WRS0009.tmp 23.06.2008 09:19:16 16384 byte 4 days old -- ~WRF2822.tmp 23.06.2008 09:19:16 997 byte 4 days old -- ~WRD0000.doc 23.06.2008 09:19:20 61952 byte 4 days old -- ~WRC0002.tmp 23.06.2008 09:39:38 546 byte 4 days old -- dw.log 23.06.2008 09:41:36 5724 byte 4 days old -- ~WRS2055.tmp 23.06.2008 09:41:36 997 byte 4 days old -- ~WRD0003.doc 23.06.2008 09:41:36 16384 byte 4 days old -- ~WRF0009.tmp 23.06.2008 11:16:04 4286 byte 4 days old -- xprt03f9.ico 23.06.2008 21:49:42 1223749 byte 4 days old -- sipgate_X-Lite_temporary_file.exe 24.06.2008 11:15:46 2685 byte 3 days old -- ~WRD0002.doc 24.06.2008 11:15:46 16384 byte 3 days old -- ~WRF0010.tmp 25.06.2008 08:44:42 16384 byte 2 days old -- ~WRF3208.tmp 25.06.2008 08:44:42 2573 byte 2 days old -- ~WRD3063.doc 26.06.2008 11:32:20 167768 byte 1 days old -- Microsoft Office Professional Edition 2003_repair_log(0001).txt 27.06.2008 18:12:08 92729 byte 0 days old -- jusched.log 27.06.2008 18:26:12 7948 byte 0 days old -- java_install_reg.log 27.06.2008 18:26:52 558 byte 0 days old -- jar_cache17802.tmp 27.06.2008 18:26:52 217 byte 0 days old -- jar_cache17806.tmp 27.06.2008 18:26:52 558 byte 0 days old -- jar_cache17803.tmp 27.06.2008 18:26:52 43 byte 0 days old -- jar_cache17807.tmp 27.06.2008 18:26:52 58 byte 0 days old -- jar_cache17808.tmp 27.06.2008 18:26:52 629 byte 0 days old -- jar_cache17809.tmp 27.06.2008 18:26:54 906 byte 0 days old -- jar_cache17810.tmp 27.06.2008 18:40:26 16384 byte 0 days old -- ~DF6010.tmp 27.06.2008 18:40:28 16384 byte 0 days old -- ~DF5BFE.tmp 27.06.2008 18:40:32 58 byte 0 days old -- systemscan.ini 27.06.2008 18:40:32 (DIR) 0 byte 0 days old -- nse2.tmp 27.06.2008 18:40:36 16384 byte 0 days old -- ~DF7268.tmp ===================== DUPLICATE FILES IN BAK FOLDERS ===================== No BAK folders found ===================== REGISTRY SCAN ===================== -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" "Persistence"="C:\WINDOWS\system32\igfxpers.exe" "SoundMan"="SOUNDMAN.EXE" "AlcWzrd"="ALCWZRD.EXE" "SynTPEnh"="C:\Programme\Synaptics\SynTP\SynTPEnh.exe" @="" "IntelWireless"="C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless" "EOUApp"="C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" "HControl"="C:\WINDOWS\ATK0100\HControl.exe" "SunJavaUpdateSched"="\"C:\Programme\Java\jre1.6.0_05\bin\jusched.exe\"" "pdfSaver3"="" "avgnt"="\"C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe\" /min" "Google Desktop Search"="\"C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe\" /startup" "FreePDF Assistant"="C:\Programme\FreePDF_XP\fpassist.exe" [Run\OptionalComponents] [Run\OptionalComponents\IMAIL] "Installed"="1" [Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [Run\OptionalComponents\MSFS] "Installed"="1" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] "AppInit_DLLs"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @="C:\WINDOWS\system32\stobject.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "Shell"="Explorer.exe" "System"="" "Userinit"="C:\WINDOWS\system32\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "UIHost"=expand:"logonui.exe" "LogonType"=dword:00000001 "WinStationsDisabled"="0" [Winlogon\GPExtensions] [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] "@="Microsoft-Datenträgerkontingent" "DllName"=expand:"dskquota.dll" [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] "@="Internet Explorer-Zonenzuordnung" "DllName"=expand:"iedkcs32.dll" [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="Security" [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "DllName"=expand:"iedkcs32.dll" "@="Internet Explorer-Branding" [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="EFS recovery" [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] "@="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\System32\cscui.dll" [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] "@="Softwareinstallation" "DllName"=expand:"appmgmts.dll" [Winlogon\Notify] [Winlogon\Notify\crypt32chain] "DllName"=expand:"crypt32.dll" [Winlogon\Notify\cryptnet] "DllName"=expand:"cryptnet.dll" [Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" [Winlogon\Notify\igfxcui] @="" "DLLName"="igfxdev.dll" [Winlogon\Notify\IntelWireless] "Dllname"="C:\Programme\Intel\Wireless\Bin\LgNotify.dll" [Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" [Winlogon\Notify\Schedule] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\sclgntfy] "DllName"=expand:"sclgntfy.dll" [Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" [Winlogon\Notify\termsrv] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" [Winlogon\SpecialAccounts] [Winlogon\SpecialAccounts\UserList] "Hilfeassistent"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "HelpAssistant"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "ParseAutoexec"="1" "ExcludeProfileDirs"="Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp;Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook" "BuildNumber"=dword:00000a28 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options----- [Image File Execution Options\Your Image File Name Here without a path] "Debugger"="ntsd -d" -----HKLM\System\CurrentControlSet\Control\Session Manager\----- [Session Manager] "BootExecute"=multi:"autocheck autochk *\00\00" [Session Manager\SubSystems] "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" -----HKLM\SYSTEM\CurrentControlSet\Control\WOW----- [WOW] "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe" "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- [RunOnceEx] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- -----HKLM\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup----- -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run----- -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler----- [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects----- [Browser Helper Objects] [Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}] #### HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D}\InprocServer32 @="C:\PROGRA~1\ICQTOO~1\toolbaru.dll" @="XTTBPos00" [Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] @="" [Browser Helper Objects\{07A11D74-9D25-4fea-A833-8B0D76A5577A}] #### HKCR\CLSID\{07A11D74-9D25-4fea-A833-8B0D76A5577A}\InprocServer32 @="C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll" @="" [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programme\Java\jre1.6.0_05\bin\ssv.dll" "NoExplorer"=dword:00000001 -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks----- [URLSearchHooks] "{855F3B16-6D32-4fe6-8A56-BBB695989046}"="" #### HKCR\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 @="C:\PROGRA~1\ICQTOO~1\toolbaru.dll" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll" -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig----- [MSConfig] [MSConfig\services] [MSConfig\startupfolder] [MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Speed Launch.lnk] "path"="C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk" "backup"="C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE " "item"="Adobe Reader Speed Launch" [MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BlueSoleil.lnk] "path"="C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BlueSoleil.lnk" "backup"="C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup" "location"="Common Startup" "command"="C:\PROGRA~1\IVTCOR~1\BLUESO~1\BLUESO~1.EXE " "item"="BlueSoleil" [MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk] "path"="C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk" "backup"="C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup" "location"="Common Startup" "command"="C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe " "item"="HP Digital Imaging Monitor" [MSConfig\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^sipgate X-Lite.lnk] "path"="C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\sipgate X-Lite.lnk" "backup"="C:\WINDOWS\pss\sipgate X-Lite.lnkCommon Startup" "location"="Common Startup" "command"="C:\PROGRA~1\SIPGAT~1\SIPGAT~1.EXE " "item"="sipgate X-Lite" [MSConfig\startupreg] [MSConfig\startupreg\Babylon Client] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Babylon" "hkey"="HKLM" "command"="C:\Programme\Babylon\Babylon-Pro\Babylon.exe -AutoStart" "inimapping"="0" [MSConfig\startupreg\ccApp] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="ccApp" "hkey"="HKLM" "command"="\"c:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe\"" "inimapping"="0" [MSConfig\startupreg\HP Software Update] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="HPWuSchd2" "hkey"="HKLM" "command"="C:\Programme\HP\HP Software Update\HPWuSchd2.exe" "inimapping"="0" [MSConfig\startupreg\ICQ] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="ICQ" "hkey"="HKCU" "command"="\"C:\PROGRA~1\ICQ6\ICQ.exe\" silent" "inimapping"="0" [MSConfig\startupreg\MMReminderService] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="MMReminderService" "hkey"="HKLM" "command"="C:\Programme\Mindjet\MindManager 7\MMReminderService.exe" "inimapping"="0" [MSConfig\startupreg\NeroFilterCheck] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="NeroCheck" "hkey"="HKLM" "command"="C:\WINDOWS\system32\NeroCheck.exe" "inimapping"="0" [MSConfig\startupreg\pdfSaver3] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="pdfSaver3" "hkey"="HKCU" "command"="\"C:\Programme\Mindjet\MindManager 7\PDF-XChange\pdfSaver\pdfSaver3.exe\"" "inimapping"="0" [MSConfig\startupreg\QuickTime Task] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="QTTask" "hkey"="HKLM" "command"="\"C:\Programme\QuickTime\QTTask.exe\" -atboottime" "inimapping"="0" [MSConfig\startupreg\Skype] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\Programme\Skype\Phone\Skype.exe\" /nosplash /minimized" "inimapping"="0" [MSConfig\startupreg\TomTomHOME.exe] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="HOMERunner" "hkey"="HKLM" "command"="\"C:\Programme\TomTom HOME 2\HOMERunner.exe\" -s" "inimapping"="0" [MSConfig\startupreg\URLLSTCK.exe] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="UrlLstCk" "hkey"="HKLM" "command"="c:\Programme\Norton Internet Security\UrlLstCk.exe" "inimapping"="0" [MSConfig\startupreg\VoipDiscount] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="VoipDiscount" "hkey"="HKCU" "command"="\"C:\Programme\VoipDiscount.com\VoipDiscount\VoipDiscount.exe\" -nosplash -minimized" "inimapping"="0" [MSConfig\startupreg\XSC SIP Client] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="sipgateXLite" "hkey"="HKCU" "command"="\"C:\Programme\sipgate X-Lite\sipgateXLite.exe\"" "inimapping"="0" [MSConfig\state] "system.ini"=dword:00000000 "win.ini"=dword:00000000 "bootini"=dword:00000000 "services"=dword:00000000 "startup"=dword:00000002 -----HKCU\Control Panel\Desktop\----- [Desktop] "SCRNSAVE.EXE"="C:\WINDOWS\System32\logon.scr" [Desktop\WindowMetrics] -----HKEY_CLASSES_ROOT\exefile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\comfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\batfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\piffile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\scrFile\shell\open\command----- [command] @="\"%1\" /S" -----HKEY_CLASSES_ROOT\htafile\shell\open\command----- [Command] @="C:\WINDOWS\system32\mshta.exe \"%1\" %*" -----HKEY_CLASSES_ROOT\logfile\shell\open\command----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL----- [URL] [URL\DefaultPrefix] @="http://" [URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa----- [Lsa] [Lsa\AccessProviders] [Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll" [Lsa\Audit] [Lsa\Audit\PerUserAuditing] [Lsa\Audit\PerUserAuditing\System] [Lsa\Data] [Lsa\SSO] [Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [Lsa\SspiCache] [Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" [Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" [Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----- [SharedAccess] "DependOnGroup"=multi:"\00" "DependOnService"=multi:"Netman\00WinMgmt\00\00" "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=expand:"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [SharedAccess\Epoch] "Epoch"=dword:000020d2 [SharedAccess\Parameters] "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll" [SharedAccess\Parameters\FirewallPolicy] [SharedAccess\Parameters\FirewallPolicy\DomainProfile] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004" "445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005" "137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001" "138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002" [SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DisableNotifications"=dword:00000000 "DoNotAllowExceptions"=dword:00000000 [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "C:\Programme\ICQ6\ICQ.exe"="C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6" "C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\Programme\VoipDiscount.com\VoipDiscount\VoipDiscount.exe"="C:\Programme\VoipDiscount.com\VoipDiscount\VoipDiscount.exe:*:Enabled:VoipDiscount" "C:\Programme\Messenger\MSMSGS.EXE"="C:\Programme\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger" "C:\Programme\sipgate X-Lite\sipgateXLite.exe"="C:\Programme\sipgate X-Lite\sipgateXLite.exe:*:Enabled:sipgateXLite" "C:\Programme\Invitrogen\Vector NTI Advance 10\Vector NTI 10.exe"="C:\Programme\Invitrogen\Vector NTI Advance 10\Vector NTI 10.exe:*:Enabled:Vector NTI 10.0.1" "C:\Programme\Java\jre1.6.0_05\BIN\javaw.exe"="C:\Programme\Java\jre1.6.0_05\BIN\javaw.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22008" "139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004" "445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005" "137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001" "138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002" [SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2----- -----HKLM\Software\Microsoft\Ole----- [Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ "EnableDCOM"="Y" [Ole\AppCompat] [Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\----- [Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [Security Center\Monitoring] [Security Center\Monitoring\AhnlabAntiVirus] [Security Center\Monitoring\ComputerAssociatesAntiVirus] [Security Center\Monitoring\KasperskyAntiVirus] [Security Center\Monitoring\McAfeeAntiVirus] [Security Center\Monitoring\McAfeeFirewall] [Security Center\Monitoring\PandaAntiVirus] [Security Center\Monitoring\PandaFirewall] [Security Center\Monitoring\SophosAntiVirus] [Security Center\Monitoring\SymantecAntiVirus] [Security Center\Monitoring\SymantecFirewall] [Security Center\Monitoring\TinyFirewall] [Security Center\Monitoring\TrendAntiVirus] [Security Center\Monitoring\TrendFirewall] [Security Center\Monitoring\ZoneLabsFirewall] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\----- [SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001 "DSMin"=dword:000000c8 "DSMax"=dword:00000190 "RPSessionInterval"=dword:00000000 "RPGlobalInterval"=dword:00015180 "RPLifeInterval"=dword:0076a700 "CompressionBurst"=dword:0000003c "TimerInterval"=dword:00000078 "DiskPercent"=dword:0000000c "ThawInterval"=dword:00000384 "RestoreDiskSpaceError"=dword:00000000 [SystemRestore\Cfg] "DiskPercent"=dword:0000000c "MachineGuid"="{2F240ADB-6ABD-4E73-ADBC-333BC02FFE7E}" [SystemRestore\SnapshotCallbacks] @="" -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings----- [VB and VBA Program Settings] [VB and VBA Program Settings\Euro Add-in] [VB and VBA Program Settings\Euro Add-in\Wizard Options] -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- [AdvancedOptions] -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- -----HKLM\Software\Microsoft\Active Setup\Installed Components----- [Installed Components] [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP" "@="Microsoft Windows Media Player" "ComponentID"="WMPACCESS" [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] "@="Internet Explorer" "ComponentID"="IEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE" [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] "@="Outlook Express" "ComponentID"="OEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE" [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] "@="Java (Sun)" "ComponentID"="JAVAVM" "KeyFileName"="C:\Programme\Java\jre1.6.0_05\bin\regutils.dll" [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] "@="Vektorgrafik-Rendering (VML)" "ComponentID"="MSVML" [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="NetShow" "StubPath"="" [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="Microsoft Windows Media Player" "StubPath"="" "@="Microsoft Windows Media Player 6.4" [Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}] #### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll" "ComponentID"="Director" "@="Adobe Shockwave Director 10.2" [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] #### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll" "@="DirectAnimation" "ComponentID"="DirectAnimation" [Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}] "ComponentID"="Director" "@="Adobe Shockwave Director 10.2" [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] "@="Themes Setup" "ComponentID"="Theme Component" "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll" [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] "@="Dynamic HTML-Datenbindung für Java" "ComponentID"="TridataJava" [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "@="Offlinebrowsingpaket" "ComponentID"="MobilePk" [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] "@="Uniscribe" "ComponentID"="USP10" [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] "@="Erweitertes Authoring" "ComponentID"="AdvAuth" [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "@="Microsoft Outlook Express 6" "ComponentID"="MailNews" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] "@="NetMeeting 3.01" "ComponentID"="NetMeeting" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT" [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] "@="DirectShow" "ComponentID"="activemovie" [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] "@="DirectDrawEx" "ComponentID"="DirectDrawEx" [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] "@="Internet Explorer-Hilfe" "ComponentID"="HelpCont" [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] "@="DirectAnimation Java Classes" "ComponentID"="DAJava" [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] "@="Microsoft Windows Script 5.6" "ComponentID"="MSVBScript" [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] "KeyFileName"="C:\Programme\Messenger\msmsgs.exe" "@="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] "@="Internet Explorer Setup Tools" "ComponentID"="GenSetup" [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "@="Browsererweiterungen" "ComponentID"="ExtraPack" "KeyFileName"="C:\WINDOWS\system32\msieftp.dll" [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll" "@="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub" [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] "@="Zugang zu MSN Site" "ComponentID"="MSN_Auth" [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "@="Webordner" "ComponentID"="WebFolders" "StubPath"="" [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "@="Adressbuch 6" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" [Installed Components\{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "@="Windows Desktop-Update" "ComponentID"="IE4Shell_NT" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "@="Internet Explorer 6" "ComponentID"="BASEIE40_W2K" "StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix] [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" "ComponentID"="DOTNETFRAMEWORKS" [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] "@="Dynamic HTML-Datenbindung" "ComponentID"="Tridata" [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] "@="Internet Explorer-Hauptschriftarten" "ComponentID"="Fontcore" [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] "@="Taskplaner" "ComponentID"="MSTASK" [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] "@="Adobe Flash Player 9 ActiveX" "ComponentID"="Flash" [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] "@="HTML-Hilfe" "ComponentID"="HTMLHelp" [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] "@="Active Directory Service Interface" "ComponentID"="ADSI" -----Comparing registry keys CCS1 vs CCS2 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services Result compared: Identical -----Comparing registry keys CCS1 vs CCS3 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ialm\Device0\VolatileSettings < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ialm\Device1\VolatileSettings > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 8402 (0x20D2) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 8397 (0x20CD) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{2F23E2CE-2224-4D57-BCEE-0E0D92FAB803} DhcpRetryTime REG_DWORD 307 (0x133) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{2F23E2CE-2224-4D57-BCEE-0E0D92FAB803} DhcpRetryTime REG_DWORD 2 (0x2) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Tcpip\Parameters\Interfaces\{2F23E2CE-2224-4D57-BCEE-0E0D92FAB803} DhcpRetryStatus REG_DWORD 0 (0x0) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Tcpip\Parameters\Interfaces\{2F23E2CE-2224-4D57-BCEE-0E0D92FAB803} DhcpRetryStatus REG_DWORD 1 (0x1) Result compared: Different ===================== AUTOPLAY SETTINGS ===================== ~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~ (note: default values should be 91 or 95) -----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer----- [Explorer] "NoDriveTypeAutoRun"=dword:00000091 -----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer----- [Explorer] "NoDriveTypeAutoRun"=dword:00000091 Autorun is enabled on: DRIVE_UNKNOWN = False DRIVE_NO_ROOT_DIR = True DRIVE_REMOVABLE = True DRIVE_FIXED = True DRIVE_REMOTE = False DRIVE_CDROM = True DRIVE_RAMDISK = True RESERVED = False ~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~ ### C:\Dokumente und Einstellungen\Marina\Lokale Einstellungen\Temp\Temporäres Verzeichnis 4 für BTD-103.zip\BTD-103\Autorun.inf OPEN=setup.exe ### C:\Programme\HP\Temp\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\autorun.inf open=setup.exe [Version] CDGuid={79546A5F-AE7C-4693-8670-A3401B43ABD2} SoftwareGuid= InfrastructureDatabaseList=hpfmdl05.dat ### C:\Programme\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\autorun.inf open=setup.exe [Version] CDGuid={79546A5F-AE7C-4693-8670-A3401B43ABD2} SoftwareGuid= InfrastructureDatabaseList=hpfmdl05.dat ### C:\Programme\Vector NTI 10 Distributive\Autorun.inf OPEN=setup.exe ### D:\Daten\Programme\Odyssey 2.1\Autorun.inf OPEN=setup.exe ### D:\Daten\Programme\RM\Autorun.inf OPEN=AUTOLOAD.EXE ### D:\Daten\Programme\temp\autorun.inf open=setup.exe [Version] CDGuid={79546A5F-AE7C-4693-8670-A3401B43ABD2} SoftwareGuid= InfrastructureDatabaseList=hpfmdl05.dat ### D:\Daten\Setups\Microsoft Office 2003 Professional\Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project)\AUTORUN.INF OPEN=setup.exe ### D:\Daten\Setups\Microsoft Office 2003 Professional\Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project)\FRONTPAGE\AUTORUN.INF OPEN=SETUP.EXE /AUTORUN shell\configure=&Configure... shell\configure\command=SETUP.EXE ### D:\Daten\Setups\Microsoft Office 2003 Professional\Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project)\OFFICE\AUTORUN.INF OPEN=SETUP.EXE /AUTORUN shell\configure=&Configure... shell\configure\command=SETUP.EXE ### D:\Daten\Setups\Microsoft Office 2003 Professional\Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project)\ONENOTE\AUTORUN.INF OPEN=SETUP.EXE /AUTORUN shell\configure=&Configure... shell\configure\command=SETUP.EXE ### D:\Daten\Setups\Microsoft Office 2003 Professional\Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project)\PROJECT\AUTORUN.INF OPEN=SETUP.EXE /AUTORUN shell\configure=&Configure... shell\configure\command=SETUP.EXE ### D:\Daten\Setups\Microsoft Office 2003 Professional\Microsoft Office 2003 Professional (Word, Excel, Powerpoint, Access, Frontpage, Outlook, Infopath, Visio, Project)\VISIO\AUTORUN.INF OPEN=SETUP.EXE /AUTORUN shell\configure=&Configure... shell\configure\command=SETUP.EXE ===================== SCHEDULED JOBS ===================== jobs found in C:\WINDOWS: 04.08.2004 14:00:00 65 byte 1423 days old -- C:\WINDOWS\tasks\desktop.ini 19.06.2008 08:15:08 276 byte 8 days old -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job 27.06.2008 18:39:56 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT ~~~~~~~~~~~~~~~~~~~~~ Active jobs: ~~~~~~~~~~~~~~~~~~~~~ Most recent (50) lines in jobs scheduled log: "AppleSoftwareUpdate.job" (SoftwareUpdate.exe) Start: 19.06.2008 08:15:01 "AppleSoftwareUpdate.job" (SoftwareUpdate.exe) Ende: 19.06.2008 08:15:06 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). ===================== LIST OF ALL SERVICES & DRIVERS ===================== -----HKLM\system\currentcontrolset\services----- 000) "Abiosdsk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 001) "abp480n5" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 002) "ACPI" - Microsoft ACPI-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ACPI.sys ---> TYPE = KERNEL_DRIVER 003) "ACPIEC" - Microsoft Embedded Controllertreiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ACPIEC.sys ---> TYPE = KERNEL_DRIVER 004) "adpu160m" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 005) "aec" - Microsoft Kernel-Echounterdrückung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\aec.sys ---> TYPE = KERNEL_DRIVER 006) "AegisP" - AEGIS Protocol (IEEE 802.1x) v3.1.6.0 ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\AegisP.sys ---> TYPE = KERNEL_DRIVER 007) "AFD" - AFD ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\afd.sys ---> TYPE = KERNEL_DRIVER 008) "Aha154x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 009) "aic78u2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 010) "aic78xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 011) "AliIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 012) "amsint" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 013) "Arp1394" - 1394-ARP-Clientprotokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\arp1394.sys ---> TYPE = KERNEL_DRIVER 014) "asc" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 015) "asc3350p" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 016) "asc3550" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 017) "asuskbnt" - Enhanced Display Driver Helper Service ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\drivers\atkkbnt.sys ---> TYPE = KERNEL_DRIVER 018) "AsyncMac" - Asynchroner RAS -Medientreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\asyncmac.sys ---> TYPE = KERNEL_DRIVER 019) "atapi" - Standard-IDE/ESDI-Festplattencontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\atapi.sys ---> TYPE = KERNEL_DRIVER 020) "Atdisk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 021) "Atmarpc" - Protokoll für ATM ARP-Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\atmarpc.sys ---> TYPE = KERNEL_DRIVER 022) "audstub" - Audiostubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\audstub.sys ---> TYPE = KERNEL_DRIVER 023) "avgio" - avgio ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys ---> TYPE = KERNEL_DRIVER 024) "avgntflt" - avgntflt ---> STAT = (RUNNING) Started manually ---> FILE = C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys ---> TYPE = FILE_SYSTEM_DRIVER 025) "avipbb" - avipbb ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\avipbb.sys ---> TYPE = KERNEL_DRIVER 026) "Beep" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 027) "BlueletAudio" - Bluetooth Audio Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\blueletaudio.sys ---> TYPE = KERNEL_DRIVER 028) "BlueletSCOAudio" - Bluetooth SCO Audio Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\BlueletSCOAudio.sys ---> TYPE = KERNEL_DRIVER 029) "BT" - Bluetooth PAN Network Adapter ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\btnetdrv.sys ---> TYPE = KERNEL_DRIVER 030) "Btcsrusb" - Bluetooth USB For Bluetooth Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\Drivers\btcusb.sys ---> TYPE = KERNEL_DRIVER 031) "BTHidEnum" - Bluetooth HID Enumerator ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\vbtenum.sys ---> TYPE = KERNEL_DRIVER 032) "BTHidMgr" - Bluetooth HID Manager Service ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\BTHidMgr.sys ---> TYPE = KERNEL_DRIVER 033) "catchme" ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\DOKUME~1\Marina\LOKALE~1\Temp\catchme.sys ---> TYPE = KERNEL_DRIVER 034) "cbidf2k" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 035) "CCDECODE" - Untertiteldecoder ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\CCDECODE.sys ---> TYPE = KERNEL_DRIVER 036) "cd20xrnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 037) "Cdaudio" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 038) "Cdfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 039) "Cdrom" - CD-ROM-Laufwerktreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\cdrom.sys ---> TYPE = KERNEL_DRIVER 040) "Changer" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 041) "CmBatt" - Microsoft-Netzteiltreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\CmBatt.sys ---> TYPE = KERNEL_DRIVER 042) "CmdIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 043) "Compbatt" - Microsoft Composite Battery-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\compbatt.sys ---> TYPE = KERNEL_DRIVER 044) "Cpqarray" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 045) "dac2w2k" ---> STAT = (RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 046) "dac960nt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 047) "Disk" - Laufwerktreiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\disk.sys ---> TYPE = KERNEL_DRIVER 048) "dmboot" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmboot.sys ---> TYPE = KERNEL_DRIVER 049) "dmio" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmio.sys ---> TYPE = KERNEL_DRIVER 050) "dmload" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmload.sys ---> TYPE = KERNEL_DRIVER 051) "DMusic" - Microsoft Kernel-DLS-Synthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\DMusic.sys ---> TYPE = KERNEL_DRIVER 052) "dot4" - MS IEEE-1284.4-Treiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\Dot4.sys ---> TYPE = KERNEL_DRIVER 053) "Dot4Print" - Druckerklassentreiber für IEEE-1284.4 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\Dot4Prt.sys ---> TYPE = KERNEL_DRIVER 054) "Dot4Scan" - Scannerklassentreiber für IEEE-1284.4 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\Dot4Scan.sys ---> TYPE = KERNEL_DRIVER 055) "dot4usb" - Dot4USB-Filter Dot4USB Filter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\dot4usb.sys ---> TYPE = KERNEL_DRIVER 056) "dpti2o" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 057) "drmkaud" - Microsoft Kernel-DRM-Audioentschlüsselung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\drmkaud.sys ---> TYPE = KERNEL_DRIVER 058) "Fastfat" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 059) "Fdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 060) "Fips" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 061) "Flpydisk" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 062) "FltMgr" - FltMgr ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\fltMgr.sys ---> TYPE = FILE_SYSTEM_DRIVER 063) "Ftdisk" - Treiber für Volume-Manager ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ftdisk.sys ---> TYPE = KERNEL_DRIVER 064) "Gpc" - Standardpaketklassifizierung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\msgpc.sys ---> TYPE = KERNEL_DRIVER 065) "HDAudBus" - Microsoft UAA-Bustreiber für High Definition Audio ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\HDAudBus.sys ---> TYPE = KERNEL_DRIVER 066) "HidUsb" - Microsoft HID Class-Treiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\hidusb.sys ---> TYPE = KERNEL_DRIVER 067) "hpn" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 068) "HPZid412" - IEEE-1284.4 Driver HPZid412 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\HPZid412.sys ---> TYPE = KERNEL_DRIVER 069) "HPZipr12" - Print Class Driver for IEEE-1284.4 HPZipr12 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\HPZipr12.sys ---> TYPE = KERNEL_DRIVER 070) "HPZius12" - USB to IEEE-1284.4 Translation Driver HPZius12 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\HPZius12.sys ---> TYPE = KERNEL_DRIVER 071) "HSFHWAZL" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\HSFHWAZL.sys ---> TYPE = KERNEL_DRIVER 072) "HSF_DP" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\HSF_DP.sys ---> TYPE = KERNEL_DRIVER 073) "HTTP" - HTTP ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\HTTP.sys ---> TYPE = KERNEL_DRIVER 074) "i2omgmt" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 075) "i2omp" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 076) "i8042prt" - i8042-Tastatur- und PS/2-Mausanschluss-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\i8042prt.sys ---> TYPE = KERNEL_DRIVER 077) "ialm" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ialmnt5.sys ---> TYPE = KERNEL_DRIVER 078) "Imapi" - Filtertreiber für CD-Brennen ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\imapi.sys ---> TYPE = KERNEL_DRIVER 079) "ini910u" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 080) "IntcAzAudAddService" - Service for Realtek HD Audio (WDM) ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\RtkHDAud.sys ---> TYPE = KERNEL_DRIVER 081) "IntelIde" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\intelide.sys ---> TYPE = KERNEL_DRIVER 082) "intelppm" - Intel-Prozessortreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\intelppm.sys ---> TYPE = KERNEL_DRIVER 083) "Ip6Fw" - IPv6-Windows-Firewalltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\Ip6Fw.sys ---> TYPE = KERNEL_DRIVER 084) "IpFilterDriver" - Filtertreiber für IP-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipfltdrv.sys ---> TYPE = KERNEL_DRIVER 085) "IpInIp" - IP/IP-Tunneltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipinip.sys ---> TYPE = KERNEL_DRIVER 086) "IpNat" - Übersetzer für IP-Netzwerkadressen ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ipnat.sys ---> TYPE = KERNEL_DRIVER 087) "IPSec" - IPSEC-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ipsec.sys ---> TYPE = KERNEL_DRIVER 088) "irda" - IrDA-Protokoll ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\irda.sys ---> TYPE = KERNEL_DRIVER 089) "IRENUM" - IR-Enumeratordienst ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\irenum.sys ---> TYPE = KERNEL_DRIVER 090) "irsir" - Microsoft serieller Infrarottreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\irsir.sys ---> TYPE = KERNEL_DRIVER 091) "isapnp" - PnP-ISA/EISA-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\isapnp.sys ---> TYPE = KERNEL_DRIVER 092) "IWCA" - Intel Wireless Connection Agent Miniport for Win XP ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\iwca.sys ---> TYPE = KERNEL_DRIVER 093) "Kbdclass" - Tastaturklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdclass.sys ---> TYPE = KERNEL_DRIVER 094) "kbdhid" - Tastatur-HID-Treiber ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdhid.sys ---> TYPE = KERNEL_DRIVER 095) "kmixer" - Microsoft Kernel-Waveaudiomixer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\kmixer.sys ---> TYPE = KERNEL_DRIVER 096) "KSecDD" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 097) "lbrtfdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 098) "mbr" ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\DOKUME~1\Marina\LOKALE~1\Temp\mbr.sys ---> TYPE = KERNEL_DRIVER 099) "mdmxsdk" ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\mdmxsdk.sys ---> TYPE = KERNEL_DRIVER 100) "mnmdd" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 101) "Modem" ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 102) "Mouclass" - Mausklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mouclass.sys ---> TYPE = KERNEL_DRIVER 103) "mouhid" - Maus-HID-Treiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\mouhid.sys ---> TYPE = KERNEL_DRIVER 104) "MountMgr" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 105) "mraid35x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 106) "MRxDAV" - Redirector für WebDav-Client ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mrxdav.sys ---> TYPE = FILE_SYSTEM_DRIVER 107) "MRxSmb" - MRXSMB ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mrxsmb.sys ---> TYPE = FILE_SYSTEM_DRIVER 108) "Msfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 109) "MSKSSRV" - Microsoft Streaming Service Proxy ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSKSSRV.sys ---> TYPE = KERNEL_DRIVER 110) "MSPCLOCK" - Microsoft Proxy für Streaming Clock ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPCLOCK.sys ---> TYPE = KERNEL_DRIVER 111) "MSPQM" - Microsoft Proxy für Streaming Quality Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPQM.sys ---> TYPE = KERNEL_DRIVER 112) "mssmbios" - Microsoft-Systemverwaltungs-BIOS-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mssmbios.sys ---> TYPE = KERNEL_DRIVER 113) "MSTEE" - Microsoft Streaming Tee/Sink-to-Sink-Konvertierung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSTEE.sys ---> TYPE = KERNEL_DRIVER 114) "MTsensor" - ATK0100 ACPI UTILITY ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ATKACPI.sys ---> TYPE = KERNEL_DRIVER 115) "Mup" - Mup ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = FILE_SYSTEM_DRIVER 116) "NABTSFEC" - NABTS/FEC VBI-Codec ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\NABTSFEC.sys ---> TYPE = KERNEL_DRIVER 117) "NDIS" - NDIS-Systemtreiber ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 118) "NdisIP" - Microsoft TV-/Videoverbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\NdisIP.sys ---> TYPE = KERNEL_DRIVER 119) "NdisTapi" - RAS-NDIS-TAPI-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndistapi.sys ---> TYPE = KERNEL_DRIVER 120) "Ndisuio" - NDIS-Benutzermodus-E/A-Protokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndisuio.sys ---> TYPE = KERNEL_DRIVER 121) "NdisWan" - RAS-NDIS-WAN-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndiswan.sys ---> TYPE = KERNEL_DRIVER 122) "NDProxy" - multi:NDIS-Proxy\00\00 ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 123) "NetBIOS" - NetBIOS-Schnittstelle ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbios.sys ---> TYPE = FILE_SYSTEM_DRIVER 124) "NetBT" - NetBios über TCP/IP ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbt.sys ---> TYPE = KERNEL_DRIVER 125) "NetworkX" - NetworkX ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\system32\ckldrv.sys ---> TYPE = KERNEL_DRIVER 126) "NIC1394" - 1394-Netzwerktreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\nic1394.sys ---> TYPE = KERNEL_DRIVER 127) "Npfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 128) "Ntfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 129) "Null" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 130) "NwlnkFlt" - Filtertreiber für IPX-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkflt.sys ---> TYPE = KERNEL_DRIVER 131) "NwlnkFwd" - Treiber für IPX-Verkehrsweiterleitung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkfwd.sys ---> TYPE = KERNEL_DRIVER 132) "ohci1394" - OHCI-konformer IEEE 1394-Hostcontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ohci1394.sys ---> TYPE = KERNEL_DRIVER 133) "Parport" - Treiber für parallelen Anschluss ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\parport.sys ---> TYPE = KERNEL_DRIVER 134) "PartMgr" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 135) "ParVdm" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 136) "PCI" - PCI-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pci.sys ---> TYPE = KERNEL_DRIVER 137) "PCIDump" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 138) "PCIIde" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pciide.sys ---> TYPE = KERNEL_DRIVER 139) "Pcmcia" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pcmcia.sys ---> TYPE = KERNEL_DRIVER 140) "PDCOMP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 141) "PDFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 142) "PDRELI" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 143) "PDRFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 144) "perc2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 145) "perc2hib" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 146) "PptpMiniport" - WAN-Miniport (PPTP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspptp.sys ---> TYPE = KERNEL_DRIVER 147) "PSched" - QoS-Paketplaner ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\psched.sys ---> TYPE = KERNEL_DRIVER 148) "Ptilink" - Treiber für direkte Parallelverbindung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ptilink.sys ---> TYPE = KERNEL_DRIVER 149) "ql1080" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 150) "Ql10wnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 151) "ql12160" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 152) "ql1240" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 153) "ql1280" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 154) "RasAcd" - Treiber für automatische RAS-Verbindung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rasacd.sys ---> TYPE = KERNEL_DRIVER 155) "Rasirda" - WAN-Miniport (IrDA) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rasirda.sys ---> TYPE = KERNEL_DRIVER 156) "Rasl2tp" - WAN-Miniport (L2TP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rasl2tp.sys ---> TYPE = KERNEL_DRIVER 157) "RasPppoe" - Remotezugriff-PPPOE-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspppoe.sys ---> TYPE = KERNEL_DRIVER 158) "Raspti" - Parallelanschluss (direkt) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspti.sys ---> TYPE = KERNEL_DRIVER 159) "Rdbss" - Rdbss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rdbss.sys ---> TYPE = FILE_SYSTEM_DRIVER 160) "RDPCDD" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\RDPCDD.sys ---> TYPE = KERNEL_DRIVER 161) "RDPWD" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 162) "redbook" - Filtertreiber für digitale CD-Audiowiedergabe ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\redbook.sys ---> TYPE = KERNEL_DRIVER 163) "rimsptsk" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\rimsptsk.sys ---> TYPE = KERNEL_DRIVER 164) "risdptsk" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\risdptsk.sys ---> TYPE = KERNEL_DRIVER 165) "ROOTMODEM" - Microsoft Legacy Modem Driver ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\RootMdm.sys ---> TYPE = KERNEL_DRIVER 166) "RTL8023xp" - Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\Rtlnicxp.sys ---> TYPE = KERNEL_DRIVER 167) "s24trans" - WLAN Transport ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\s24trans.sys ---> TYPE = KERNEL_DRIVER 168) "Secdrv" - Secdrv ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\secdrv.sys ---> TYPE = KERNEL_DRIVER 169) "Serenum" - Serenum Filter Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\serenum.sys ---> TYPE = KERNEL_DRIVER 170) "Serial" ---> STAT = (RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 171) "Sfloppy" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 172) "Simbad" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 173) "SLIP" - BDA Slip De-Framer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\SLIP.sys ---> TYPE = KERNEL_DRIVER 174) "Sparrow" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 175) "splitter" - Microsoft Kernel-Audiosplitter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\splitter.sys ---> TYPE = KERNEL_DRIVER 176) "sr" - Filtertreiber für Systemwiederherstellung ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\sr.sys ---> TYPE = FILE_SYSTEM_DRIVER 177) "Srv" - Srv ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\srv.sys ---> TYPE = FILE_SYSTEM_DRIVER 178) "ssmdrv" - ssmdrv ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ssmdrv.sys ---> TYPE = KERNEL_DRIVER 179) "StillCam" - Treiber für serielle Digitalkamera ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\serscan.sys ---> TYPE = KERNEL_DRIVER 180) "streamip" - BDA-IPSink ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\StreamIP.sys ---> TYPE = KERNEL_DRIVER 181) "swenum" - Software-Bus-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\swenum.sys ---> TYPE = KERNEL_DRIVER 182) "swmidi" - Microsoft Kernel GS Wavetablesynthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\swmidi.sys ---> TYPE = KERNEL_DRIVER 183) "symc810" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 184) "symc8xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 185) "SYMIDSCO" ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20040824.002\symidsco.sys ---> TYPE = KERNEL_DRIVER 186) "sym_hi" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 187) "sym_u3" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 188) "SynTP" - Synaptics TouchPad Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\SynTP.sys ---> TYPE = KERNEL_DRIVER 189) "sysaudio" - Microsoft Kernel-Systemaudiogerät ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sysaudio.sys ---> TYPE = KERNEL_DRIVER 190) "Tcpip" - TCP/IP-Protokolltreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\tcpip.sys ---> TYPE = KERNEL_DRIVER 191) "TDPIPE" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 192) "TDTCP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 193) "TermDD" - Terminal-Gerätetreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\termdd.sys ---> TYPE = KERNEL_DRIVER 194) "TosIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 195) "Udfs" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 196) "ultra" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 197) "Update" - Microcode Updatetreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\update.sys ---> TYPE = KERNEL_DRIVER 198) "usbccgp" - Microsoft Standard-USB-Haupttreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbccgp.sys ---> TYPE = KERNEL_DRIVER 199) "usbehci" - Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbehci.sys ---> TYPE = KERNEL_DRIVER 200) "usbhub" - Microsoft USB-Standardhubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbhub.sys ---> TYPE = KERNEL_DRIVER 201) "usbprint" - Microsoft USB-Druckerklasse ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbprint.sys ---> TYPE = KERNEL_DRIVER 202) "usbscan" - USB-Scannertreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbscan.sys ---> TYPE = KERNEL_DRIVER 203) "USBSTOR" - USB-Massenspeichertreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\USBSTOR.SYS ---> TYPE = KERNEL_DRIVER 204) "usbuhci" - Miniporttreiber für universellen Microsoft USB-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbuhci.sys ---> TYPE = KERNEL_DRIVER 205) "VComm" - Virtual Serial port driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\VComm.sys ---> TYPE = KERNEL_DRIVER 206) "VcommMgr" - Bluetooth VComm Manager Service ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\VcommMgr.sys ---> TYPE = KERNEL_DRIVER 207) "VgaSave" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\vga.sys ---> TYPE = KERNEL_DRIVER 208) "VHidMinidrv" - Bluetooth HID Device Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\VHIDMini.sys ---> TYPE = KERNEL_DRIVER 209) "ViaIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 210) "Video3D" - ASUS Video3D Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\Drivers\Video3D.sys ---> TYPE = KERNEL_DRIVER 211) "VolSnap" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 212) "w29n51" - Intel(R) PRO/Wireless 2200BG Netzwerkverbindungstreiber für Windows XP ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\w29n51.sys ---> TYPE = KERNEL_DRIVER 213) "Wanarp" - RAS-IP-ARP-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\wanarp.sys ---> TYPE = KERNEL_DRIVER 214) "WDICA" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 215) "wdmaud" - Treiber für Microsoft WINMM-WDM-Audiokompatibilität ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\wdmaud.sys ---> TYPE = KERNEL_DRIVER 216) "winachsf" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\HSF_CNXT.sys ---> TYPE = KERNEL_DRIVER 217) "WSTCODEC" - World Standard Teletext-Codec ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\WSTCODEC.SYS ---> TYPE = KERNEL_DRIVER -----HKLM\system\currentcontrolset\services----- 000) "Alerter" - Warndienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 001) "ALG" - Gatewaydienst auf Anwendungsebene ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\alg.exe ---> TYPE = OWN_SERVICE 002) "AntiVirScheduler" - AntiVir PersonalEdition Classic Planer ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe\ ---> TYPE = OWN_SERVICE 003) "AntiVirService" - AntiVir PersonalEdition Classic Guard ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe\ ---> TYPE = OWN_SERVICE 004) "AppMgmt" - Anwendungsverwaltung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 005) "aspnet_state" - ASP.NET State Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe ---> TYPE = OWN_SERVICE 006) "ATKKeyboardService" - ATK Keyboard Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\ATKKBService.exe ---> TYPE = OWN_SERVICE 007) "AudioSrv" - Windows Audio ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 008) "BITS" - Intelligenter Hintergrundübertragungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 009) "BlueSoleil Hid Service" - BlueSoleil Hid Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ---> TYPE = OWN_SERVICE 010) "Browser" - Computerbrowser ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 011) "CiSvc" - Indexdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\cisvc.exe ---> TYPE = SHARE_SERVICE 012) "ClipSrv" - Ablagemappe ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\clipsrv.exe ---> TYPE = OWN_SERVICE 013) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ---> TYPE = OWN_SERVICE 014) "COMSysApp" - COM+-Systemanwendung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ---> TYPE = OWN_SERVICE 015) "Crypkey License" - Crypkey License ---> STAT = (RUNNING) Started automatically ---> FILE = crypserv.exe ---> TYPE = OWN_SERVICE 016) "CryptSvc" - Kryptografiedienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 017) "DcomLaunch" - DCOM-Server-Prozessstart ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch ---> TYPE = SHARE_SERVICE 018) "Dhcp" - DHCP-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 019) "dmadmin" - Verwaltungsdienst für die Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\dmadmin.exe /com ---> TYPE = SHARE_SERVICE 020) "dmserver" - Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 021) "Dnscache" - DNS-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService ---> TYPE = SHARE_SERVICE 022) "ERSvc" - Fehlerberichterstattungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 023) "Eventlog" - Ereignisprotokoll ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 024) "EventSystem" - COM+-Ereignissystem ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 025) "EvtEng" - EvtEng ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Intel\Wireless\Bin\EvtEng.exe ---> TYPE = OWN_SERVICE 026) "FastUserSwitchingCompatibility" - Kompatibilität für schnelle Benutzerumschaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 027) "GoogleDesktopManager-022208-143751" - Google Desktop Manager 5.7.802.22438 ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe\ ---> TYPE = OWN_SERVICE 028) "helpsvc" - Hilfe und Support ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 029) "HidServ" - Eingabegerätezugang ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 030) "HTTPFilter" - HTTP-SSL ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter ---> TYPE = SHARE_SERVICE 031) "ImapiService" - IMAPI-CD-Brenn-COM-Dienste ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\imapi.exe ---> TYPE = OWN_SERVICE 032) "Irmon" - Infrarotüberwachung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 033) "lanmanserver" - Server ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 034) "lanmanworkstation" - Arbeitsstationsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 035) "LmHosts" - TCP/IP-NetBIOS-Hilfsprogramm ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 036) "Messenger" - Nachrichtendienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 037) "mnmsrvc" - NetMeeting-Remotedesktop-Freigabe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\mnmsrvc.exe ---> TYPE = OWN_SERVICE 038) "MSDTC" - Distributed Transaction Coordinator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msdtc.exe ---> TYPE = OWN_SERVICE 039) "MSIServer" - Windows Installer ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msiexec.exe /V ---> TYPE = SHARE_SERVICE 040) "NetDDE" - Netzwerk-DDE-Dienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 041) "NetDDEdsdm" - Netzwerk-DDE-Serverdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 042) "Netlogon" - Anmeldedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 043) "Netman" - Netzwerkverbindungen ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 044) "Nla" - NLA (Network Location Awareness) ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 045) "NtLmSsp" - NT-LM-Sicherheitsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 046) "NtmsSvc" - Wechselmedien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 047) "ose" - Office Source Engine ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE\ ---> TYPE = OWN_SERVICE 048) "OwnershipProtocol" - OwnershipProtocol ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Intel\Wireless\Bin\OProtSvc.exe ---> TYPE = OWN_SERVICE 049) "PlugPlay" - Plug & Play ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 050) "Pml Driver HPZ12" - Pml Driver HPZ12 ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\HPZipm12.exe ---> TYPE = OWN_SERVICE 051) "PolicyAgent" - IPSEC-Dienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 052) "ProtectedStorage" - Geschützter Speicher ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 053) "RasAuto" - Verwaltung für automatische RAS-Verbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 054) "RasMan" - RAS-Verbindungsverwaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 055) "RDSessMgr" - Sitzungs-Manager für Remotedesktophilfe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\sessmgr.exe ---> TYPE = OWN_SERVICE 056) "RegSrvc" - RegSrvc ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Intel\Wireless\Bin\RegSrvc.exe ---> TYPE = OWN_SERVICE 057) "RemoteAccess" - Routing und RAS ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 058) "RpcLocator" - RPC-Locator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\locator.exe ---> TYPE = OWN_SERVICE 059) "RpcSs" - Remoteprozeduraufruf (RPC) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k rpcss ---> TYPE = SHARE_SERVICE 060) "RSVP" - QoS-RSVP ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\rsvp.exe ---> TYPE = OWN_SERVICE 061) "S24EventMonitor" - Spectrum24 Event Monitor ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Intel\Wireless\Bin\S24EvMon.exe ---> TYPE = OWN_SERVICE 062) "SamSs" - Sicherheitskontenverwaltung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 063) "SCardSvr" - Smartcard ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\SCardSvr.exe ---> TYPE = SHARE_SERVICE 064) "Schedule" - Taskplaner ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 065) "seclogon" - Sekundäre Anmeldung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 066) "SENS" - Systemereignisbenachrichtigung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 067) "SharedAccess" - Windows-Firewall/Gemeinsame Nutzung der Internetverbindung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 068) "ShellHWDetection" - Shellhardwareerkennung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 069) "Spooler" - Druckwarteschlange ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\spoolsv.exe ---> TYPE = OWN_SERVICE 070) "srservice" - Systemwiederherstellungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 071) "SSDPSRV" - SSDP-Suchdienst ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 072) "stisvc" - Windows-Bilderfassung (WIA) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc ---> TYPE = SHARE_SERVICE 073) "SwPrv" - MS Software Shadow Copy Provider ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{34A72905-9EE3-49BA-8E65-37E5C6714D94} ---> TYPE = OWN_SERVICE 074) "SysmonLog" - Leistungsdatenprotokolle und Warnungen ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\smlogsvc.exe ---> TYPE = OWN_SERVICE 075) "TapiSrv" - Telefonie ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 076) "TermService" - Terminaldienste ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch ---> TYPE = SHARE_SERVICE 077) "Themes" - Designs ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 078) "TrkWks" - Überwachung verteilter Verknüpfungen (Client) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 079) "upnphost" - Universeller Plug & Play-Gerätehost ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 080) "UPS" - Unterbrechungsfreie Stromversorgung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\ups.exe ---> TYPE = OWN_SERVICE 081) "VSS" - Volumeschattenkopie ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\vssvc.exe ---> TYPE = OWN_SERVICE 082) "W32Time" - Windows-Zeitgeber ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 083) "WebClient" - Webclient ---> STAT = Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 084) "winmgmt" - Windows-Verwaltungsinstrumentation ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 085) "Winsock" ---> STAT = (RUNNING) Started manually ---> TYPE = ADAPTER 086) "WmdmPmSN" - Dienst für Seriennummern der tragbaren Medien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 087) "WmiApSrv" - WMI-Leistungsadapter ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe ---> TYPE = OWN_SERVICE 088) "wscsvc" - Sicherheitscenter ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 089) "wuauserv" - Automatische Updates ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 090) "WZCSVC" - Konfigurationsfreie drahtlose Verbindung ---> STAT = (NOT RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 091) "xmlprov" - Netzwerkversorgungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE ===================== SVCHOST INSTANCES ===================== HTTPFilter +---- HTTPFilter +---- %SystemRoot%\System32\w3ssl.dll LocalService +---- Alerter +---- %SystemRoot%\system32\alrsvc.dll +---- WebClient +---- %SystemRoot%\System32\webclnt.dll +---- LmHosts +---- %SystemRoot%\System32\lmhsvc.dll +---- RemoteRegistry +---- upnphost +---- %SystemRoot%\System32\upnphost.dll +---- SSDPSRV +---- %SystemRoot%\System32\ssdpsrv.dll NetworkService +---- DnsCache +---- %SystemRoot%\System32\dnsrslvr.dll netsvcs +---- 6to4 +---- AppMgmt +---- %SystemRoot%\System32\appmgmts.dll +---- AudioSrv +---- %SystemRoot%\System32\audiosrv.dll +---- Browser +---- %SystemRoot%\System32\browser.dll +---- CryptSvc +---- %SystemRoot%\System32\cryptsvc.dll +---- DMServer +---- %SystemRoot%\System32\dmserver.dll +---- DHCP +---- %SystemRoot%\System32\dhcpcsvc.dll +---- ERSvc +---- %SystemRoot%\System32\ersvc.dll +---- EventSystem +---- C:\WINDOWS\system32\es.dll +---- FastUserSwitchingCompatibility +---- %SystemRoot%\System32\shsvcs.dll +---- HidServ +---- %SystemRoot%\System32\hidserv.dll +---- Ias +---- Iprip +---- Irmon +---- %SystemRoot%\System32\irmon.dll +---- LanmanServer +---- %SystemRoot%\System32\srvsvc.dll +---- LanmanWorkstation +---- %SystemRoot%\System32\wkssvc.dll +---- Messenger +---- %SystemRoot%\System32\msgsvc.dll +---- Netman +---- %SystemRoot%\System32\netman.dll +---- Nla +---- %SystemRoot%\System32\mswsock.dll +---- Ntmssvc +---- %SystemRoot%\system32\ntmssvc.dll +---- NWCWorkstation +---- Nwsapagent +---- Rasauto +---- %SystemRoot%\System32\rasauto.dll +---- Rasman +---- %SystemRoot%\System32\rasmans.dll +---- Remoteaccess +---- %SystemRoot%\System32\mprdim.dll +---- Schedule +---- %SystemRoot%\system32\schedsvc.dll +---- Seclogon +---- %SystemRoot%\System32\seclogon.dll +---- SENS +---- %SystemRoot%\system32\sens.dll +---- Sharedaccess +---- %SystemRoot%\System32\ipnathlp.dll +---- SRService +---- C:\WINDOWS\system32\srsvc.dll +---- Tapisrv +---- %SystemRoot%\System32\tapisrv.dll +---- Themes +---- %SystemRoot%\System32\shsvcs.dll +---- TrkWks +---- %SystemRoot%\system32\trkwks.dll +---- W32Time +---- C:\WINDOWS\system32\w32time.dll +---- WZCSVC +---- %SystemRoot%\System32\wzcsvc.dll +---- Wmi +---- WmdmPmSp +---- winmgmt +---- %SystemRoot%\system32\wbem\WMIsvc.dll +---- wscsvc +---- %SYSTEMROOT%\system32\wscsvc.dll +---- xmlprov +---- %SystemRoot%\System32\xmlprov.dll +---- BITS +---- C:\WINDOWS\system32\qmgr.dll +---- wuauserv +---- C:\WINDOWS\system32\wuauserv.dll +---- ShellHWDetection +---- %SystemRoot%\System32\shsvcs.dll +---- helpsvc +---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll +---- WmdmPmSN +---- C:\WINDOWS\system32\mspmsnsv.dll DcomLaunch +---- DcomLaunch +---- %SystemRoot%\system32\rpcss.dll +---- TermService +---- %SystemRoot%\System32\termsrv.dll rpcss +---- RpcSs +---- %SystemRoot%\system32\rpcss.dll imgsvc +---- StiSvc +---- %SystemRoot%\system32\wiaservc.dll termsvcs +---- TermService +---- %SystemRoot%\System32\termsrv.dll ===================== LOADED MODULES ===================== *** NOTE *** Process uuoywfrygn.exe belongs to SystemScan Already known legit dlls are not shown ------------------------------------------------------------------------------ System pid: 4 Command line: ------------------------------------------------------------------------------ SMSS.EXE pid: 1044 Command line: \SystemRoot\System32\smss.exe Base Size Version Path 0x48580000 0xf000 \SystemRoot\System32\smss.exe ------------------------------------------------------------------------------ CSRSS.EXE pid: 1128 Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Base Size Version Path 0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe 0x75ae0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll 0x75af0000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll 0x75b00000 0x4a000 5.01.2600.2180 C:\WINDOWS\system32\winsrv.dll ------------------------------------------------------------------------------ WINLOGON.EXE pid: 1152 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x77690000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\AUTHZ.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x10000000 0x1e000 9.00.0001.0000 C:\Programme\Intel\Wireless\Bin\LgNotify.dll ------------------------------------------------------------------------------ SERVICES.EXE pid: 1196 Command line: C:\WINDOWS\system32\services.exe Base Size Version Path 0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe 0x77b40000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll 0x77690000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\AUTHZ.dll 0x75850000 0x1f000 5.01.2600.2180 C:\WINDOWS\system32\umpnpmgr.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x772d0000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll ------------------------------------------------------------------------------ LSASS.EXE pid: 1208 Command line: C:\WINDOWS\system32\lsass.exe Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe 0x753d0000 0xb6000 5.01.2600.2180 C:\WINDOWS\system32\LSASRV.dll 0x743c0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll 0x76740000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll 0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll 0x76750000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll 0x71c70000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\kerberos.dll 0x74430000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll 0x76770000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x767a0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll 0x742f0000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\wdigest.dll 0x74380000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll 0x74350000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll 0x77690000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\AUTHZ.dll 0x756c0000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL 0x742e0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL 0x74310000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x74330000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll 0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll ------------------------------------------------------------------------------ SVCHOST.EXE pid: 1356 Command line: C:\WINDOWS\system32\svchost -k DcomLaunch Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x77690000 0x11000 5.01.2600.2180 c:\windows\system32\AUTHZ.dll 0x76ad0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL ------------------------------------------------------------------------------ SVCHOST.EXE pid: 1404 Command line: C:\WINDOWS\system32\svchost -k rpcss Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll ------------------------------------------------------------------------------ SVCHOST.EXE pid: 1492 Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x76ee0000 0x27000 5.01.2600.2180 c:\windows\system32\DNSAPI.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x663a0000 0xc000 5.01.2600.2180 c:\windows\system32\irmon.dll 0x590a0000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\wshirda.dll 0x76750000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll 0x76ad0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL 0x76bc0000 0x2f000 5.01.2600.2180 c:\windows\system32\credui.dll 0x74ec0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 0x776e0000 0x41000 2001.12.4414.0258 c:\windows\system32\es.dll 0x76770000 0x2d000 5.01.2600.2180 c:\windows\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll 0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll 0x4f110000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll 0x50040000 0x1a2000 7.00.6000.0374 C:\WINDOWS\system32\wuaueng.dll 0x750d0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll 0x604a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll 0x77690000 0x11000 5.01.2600.2180 c:\windows\system32\AUTHZ.dll 0x74e50000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wbemsvc.dll 0x742e0000 0xb000 5.01.2600.2180 c:\windows\system32\WINIPSEC.DLL 0x58030000 0x36000 5.01.2600.2180 C:\WINDOWS\System32\unimdm.tsp 0x5b3f0000 0x16000 5.01.2600.2180 C:\WINDOWS\System32\unimdmat.dll 0x61a70000 0x29000 5.01.2600.2180 C:\WINDOWS\system32\modemui.dll 0x580b0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp 0x58090000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp 0x580c0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp 0x580e0000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp 0x580d0000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp 0x71c70000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\kerberos.dll 0x76740000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll 0x767a0000 0x27000 5.01.2600.2180 C:\WINDOWS\System32\SCHANNEL.dll 0x50e60000 0xc000 7.00.6000.0374 C:\WINDOWS\system32\wups2.dll ------------------------------------------------------------------------------ EvtEng.exe pid: 1540 Command line: C:\Programme\Intel\Wireless\Bin\EvtEng.exe Base Size Version Path 0x00400000 0x16000 9.00.0001.0012 C:\Programme\Intel\Wireless\Bin\EvtEng.exe 0x10000000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x00320000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x4dd80000 0x83000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\ado\msado15.dll 0x766e0000 0x25000 2.81.1117.0000 C:\WINDOWS\system32\MSDART.DLL 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x73ed0000 0x77000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll 0x75150000 0x13000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\Ole DB\OLEDB32R.DLL 0x4dee0000 0x4d000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\Ole DB\msdasql.dll 0x61230000 0x17000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDATL3.dll 0x00c00000 0x4000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDASQLR.DLL 0x1b5d0000 0x95000 4.00.8905.0000 C:\WINDOWS\system32\MSWSTR10.DLL 0x01350000 0x44000 4.00.6304.0000 C:\WINDOWS\system32\odbcjt32.dll 0x1b000000 0x170000 4.00.8618.0000 C:\WINDOWS\system32\msjet40.dll 0x6da70000 0xf000 4.00.6304.0000 C:\WINDOWS\system32\odbcji32.dll 0x1b2c0000 0xd000 4.00.6508.0000 C:\WINDOWS\system32\msjter40.dll 0x1b2d0000 0x2d000 4.00.8905.0000 C:\WINDOWS\system32\MSJINT40.DLL 0x6c0c0000 0x1b000 3.525.1117.0000 C:\WINDOWS\system32\odbccp32.dll 0x73f50000 0x51000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\msadc\msadce.dll 0x013c0000 0x5000 2.81.1117.0000 C:\Programme\Gemeinsame Dateien\System\msadc\msadcer.dll ------------------------------------------------------------------------------ S24EvMon.exe pid: 1656 Command line: C:\Programme\Intel\Wireless\Bin\S24EvMon.exe Base Size Version Path 0x00400000 0x63000 9.00.0001.0041 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe 0x10000000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x00320000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ SVCHOST.EXE pid: 1776 Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x76ee0000 0x27000 5.01.2600.2180 c:\windows\system32\DNSAPI.dll ------------------------------------------------------------------------------ SVCHOST.EXE pid: 1880 Command line: C:\WINDOWS\system32\svchost.exe -k LocalService Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ SPOOLSV.EXE pid: 288 Command line: C:\WINDOWS\system32\spoolsv.exe Base Size Version Path 0x01000000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\spoolsv.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll 0x67380000 0x37000 0.03.0000.0001 C:\WINDOWS\system32\CNMLM95.DLL 0x00ce0000 0x5c000 2.05.0000.0000 C:\WINDOWS\system32\CNMNPPM.DLL 0x63200000 0x2a000 8.00.0001.0000 C:\WINDOWS\system32\CNCF2Le.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x00990000 0x8000 0.03.1897.0000 C:\WINDOWS\system32\mdimon.dll 0x00d40000 0xc000 60.51.0645.0000 C:\WINDOWS\system32\hpz3l3xu.dll 0x00d50000 0x5000 2.50.0000.0002 C:\WINDOWS\system32\pxc25pm.dll 0x10000000 0x21000 C:\WINDOWS\system32\redmonnt.dll 0x00db0000 0x13000 60.51.0645.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll 0x00dd0000 0x8000 0.03.1897.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll 0x76750000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll ------------------------------------------------------------------------------ AVGUARD.EXE pid: 476 Command line: "C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe" ------------------------------------------------------------------------------ ZCfgSvc.exe pid: 1908 Command line: C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe Base Size Version Path 0x00400000 0x63000 9.00.0001.0051 C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe 0x10000000 0x71000 9.00.0001.0045 C:\Programme\Intel\Wireless\Bin\PfMgrApi.dll 0x00330000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x00360000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x00390000 0x3f000 9.00.0001.0056 C:\Programme\Intel\Wireless\Bin\MurocApi.dll 0x003d0000 0x10000 9.00.0001.0007 C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll 0x00470000 0x53000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C1XStngs.dll 0x5f1a0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x00b20000 0x16000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C8021DEU.dll 0x23000000 0xd000 9.00.0001.0001 C:\Programme\Intel\Wireless\Bin\LSAWRAPI.dll 0x00bd0000 0xe000 9.00.0001.0051 C:\Programme\Intel\Wireless\Bin\ZcSvcDEU.dll 0x01100000 0x12000 C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL 0x69b10000 0x12f000 4.20.9818.0000 C:\WINDOWS\system32\msxml4.dll ------------------------------------------------------------------------------ EXPLORER.EXE pid: 604 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xff000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE 0x75f20000 0xfc000 6.00.2900.2180 C:\WINDOWS\system32\BROWSEUI.dll 0x77730000 0x16c000 6.00.2900.2180 C:\WINDOWS\system32\SHDOCVW.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x5b9b0000 0x72000 6.00.2900.2180 C:\WINDOWS\system32\themeui.dll 0x76320000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll 0x71cc0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll 0x76930000 0x8000 5.01.2600.2180 C:\WINDOWS\system32\LINKINFO.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x76bc0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll 0x765c0000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\stobject.dll 0x74a70000 0xa000 6.00.2900.2180 C:\WINDOWS\system32\BatMeter.dll 0x75f00000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll 0x71b90000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll 0x71c50000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll 0x71c10000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll 0x75f10000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll ------------------------------------------------------------------------------ 1XConfig.exe pid: 652 Command line: C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe -Embedding Base Size Version Path 0x00400000 0x40000 9.00.0001.0035 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe 0x10000000 0x15d000 3.00.0000.0044 C:\PROGRA~1\Intel\Wireless\Bin\IntelAE5.dll 0x00320000 0x23000 9.00.0001.0022 C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL 0x00350000 0x30000 9.00.0001.0014 C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x00f70000 0x12000 C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL ------------------------------------------------------------------------------ HKCMD.EXE pid: 848 Command line: "C:\WINDOWS\system32\hkcmd.exe" Base Size Version Path 0x00400000 0x13000 3.00.0000.4332 C:\WINDOWS\system32\hkcmd.exe 0x10000000 0x13000 3.00.0000.4332 C:\WINDOWS\system32\hccutils.DLL 0x00cf0000 0xe000 3.00.0000.4332 C:\WINDOWS\system32\igfxsrvc.dll 0x00d00000 0x26000 3.00.0000.4332 C:\WINDOWS\system32\igfxres.dll ------------------------------------------------------------------------------ IGFXPERS.EXE pid: 856 Command line: "C:\WINDOWS\system32\igfxpers.exe" Base Size Version Path 0x00400000 0x1d000 3.00.0000.4332 C:\WINDOWS\system32\igfxpers.exe 0x10000000 0xe000 3.00.0000.4332 C:\WINDOWS\system32\igfxsrvc.dll ------------------------------------------------------------------------------ SoundMan.exe pid: 304 Command line: "C:\WINDOWS\SOUNDMAN.EXE" Base Size Version Path 0x00400000 0x18000 1.00.0000.0014 C:\WINDOWS\SOUNDMAN.EXE 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ SynTPEnh.exe pid: 1068 Command line: "C:\Programme\Synaptics\SynTP\SynTPEnh.exe" Base Size Version Path 0x00400000 0xaf000 8.00.0004.0000 C:\Programme\Synaptics\SynTP\SynTPEnh.exe 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x10000000 0x14000 8.00.0004.0000 C:\WINDOWS\system32\SynCOM.dll 0x63010000 0x17000 8.00.0004.0000 C:\WINDOWS\system32\SynTPAPI.dll ------------------------------------------------------------------------------ iFrmewrk.exe pid: 1112 Command line: "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless Base Size Version Path 0x00400000 0x62000 9.00.0001.0019 C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe 0x10000000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x5f1a0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x003c0000 0x9000 9.00.0001.0019 C:\Programme\Intel\Wireless\Bin\FrWrkDEU.dll 0x00a20000 0xb2000 9.00.0001.0059 C:\Programme\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll 0x00ae0000 0x3f000 9.00.0001.0056 C:\Programme\Intel\Wireless\Bin\MurocApi.dll 0x003d0000 0x10000 9.00.0001.0007 C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll 0x00b20000 0x53000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C1XStngs.dll 0x00b80000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x00bb0000 0x71000 9.00.0001.0045 C:\Programme\Intel\Wireless\Bin\PfMgrApi.dll 0x00c30000 0x16000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C8021DEU.dll 0x23000000 0xd000 9.00.0001.0001 C:\Programme\Intel\Wireless\Bin\LSAWRAPI.dll 0x00db0000 0x3b000 9.00.0001.0059 C:\Programme\Intel\Wireless\Bin\IntWADEU.dll 0x01310000 0x12000 C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL 0x69b10000 0x12f000 4.20.9818.0000 C:\WINDOWS\system32\msxml4.dll ------------------------------------------------------------------------------ EOUWiz.exe pid: 1120 Command line: "C:\Programme\Intel\Wireless\Bin\EOUWiz.exe" Base Size Version Path 0x00400000 0x5b000 9.00.0001.0026 C:\Programme\Intel\Wireless\Bin\EOUWiz.exe 0x10000000 0x2c000 9.00.0001.0016 C:\Programme\Intel\Wireless\Bin\EOUAPCfg.dll 0x00320000 0x14000 9.00.0001.0004 C:\Programme\Intel\Wireless\Bin\ownprot.DLL 0x00340000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x00370000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x00460000 0x71000 9.00.0001.0045 C:\Programme\Intel\Wireless\Bin\PfMgrApi.dll 0x003a0000 0x3f000 9.00.0001.0056 C:\Programme\Intel\Wireless\Bin\MurocApi.dll 0x003e0000 0x10000 9.00.0001.0007 C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll 0x004e0000 0x53000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C1XStngs.dll 0x5f1a0000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\OLEPRO32.DLL 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x00b60000 0x16000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C8021DEU.dll 0x23000000 0xd000 9.00.0001.0001 C:\Programme\Intel\Wireless\Bin\LSAWRAPI.dll 0x00e20000 0x1e000 9.00.0001.0026 C:\Programme\Intel\Wireless\Bin\EOUWzDEU.dll 0x01280000 0x12000 C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL ------------------------------------------------------------------------------ HControl.exe pid: 1108 Command line: "C:\WINDOWS\ATK0100\HControl.exe" Base Size Version Path 0x00400000 0x1a000 1043.02.0015.0048 C:\WINDOWS\ATK0100\HControl.exe 0x10000000 0xe000 C:\WINDOWS\ATK0100\CMSSC.dll 0x00320000 0xa000 1043.02.0015.0046 C:\WINDOWS\ATK0100\inter_f2.dll 0x1c200000 0x16000 2.01.0002.0146 C:\WINDOWS\ATK0100\ATKWLIOC.DLL 0x00330000 0x4b000 1.00.0000.0045 C:\WINDOWS\ATK0100\SiSPkt.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x00db0000 0x3f000 9.00.0001.0056 C:\Programme\Intel\Wireless\Bin\MurocApi.dll 0x00df0000 0x10000 9.00.0001.0007 C:\Programme\Intel\Wireless\Bin\S24MUDLL.dll 0x00e00000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x00e30000 0x53000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C1XStngs.dll 0x00e90000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x00f00000 0x16000 9.00.0001.0031 C:\Programme\Intel\Wireless\Bin\C8021DEU.dll 0x23000000 0xd000 9.00.0001.0001 C:\Programme\Intel\Wireless\Bin\LSAWRAPI.dll 0x014d0000 0x12000 C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL 0x015f0000 0x14000 8.00.0004.0000 C:\WINDOWS\system32\SynCOM.dll ------------------------------------------------------------------------------ JUSCHED.EXE pid: 1268 Command line: "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" Base Size Version Path 0x00400000 0x24000 6.00.0050.0013 C:\Programme\Java\jre1.6.0_05\bin\jusched.exe 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ AVGNT.EXE pid: 1320 Command line: "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min Base Size Version Path 0x00400000 0x40000 8.00.0000.0007 C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe 0x7c250000 0x102000 7.10.3077.0000 C:\Programme\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x00320000 0x56000 7.10.3052.0004 C:\Programme\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x10000000 0x2a000 8.00.0001.0018 C:\Programme\Avira\AntiVir PersonalEdition Classic\cclib.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Programme\Avira\AntiVir PersonalEdition Classic\MSVCP71.dll 0x5d360000 0x10000 7.10.3077.0000 C:\WINDOWS\system32\MFC71DEU.DLL 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x00bf0000 0x44000 8.00.0000.0020 c:\programme\avira\antivir personaledition classic\ccgen.dll 0x00c40000 0x7000 8.00.0012.0000 c:\programme\avira\antivir personaledition classic\ccgenrc.dll 0x00c50000 0x37000 8.00.0000.0016 c:\programme\avira\antivir personaledition classic\ccguard.dll 0x00c90000 0x8000 8.00.0003.0000 c:\programme\avira\antivir personaledition classic\ccgrdrc.dll 0x00ca0000 0x14000 1.00.0006.0000 c:\programme\avira\antivir personaledition classic\avipc.dll 0x00cd0000 0x1e000 8.00.0000.0014 c:\programme\avira\antivir personaledition classic\ccupdate.dll 0x00cf0000 0x6000 8.00.0003.0000 c:\programme\avira\antivir personaledition classic\ccupdrc.dll 0x00d00000 0x11000 8.00.0000.0009 c:\programme\avira\antivir personaledition classic\cclic.dll 0x00d20000 0x4000 8.00.0002.0000 c:\programme\avira\antivir personaledition classic\cclicrc.dll 0x00d30000 0x28000 8.00.0000.0004 c:\programme\avira\antivir personaledition classic\ccmsg.dll ------------------------------------------------------------------------------ GoogleDesktop.exe pid: 1440 Command line: "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup Base Size Version Path 0x00400000 0xa000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe 0x05000000 0x1f0000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleServices.DLL 0x42000000 0x36000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopCommon.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll 0x62000000 0x8e000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopResources_de.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x60000000 0x81000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopAPI2.dll 0x74900000 0x130000 8.50.2162.0000 C:\WINDOWS\system32\msxml3.dll 0x73270000 0x67000 5.06.0000.8820 C:\WINDOWS\system32\vbscript.dll 0x4d000000 0x27000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopHyper.dll 0x70e00000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\asycfilt.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x767a0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\schannel.dll 0x72240000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll 0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll ------------------------------------------------------------------------------ FPASSIST.EXE pid: 1472 Command line: "C:\Programme\FreePDF_XP\fpassist.exe" Base Size Version Path 0x00400000 0x50000 3.20.0000.0008 C:\Programme\FreePDF_XP\fpassist.exe 0x74020000 0x14d000 5.02.0082.0044 C:\WINDOWS\system32\MSVBVM50.DLL 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ BlueSoleil.exe pid: 1728 Command line: "C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" Base Size Version Path 0x00400000 0x133000 1.06.0004.0000 C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe 0x10000000 0x48000 1.06.0003.0000 C:\Programme\IVT Corporation\BlueSoleil\btpcfg.dll 0x00320000 0x15000 1.06.0001.0000 C:\Programme\IVT Corporation\BlueSoleil\setup.dll 0x00340000 0x1e000 1.01.0000.0000 C:\Programme\IVT Corporation\BlueSoleil\btwin.dll 0x00360000 0x14000 1.00.0000.0001 C:\Programme\IVT Corporation\BlueSoleil\versit.dll 0x4eba0000 0x1a3000 5.01.3102.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x00ce0000 0x7000 C:\Programme\IVT Corporation\BlueSoleil\hcicmd.dll 0x00e00000 0x239000 1.06.0002.0001 C:\Programme\IVT Corporation\BlueSoleil\btpres.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x01720000 0x9000 1.02.0001.0000 C:\Programme\IVT Corporation\BlueSoleil\Driver\USB\btcusb.dll 0x01980000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll 0x58790000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\imaadp32.acm 0x72c60000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\msadp32.acm 0x586a0000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\msg711.acm 0x58670000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msgsm32.acm 0x58640000 0x4000 1.01.0001.0005 C:\WINDOWS\system32\tssoft32.acm 0x73ae0000 0x7000 1.03.0003.0007 C:\WINDOWS\system32\tsd32.dll 0x58680000 0x1d000 4.04.0000.3400 C:\WINDOWS\system32\msg723.acm 0x586b0000 0x4d000 8.00.0000.4487 C:\WINDOWS\system32\msaud32.acm 0x58650000 0x1e000 3.02.0000.0000 C:\WINDOWS\system32\sl_anet.acm 0x58510000 0x39000 2.00.0005.0053 C:\WINDOWS\system32\iac25_32.ax ------------------------------------------------------------------------------ reader_sl.exe pid: 1744 Command line: "C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe" Base Size Version Path 0x00400000 0xa000 7.01.0000.0649 C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ GoogleDesktop.exe pid: 788 Command line: "GoogleDesktop.exe" /crawl /recent /ie /shell Base Size Version Path 0x00400000 0xa000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe 0x05000000 0x1f0000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleServices.DLL 0x42000000 0x36000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopCommon.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll 0x62000000 0x8e000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopResources_de.dll 0x75dc0000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll 0x60000000 0x81000 5.07.0802.22438 C:\Programme\Google\Google Desktop Search\GoogleDesktopAPI2.dll ------------------------------------------------------------------------------ ATKOSD.EXE pid: 1028 Command line: ATKOSD.exe Base Size Version Path 0x00400000 0x1dd000 1043.02.0015.0048 C:\WINDOWS\ATK0100\ATKOSD.exe ------------------------------------------------------------------------------ SYS80983.EXE pid: 368 Command line: "C:\Dokumente und Einstellungen\Marina\Desktop\sys80983.exe" Base Size Version Path 0x00400000 0x39000 C:\Dokumente und Einstellungen\Marina\Desktop\sys80983.exe 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ runme.exe pid: 1796 Command line: runme.exe Base Size Version Path 0x00400000 0x63000 3.05.0000.0005 C:\DOKUME~1\Marina\LOKALE~1\Temp\nse2.tmp\runme.exe 0x73390000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL 0x73510000 0x25000 5.06.0000.8820 C:\WINDOWS\system32\scrrun.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x72240000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll 0x76ee0000 0x27000 5.01.2600.2180 C:\WINDOWS\system32\DNSAPI.dll ------------------------------------------------------------------------------ SCHED.EXE pid: 3016 Command line: "C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe" ------------------------------------------------------------------------------ ATKKBService.exe pid: 3148 Command line: C:\WINDOWS\ATKKBService.exe Base Size Version Path 0x00400000 0x16000 1.00.0000.0000 C:\WINDOWS\ATKKBService.exe ------------------------------------------------------------------------------ BTNtService.exe pid: 3216 Command line: "C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe" Base Size Version Path 0x00400000 0x1b000 C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ Crypserv.exe pid: 3248 Command line: crypserv.exe Base Size Version Path 0x00400000 0x40000 1.00.0001.0002 C:\WINDOWS\system32\crypserv.exe 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ OProtSvc.exe pid: 3300 Command line: C:\Programme\Intel\Wireless\Bin\OProtSvc.exe Base Size Version Path 0x00400000 0x1b000 9.00.0001.0003 C:\Programme\Intel\Wireless\Bin\OProtSvc.exe 0x10000000 0xd9000 C:\Programme\Intel\Wireless\Bin\LIBEAY32.dll 0x00320000 0x23000 9.00.0001.0022 C:\Programme\Intel\Wireless\Bin\TraceAPI.DLL 0x00350000 0x30000 9.00.0001.0014 C:\Programme\Intel\Wireless\Bin\PsRegApi.dll 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL ------------------------------------------------------------------------------ HPZipm12.exe pid: 3336 Command line: C:\WINDOWS\system32\HPZipm12.exe Base Size Version Path 0x00400000 0x12000 9.00.0000.0000 C:\WINDOWS\system32\HPZipm12.exe ------------------------------------------------------------------------------ RegSrvc.exe pid: 3412 Command line: C:\Programme\Intel\Wireless\Bin\RegSrvc.exe Base Size Version Path 0x00400000 0x26000 9.00.0001.0010 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL ------------------------------------------------------------------------------ SVCHOST.EXE pid: 3496 Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x75b50000 0x55000 5.01.2600.2180 c:\windows\system32\wiaservc.dll 0x74a60000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll 0x73aa0000 0x14000 5.01.2600.2180 c:\windows\system32\mscms.dll 0x71cc0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\actxprxy.dll ------------------------------------------------------------------------------ ALG.EXE pid: 168 Command line: C:\WINDOWS\System32\alg.exe Base Size Version Path 0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe 0x76ad0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x66710000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ wuauclt.exe pid: 948 Command line: "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[5d4]SUSDS4da2ee7985cd5540aa959e5797147a28 Base Size Version Path 0x00400000 0xd000 7.00.6000.0374 C:\WINDOWS\system32\wuauclt.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x50040000 0x1a2000 7.00.6000.0374 C:\WINDOWS\system32\wuaueng.dll 0x750d0000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\Cabinet.dll 0x604a0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\mspatcha.dll 0x50e60000 0xc000 7.00.6000.0374 C:\WINDOWS\system32\wups2.dll ------------------------------------------------------------------------------ cmd.exe pid: 3692 Command line: cmd /c uuoywfrygn.exe > tempd.txt Base Size Version Path 0x4ad00000 0x64000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ uuoywfrygn.exe pid: 3904 Command line: uuoywfrygn.exe Base Size Version Path 0x00400000 0x14000 2.25.0000.0000 C:\DOKUME~1\Marina\LOKALE~1\Temp\nse2.tmp\uuoywfrygn.exe 0x773a0000 0x102000 6.00.2900.2180 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ===================== NTFS ADS ===================== ===================== ENCRYPTED FILES ===================== ===================== HIDDEN OBJECTS ===================== scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ===================== RUSTOCK ROOTKIT DETECTION ===================== #### NOTHING FOUND #### ===================== MASTER BOOT RECORD ===================== device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK ===================== NETWORK SETTINGS ===================== ~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\----- [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] "LibraryPath"="%SystemRoot%\System32\mswsock.dll" [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002] "LibraryPath"="%SystemRoot%\System32\winrnr.dll" [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] "LibraryPath"="%SystemRoot%\System32\mswsock.dll" [Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000017] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000018] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000019] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000020] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000021] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000022] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000023] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000024] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll ~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~ Hostname. . . . . . . . . . . . . : MarinasComputer Primäres DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Peer-Peer WINS-Proxy aktiviert. . . . . . . : Nein Ethernetadapter Drahtlose Netzwerkverbindung: Medienstatus. . . . . . . . . . . : Es besteht keine Verbindung Beschreibung. . . . . . . . . . . : Intel(R) PRO/Wireless 2200BG Network Connection Physikalische Adresse . . . . . . : 00-15-00-37-9E-17 Ethernetadapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC Physikalische Adresse . . . . . . : 00-15-F2-56-76-AD DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja Subnetzmaske. . . . . . . . . . . : 255.255.0.0 Standardgateway . . . . . . . . . : Ethernetadapter LAN-Verbindung 3: Medienstatus. . . . . . . . . . . : Es besteht keine Verbindung Beschreibung. . . . . . . . . . . : Bluetooth PAN Network Adapter Physikalische Adresse . . . . . . : 00-11-67-4B-E8-A6 -----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces \{687B724B-449C-4752-A212-C75D3F517508} NameServer= 217.237.148.70 ~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~ Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status PID TCP MarinasComputer:epmap 0.0.0.0:0 ABH™REN 1404 c:\windows\system32\WS2_32.dll C:\WINDOWS\system32\RPCRT4.dll c:\windows\system32\rpcss.dll C:\WINDOWS\system32\svchost.exe -- unbekannte Komponente(n) -- [svchost.exe] TCP MarinasComputer:microsoft-ds 0.0.0.0:0 ABH™REN 4 [System] TCP MarinasComputer:1029 0.0.0.0:0 ABH™REN 168 [alg.exe] TCP MarinasComputer:4664 0.0.0.0:0 ABH™REN 1440 [GoogleDesktop.exe] TCP MarinasComputer:netbios-ssn 0.0.0.0:0 ABH™REN 4 [System] UDP MarinasComputer:isakmp *:* 1208 [lsass.exe] UDP MarinasComputer:4500 *:* 1208 [lsass.exe] UDP MarinasComputer:microsoft-ds *:* 4 [System] UDP MarinasComputer:1900 *:* 1880 c:\windows\system32\WS2_32.dll c:\windows\system32\ssdpsrv.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe] UDP MarinasComputer:ntp *:* 1492 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll ntdll.dll -- unbekannte Komponente(n) -- [svchost.exe] UDP MarinasComputer:ntp *:* 1492 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll ntdll.dll -- unbekannte Komponente(n) -- [svchost.exe] UDP MarinasComputer:netbios-dgm *:* 4 [System] UDP MarinasComputer:netbios-ns *:* 4 [System] UDP MarinasComputer:1900 *:* 1880 c:\windows\system32\WS2_32.dll c:\windows\system32\ssdpsrv.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\system32\kernel32.dll [svchost.exe] ~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~ Name Ressource Beschreibung IPC$ Remote-IPC Videos C:\Dokumente und Einstellungen\Videos Der Befehl wurde erfolgreich ausgefhrt. ~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~ Keine Verbindungen Der Befehl wurde erfolgreich ausgefhrt. ~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~ -----C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Connections\Pbk\rasphone.pbk [Chicka Alice DSL] Encoding=1 Type=5 AutoLogon=0 UseRasCredentials=0 DialParamsUID=112109 Guid=96BD9308C3412C4DAF61C2BE012D46E6 BaseProtocol=1 VpnStrategy=0 ExcludedProtocols=3 LcpExtensions=1 DataEncryption=8 SwCompression=1 NegotiateMultilinkAlways=0 SkipNwcWarning=0 SkipDownLevelDialog=0 SkipDoubleDialDialog=0 DialMode=1 DialPercent=75 DialSeconds=120 HangUpPercent=10 HangUpSeconds=120 OverridePref=15 RedialAttempts=3 RedialSeconds=60 IdleDisconnectSeconds=0 RedialOnLinkFailure=1 CallbackMode=0 CustomDialDll= CustomDialFunc= CustomRasDialDll= AuthenticateServer=0 ShareMsFilePrint=0 BindMsNetClient=0 SharedPhoneNumbers=0 GlobalDeviceSettings=0 PrerequisiteEntry= PrerequisitePbk= PreferredPort= PreferredDevice= PreferredBps=0 PreferredHwFlow=0 PreferredProtocol=0 PreferredCompression=0 PreferredSpeaker=0 PreferredMdmProtocol=0 PreviewUserPw=1 PreviewDomain=0 PreviewPhoneNumber=0 ShowDialingProgress=1 ShowMonitorIconInTaskBar=1 CustomAuthKey=-1 AuthRestrictions=632 TypicalAuth=1 IpPrioritizeRemote=1 IpHeaderCompression=0 IpAddress=0.0.0.0 IpDnsAddress=0.0.0.0 IpDns2Address=0.0.0.0 IpWinsAddress=0.0.0.0 IpWins2Address=0.0.0.0 IpAssign=1 IpNameAssign=1 IpFrameSize=1006 IpDnsFlags=0 IpNBTFlags=0 TcpWindowSize=0 UseFlags=1 IpSecFlags=0 IpDnsSuffix= NETCOMPONENTS= ms_server=0 ms_msclient=0 MEDIA=rastapi Port=PPPoE8-0 Device=WAN-Miniport (PPPOE) DEVICE=PPPoE PhoneNumber= AreaCode= CountryCode=1 CountryID=1 UseDialingRules=0 Comment= LastSelectedPhone=0 PromoteAlternates=0 TryNextAlternateOnFail=1 ===================== HOSTS FILE ===================== 127.0.0.1 localhost ===================== SUSPICIOUS FILES ===================== EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\ C:\DOKUME~1\Marina\LOKALE~1\Temp\AutoItDLL.dll --> is compressed with UPX ===================== UNINSTALL LIST ===================== -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\AddressBook] [Uninstall\Adobe Flash Player Plugin] "DisplayName"="Adobe Flash Player Plugin" "DisplayIcon"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe" "UninstallString"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe" [Uninstall\Adobe Shockwave Player] "DisplayName"="Adobe Shockwave Player" "UninstallString"="C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG" [Uninstall\AFPL Ghostscript 8.54] "DisplayName"="AFPL Ghostscript 8.54" "UninstallString"="C:\Programme\gs\uninstgs.exe \"C:\Programme\gs\gs8.54\uninstal.txt\"" [Uninstall\AFPL Ghostscript Fonts] "DisplayName"="AFPL Ghostscript Fonts" "UninstallString"="C:\Programme\gs\uninstgs.exe \"C:\Programme\gs\fonts\uninstal.txt\"" [Uninstall\AntiVir PersonalEdition Classic] "DisplayIcon"="C:\Programme\Avira\AntiVir PersonalEdition Classic\rcimage.dll,1" "DisplayName"="Avira AntiVir Personal – Free Antivirus" "UninstallString"="C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE" [Uninstall\CCleaner] "DisplayName"="CCleaner (remove only)" "UninstallString"="\"C:\Programme\CCleaner\uninst.exe\"" [Uninstall\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966] "DisplayName"="HDAUDIO SoftV92 Data Fax Modem with SmartCP" "UninstallString"="C:\Programme\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966" [Uninstall\Connection Manager] [Uninstall\DirectAnimation] [Uninstall\DirectDrawEx] [Uninstall\DXM_Runtime] [Uninstall\Fontcore] [Uninstall\FreePDF_XP] "UninstallString"="C:\Programme\FreePDF_XP\fpsetup.exe /r" "DisplayName"="FreePDF XP (Remove only)" [Uninstall\Google Desktop] "DisplayIcon"="C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe" "DisplayName"="Google Desktop" "UninstallString"="C:\Programme\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall" [Uninstall\HControl] "DisplayName"="ATK0100 ACPI UTILITY" "UninstallString"="C:\WINDOWS\ATK0100\XPunin.exe" [Uninstall\HijackThis] "DisplayName"="HijackThis 2.0.2" "UninstallString"="\"C:\Programme\Trend Micro\HijackThis\HijackThis.exe\" /uninstall" "DisplayIcon"="C:\Programme\Trend Micro\HijackThis\HijackThis.exe" [Uninstall\HP Imaging Device Functions] "UninstallString"="C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat" "DisplayName"="HP Imaging Device Functions 5.0" "DisplayIcon"="C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe,0" [Uninstall\HP Solution Center & Imaging Support Tools] "UninstallString"="C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat" "DisplayName"="HP Solution Center & Imaging Support Tools 5.0" "DisplayIcon"="C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe,0" [Uninstall\ICW] [Uninstall\IE40] [Uninstall\IE4Data] [Uninstall\IE5BAKEX] [Uninstall\IEData] [Uninstall\ImageJ_is1] "DisplayName"="ImageJ 1.39u" "UninstallString"="\"C:\Programme\ImageJ\unins000.exe\"" [Uninstall\InstallShield Uninstall Information] [Uninstall\ISI ResearchSoft - Export Helper] "DisplayName"="ISI ResearchSoft - Export Helper" "UninstallString"="C:\PROGRA~1\GEMEIN~1\RISXTD\_UNINST.EXE" [Uninstall\Kaspersky Online Scanner] "DisplayName"="Kaspersky Online Scanner" "DisplayIcon"="C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe" "UninstallString"="C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe" [Uninstall\KB884016] [Uninstall\KB888111WXPSP2] "DisplayName"="High Definition Audio - KB888111" "UninstallString"="" [Uninstall\KB893803] [Uninstall\KB893803v2] "DisplayName"="Windows Installer 3.1 (KB893803)" "UninstallString"="\"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"%windir%\system32\msiexec.exe" [Uninstall\Mein CeWe Fotobuch] "DisplayName"="Mein CeWe Fotobuch" "UninstallString"="\"C:\Programme\CeWe Color\Mein CeWe Fotobuch\uninstall.exe\"" [Uninstall\Microsoft .NET Framework 2.0] "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 2.0" "UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe" [Uninstall\Microsoft .NET Framework 2.0 Language Pack - DEU] "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 2.0 Language Pack - DEU" "UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe" [Uninstall\Microsoft Interactive Training] "UninstallString"="C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu" [Uninstall\MobileOptionPack] [Uninstall\Mozilla Firefox (3.0)] "DisplayIcon"="C:\Programme\Mozilla Firefox\firefox.exe,0" "DisplayName"="Mozilla Firefox (3.0)" "UninstallString"="C:\Programme\Mozilla Firefox\uninstall\helper.exe" [Uninstall\MPlayer2] [Uninstall\MSI30-Beta1] [Uninstall\MSI30-Beta2] [Uninstall\MSI30-KB884016] [Uninstall\MSI30-RC1] [Uninstall\MSI30-RC2] [Uninstall\MSI30a-KB884016] [Uninstall\MSI31-Beta] [Uninstall\MSI31-RC1] [Uninstall\Nero - Burning Rom!UninstallKey] "UninstallString"="C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL" "DisplayIcon"="C:\Programme\Ahead\nero\nero.exe" [Uninstall\NeroMultiInstaller!UninstallKey] "DisplayName"="Nero Suite" "UninstallString"="C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\Setup.exe /uninstall" "DisplayIcon"="C:\Programme\Gemeinsame Dateien\Ahead\Uninstall\Setup.exe" [Uninstall\NeroVision!UninstallKey] "UninstallString"="C:\WINDOWS\UNNeroVision.exe /UNINSTALL" "DisplayIcon"="C:\Programme\Ahead\\NeroVision\NeroVision.exe" [Uninstall\NetMeeting] [Uninstall\NMPUninstallKey] "UninstallString"="C:\WINDOWS\UNNMP.exe /UNINSTALL" "DisplayIcon"="C:\Programme\Ahead\NeroMediaPlayer\NeroMediaPlayer.exe" [Uninstall\Origin 6.1G] "UninstallString"="C:\WINDOWS\IsUn0407.exe -fC:\Programme\OriginLab\Origin61G\Uninst.isu" "DisplayName"="Origin 6.1G" [Uninstall\OutlookExpress] [Uninstall\PCHealth] "UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf" [Uninstall\PDF-XChange 3_is1] "DisplayName"="PDF-XChange 3.0" "UninstallString"="\"C:\Programme\Mindjet\MindManager 7\PDF-XChange\unins000.exe\"" [Uninstall\PIXpro 9.8] "UninstallString"="C:\WINDOWS\unin0407.exe -f\"C:\Programme\TORGE softwaredesign\PIXpro 9.8\DeIsL1.isu\" -c\"C:\Programme\TORGE softwaredesign\PIXpro 9.8\_ISREG32.DLL\"" "DisplayName"="PIXpro 9.8" [Uninstall\ProInst] "DisplayName"="Intel(R) PROSet/Wireless Software" "UninstallString"="C:\WINDOWS\Installer\iProInst.exe" [Uninstall\Redirection Port Monitor] "DisplayName"="RedMon - Redirection Port Monitor" "UninstallString"="C:\WINDOWS\system32\unredmon.exe" [Uninstall\SchedulingAgent] [Uninstall\Shockwave] [Uninstall\ShockwaveFlash] "DisplayName"="Adobe Flash Player 9 ActiveX" "UninstallString"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock" [Uninstall\SynTPDeinstKey] "UninstallString"="rundll32.exe \"C:\Programme\Synaptics\SynTP\SynISDLL.dll\",standAloneUninstall" "DisplayName"="Synaptics Pointing Device Driver" "DisplayIcon"="C:\Programme\Synaptics\SynTP\InstNT.exe" [Uninstall\VLC media player] "DisplayName"="VideoLAN VLC media player 0.8.6c" "UninstallString"="C:\Programme\VideoLAN\VLC\uninstall.exe" "DisplayIcon"="C:\Programme\VideoLAN\VLC\vlc.exe" [Uninstall\WinGimp-2.0_is1] "DisplayName"="GIMP 2.4.5" "DisplayIcon"="C:\Programme\GIMP-2.0\bin\gimp-2.4.exe" "UninstallString"="\"C:\Programme\GIMP-2.0\setup\unins000.exe\"" [Uninstall\WinRAR archiver] "DisplayName"="WinRAR archiver" "UninstallString"="C:\Programme\WinRAR\uninstall.exe" "DisplayIcon"="C:\Programme\WinRAR\WinRAR.exe" [Uninstall\XTTB00001.XTTB00001Toolbar] "DisplayName"="ICQ Toolbar" "UninstallString"="regsvr32 /u /s \"C:\PROGRA~1\ICQTOO~1\toolbaru.dll\" " [Uninstall\{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\Destinations\" "DisplayName"="Destinations" [Uninstall\{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{0B073228-62C7-41A6-84EC-9D6DD9A28E4D}" [Uninstall\{0CDE246F-1197-4374-91BE-1C8927755298}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{0CDE246F-1197-4374-91BE-1C8927755298}" "DisplayName"="V10CNT" [Uninstall\{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" "DisplayName"="mLogView" [Uninstall\{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{0FC497E5-4EC1-4FE7-98C0-9AF57021F818}" "DisplayName"="V10CC" [Uninstall\{15EE79F4-4ED1-4267-9B0F-351009325D7D}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\HPSoftwareUpdate\" "UninstallString"=expand:"MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}" "DisplayName"="HP Software Update" [Uninstall\{23FB368F-1399-4EAC-817C-4B83ECBE3D83}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" "DisplayName"="mProSafe" [Uninstall\{28DA872A-0848-48CF-B749-19A198157A2A}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}" "DisplayName"="mDriver" [Uninstall\{2CCBABCB-6427-4A55-B091-49864623C43F}] [Uninstall\{2FAAECD0-1929-11DA-6784-006853A418BE}] "DisplayName"="Arbeitszeugnis, Version 2.95" "UninstallString"="C:\Programme\Arbeitszeugnis\Uninst_Arbeitszeugnis, Version 2.95.exe /U \"C:\Programme\Arbeitszeugnis\Uninst_Arbeitszeugnis, Version 2.95.log\"" [Uninstall\{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\TrayApp\" "DisplayName"="TrayApp" [Uninstall\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\SETUP.EXE\" -l0x9 " "DisplayName"="ASUS Enhanced Display Driver" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_02\\bin\javaws.exe" "InstallSource"="C:\Dokumente und Einstellungen\Marina\Anwendungsdaten\Sun\Java\jre1.6.0_02\" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}" "DisplayName"="Java(TM) 6 Update 2" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_03\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}" "DisplayName"="Java(TM) 6 Update 3" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_05\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_05-b13/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}" "DisplayName"="Java(TM) 6 Update 5" [Uninstall\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}] "InstallSource"="C:\WINDOWS\system32\" "DisplayName"="WebFldrs XP" [Uninstall\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}] "DisplayIcon"="\"C:\Programme\TomTom HOME 2\Resources\TomTom.ico\"" "UninstallString"="C:\Programme\InstallShield Installation Information\{3C9EEFEF-1F71-4213-AC41-4BF5FE0FED95}\setup.exe -runfromtemp -l0x0007 -removeonly -removeonly" "InstallSource"="C:\Dokumente und Einstellungen\Marina\Anwendungsdaten\TomTom\HOME\Profiles\aszvmj9a.default\Updates\v2_1_2_121_win.exe" "DisplayName"="TomTom HOME" [Uninstall\{3E9D596A-61D4-4239-BD19-2DB984D2A16F}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" "DisplayName"="mIWA" [Uninstall\{408EDAC9-15EC-4466-AEEF-E75612FB9F57}] "InstallSource"="D:\Daten\Studium\5. Holland\Internship\Odyssey 2.1\" "DisplayName"="Odyssey Software Version 2.1" [Uninstall\{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\WebReg\" "DisplayName"="WebReg" [Uninstall\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}] "DisplayIcon"="C:\Programme\Skype\Phone\Skype.exe" "InstallSource"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\" "UninstallString"=expand:"MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" "DisplayName"="Skype™ 3.2" [Uninstall\{5F26311C-B135-4F7F-B11E-8E650F83651E}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\QFolder\" "DisplayName"="DeviceFunctionQFolder" [Uninstall\{60DE4033-9503-48D1-A483-7846BD217CA9}] "UninstallString"="\"C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe\" -runfromtemp -l0x0009 -removeonly" "InstallSource"="C:\DOKUME~1\Marina\LOKALE~1\Temp\54d33c8748d1e2f36a7a75ef818fb479" "DisplayName"="ICQ6" "DisplayIcon"="icq6_install.ico" [Uninstall\{63D1A44F-E1FD-4460-BE0A-8745012F67EF}] "InstallSource"="E:\" "UninstallString"=expand:"MsiExec.exe /X{63D1A44F-E1FD-4460-BE0A-8745012F67EF}" "DisplayName"="BlueSoleil" [Uninstall\{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\QFolder\" "DisplayName"="eSupportQFolder" [Uninstall\{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" "DisplayName"="mCore" [Uninstall\{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" "DisplayName"="mIWCA" [Uninstall\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "DisplayIcon"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ndpsetup.ico" "InstallSource"="C:\DOKUME~1\Marina\LOKALE~1\Temp\IS51.tmp\" "DisplayName"="Microsoft .NET Framework 2.0" [Uninstall\{74EC78BC-B379-4E29-9006-8F161DCAABA6}] "InstallSource"="C:\DOKUME~1\Marina\LOKALE~1\Temp\IXP180.TMP\" "UninstallString"=expand:"MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}" "DisplayName"="Apple Software Update" [Uninstall\{79546A5F-AE7C-4693-8670-A3401B43ABD2}] "UninstallString"="C:\Programme\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe -datfile hpfscr05.dat" "DisplayName"="HP Deskjet 5900 series" "DisplayIcon"="C:\Programme\HP\Digital Imaging\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzscr01.exe,0" [Uninstall\{81BF6FB0-34E7-4897-A544-61AA6C3B1284}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{81BF6FB0-34E7-4897-A544-61AA6C3B1284}" "DisplayName"="V10DT" [Uninstall\{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}] "InstallSource"="C:\DOKUME~1\Marina\LOKALE~1\Temp\IXP000.TMP\" "DisplayName"="Microsoft .NET Framework 2.0 Language Pack - DEU" [Uninstall\{8A708DD8-A5E6-11D4-A706-000629E95E20}] "UninstallString"="RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592" "DisplayName"="Intel(R) Graphics Media Accelerator Driver for Mobile" [Uninstall\{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" "DisplayName"="mPfMgr" [Uninstall\{8C6BB412-D3A8-4AAE-A01B-35B681789D68}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" "DisplayName"="mHelp" [Uninstall\{90110407-6000-11D3-8CFE-0150048383C9}] "InstallSource"="D:\MSOCache\All Users\90000407-6000-11D3-8CFE-0150048383C9\" "UninstallString"=expand:"MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}" "DisplayName"="Microsoft Office Professional Edition 2003" [Uninstall\{90B0D222-8C21-4B35-9262-53B042F18AF9}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}" "DisplayName"="mPfWiz" [Uninstall\{94658027-9F16-4509-BBD7-A59FE57C3023}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}" "DisplayName"="mZConfig" [Uninstall\{95120000-00AF-0409-0000-0000000FF1CE}] "InstallSource"="C:\Programme\MSECache\PPTViewer\" "UninstallString"=expand:"MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}" "DisplayName"="Microsoft Office PowerPoint Viewer 2007 (English)" [Uninstall\{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}] "InstallSource"="C:\DOKUME~1\Marina\LOKALE~1\Temp\IXP180.TMP\" "UninstallString"=expand:"MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" "DisplayName"="QuickTime" [Uninstall\{9611D325-5333-4415-8338-CA957D8564D0}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{9611D325-5333-4415-8338-CA957D8564D0}" "DisplayName"="V10PFAM" [Uninstall\{9876E8C6-F8D7-4F43-84D3-B97D177F9466}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{9876E8C6-F8D7-4F43-84D3-B97D177F9466}" "DisplayName"="Vector NTI 10" [Uninstall\{9CC89556-3578-48DD-8408-04E66EBEF401}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}" "DisplayName"="mXML" [Uninstall\{A5222E5A-13CB-4C98-9F5C-21CF6896A25C}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\DeskjetSoftware\" "DisplayName"="HPDeskjet5900Series" [Uninstall\{AB5D51AE-EBC3-438D-872C-705C7C2084B0}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\QFolder\" "DisplayName"="DeviceManagementQFolder" [Uninstall\{AC76BA86-7AD7-1033-7B44-A71000000002}] "InstallSource"="C:\Programme\Adobe\Acrobat 7.0\Setup Files\RdrBig710\ENU\" "UninstallString"=expand:"MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}" "DisplayName"="Adobe Reader 7.1.0" [Uninstall\{AEB9948B-4FF2-47C9-990E-47014492A0FE}] "InstallSource"="C:\WINDOWS\Downloaded Installations\{3EAA7D8F-E3EA-46AB-BA46-6B77F431A22C}\" "UninstallString"=expand:"MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}" [Uninstall\{B017026E-FC02-4CD4-A848-52447D60676B}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{B017026E-FC02-4CD4-A848-52447D60676B}" "DisplayName"="V10NQ" [Uninstall\{B1111A78-01E5-483B-9B1A-6864B82184E8}] "InstallSource"="C:\Programme\TomTom HOME 2\{B1111A78-01E5-483B-9B1A-6864B82184E8}\" "DisplayName"="TomTom HOME" [Uninstall\{B46328B5-BE39-4AD6-AEDE-D0979C1071B4}] "InstallSource"="C:\WINDOWS\Downloaded Installations\{3EAA7D8F-E3EA-46AB-BA46-6B77F431A22C}\" "UninstallString"=expand:"MsiExec.exe /I{B46328B5-BE39-4AD6-AEDE-D0979C1071B4}" "DisplayName"="Mindjet MindManager Pro 7" [Uninstall\{B502B428-3386-40A9-98DB-079AAB72E64F}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}" "DisplayName"="mEoU.msi" [Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}] "DisplayName"="DivX Web Player" "DisplayIcon"="C:\Programme\DivX\DivX Web Player\npdivx32.dll,0" "UninstallString"="C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN" [Uninstall\{B976F8E5-6A68-482C-8371-1DF9C70F7E2E}_is1] "DisplayName"="sipgate X-Lite 1105c ger" "DisplayIcon"="C:\Programme\sipgate X-Lite\sipgateXLite.exe" "UninstallString"="\"C:\Programme\sipgate X-Lite\unins000.exe\"" [Uninstall\{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\BufferChm\" "DisplayName"="BufferChm" [Uninstall\{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}] "DisplayIcon"="C:\Programme\Reference Manager 11\RM11.exe,0" "InstallSource"="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\" "UninstallString"=expand:"MsiExec.exe /I{C0B0893D-6DA2-4F14-B1D0-3C0F1272B398}" "DisplayName"="Reference Manager 11" [Uninstall\{D050D7362D214723AD585B541FFB6C11}] "DisplayName"="DivX Content Uploader" "DisplayIcon"="C:\Programme\DivX\DivXContentUploaderUninstall.exe\someicon.ico,0" "UninstallString"="C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER" [Uninstall\{DE10AB76-4756-4913-BE25-55D1C1051F9A}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe\" -l0x9 " "DisplayName"="WinFlash" [Uninstall\{E3F90083-80D4-4b5a-87C7-E97E12F5516D}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\hpproductassistant\" "DisplayName"="HPProductAssistant" [Uninstall\{EA103B64-C0E4-4C0E-A506-751590E1653D}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\SolutionCenter\" "DisplayName"="SolutionCenter" [Uninstall\{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}] "InstallSource"="C:\Programme\Informax Installations\" "UninstallString"=expand:"MsiExec.exe /I{EA19EDB3-DF71-448F-AFBF-1EEB3ACB9B31}" "DisplayName"="V10COM" [Uninstall\{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" "DisplayName"="mMHouse" [Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe\" REMOVE" "DisplayName"="Realtek High Definition Audio Driver" [Uninstall\{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}] "InstallSource"="C:\Dokumente und Einstellungen\Marina\Desktop\temp\setup\Status\" "DisplayName"="Status" [Uninstall\{F6090A17-0967-4A8A-B3C3-422A1B514D49}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}" "DisplayName"="mDrWiFi" [Uninstall\{F64306A5-4C32-41bb-B153-53986527FAB4}] "DisplayIcon"=",0" [Uninstall\{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}] "InstallSource"="C:\WINDOWS\Installer\iprodata\" "UninstallString"=expand:"MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" "DisplayName"="mWlsSafe" -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\InstallShield Uninstall Information] [Uninstall\InstallShield Uninstall Information\{408EDAC9-15EC-4466-AEEF-E75612FB9F57}] [Uninstall\InstallShield_{408EDAC9-15EC-4466-AEEF-E75612FB9F57}] "UninstallString"="C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{408EDAC9-15EC-4466-AEEF-E75612FB9F57} " "DisplayName"="Odyssey Software Version 2.1" "InstallSource"="D:\Daten\Studium\5. Holland\Internship\Odyssey 2.1\" "DisplayIcon"="" ===================== HIJACKTHIS LOG ===================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:45:41, on 27.06.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Intel\Wireless\Bin\ZcfgSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\Java\jre1.6.0_05\bin\jusched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\Programme\FreePDF_XP\fpassist.exe C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Dokumente und Einstellungen\Marina\Desktop\sys80983.exe C:\DOKUME~1\Marina\LOKALE~1\Temp\nse2.tmp\runme.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\crypserv.exe C:\Programme\Intel\Wireless\Bin\OProtSvc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/ R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] C:\Programme\Intel\Wireless\Bin\EOUWiz.exe O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1185177446359 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185177520359 O17 - HKLM\System\CCS\Services\Tcpip\..\{687B724B-449C-4752-A212-C75D3F517508}: NameServer = 217.237.148.70 O18 - Protocol: ncbi8 - {2B576DD3-0B3E-4718-BCBF-B15E4FB8009D} - C:\Programme\Invitrogen\Vector NTI Advance 10\Ncbi.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe O23 - Service: EvtEng - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programme\Intel\Wireless\Bin\OProtSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 7665 bytes ========================================== Scan completed in 4,4 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work