SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn) Running on: Windows XP PROFESSIONAL Edition, Service Pack 3 (2600.5.1) System directory: C:\WINDOWS SystemScan file: C:\Dokumente und Einstellungen\Ludwig\Desktop\sys3645.exe Running in: User mode Date: 31.07.2008 Time: 07:20:36 Output limited to: -PC accounts -Recent files -Duplicates in BAK folders -Registry Run Keys -Autoplay settings (autorun.inf) -Scheduled jobs -Services and Drivers (all) -Svchost.exe instances -Loaded Dlls -Alternate Data Sreams -Encrypted Files -Hidden objects -Master Boot Record -Network settings -Include HOSTS file -Suspicious Files -Installed Applications -Include HIJACKTHIS.log ===================== ACCOUNTS ON THIS PC ===================== Users on this computer: Is Admin? | Username ------------------ Yes | Administrator | ASPNET | Gast (Disabled) | Hilfeassistent (Disabled) Yes | Ludwig | SUPPORT_388945a0 (Disabled) ### users folders ### startup files in users folders ===================== RECENT FILES ===================== Showing files newer than 60 days ----- recent files in C:\ 13.07.2008 13:25:19 (DIR) 0 byte 18 days old -- Temp 14.07.2008 18:50:29 251712 byte 17 days old -- ntldr 17.07.2008 05:05:00 (DIR) 0 byte 14 days old -- Config.Msi 21.07.2008 20:25:38 476 byte 10 days old -- aaw7boot.log 21.07.2008 20:39:37 211 byte 10 days old -- boot.ini 26.07.2008 17:08:24 120 byte 5 days old -- drmHeader.bin 29.07.2008 07:41:26 12063 byte 2 days old -- ComboFix.txt 29.07.2008 07:41:27 (DIR) 0 byte 2 days old -- QooBox 29.07.2008 13:03:14 (DIR) 0 byte 2 days old -- SAV32CLI 29.07.2008 20:29:22 (DIR) 0 byte 2 days old -- RECYCLER 30.07.2008 14:56:32 1268 byte 1 days old -- avenger.txt 30.07.2008 14:56:49 805306368 byte 1 days old -- pagefile.sys 30.07.2008 15:19:00 (DIR) 0 byte 1 days old -- WINDOWS 30.07.2008 15:19:11 (DIR) 0 byte 1 days old -- Programme 30.07.2008 21:35:41 (DIR) 0 byte 1 days old -- Bilder-Alex ----- recent files in C:\WINDOWS\ 23.06.2008 22:05:15 (DIR) 0 byte 38 days old -- uninstall 02.07.2008 07:32:55 (DIR) 0 byte 29 days old -- $NtUninstallKB943055$ 02.07.2008 07:33:13 (DIR) 0 byte 29 days old -- $NtUninstallKB950749$ 02.07.2008 07:33:30 (DIR) 0 byte 29 days old -- $NtUninstallKB945553$ 02.07.2008 07:33:40 (DIR) 0 byte 29 days old -- $NtUninstallKB943485$ 02.07.2008 07:33:51 (DIR) 0 byte 29 days old -- $NtUninstallKB944338$ 02.07.2008 07:34:01 (DIR) 0 byte 29 days old -- $NtUninstallKB948590$ 02.07.2008 07:34:11 (DIR) 0 byte 29 days old -- $NtUninstallKB950760$ 02.07.2008 07:34:31 (DIR) 0 byte 29 days old -- $NtUninstallKB950759_0$ 02.07.2008 07:34:51 (DIR) 0 byte 29 days old -- $NtUninstallKB950762_0$ 02.07.2008 07:35:03 (DIR) 0 byte 29 days old -- $NtUninstallKB946026$ 02.07.2008 07:35:12 (DIR) 0 byte 29 days old -- $NtUninstallKB941693$ 02.07.2008 07:35:23 (DIR) 0 byte 29 days old -- $NtUninstallKB951698_0$ 02.07.2008 07:35:35 (DIR) 0 byte 29 days old -- $NtUninstallKB941644$ 02.07.2008 07:35:44 (DIR) 0 byte 29 days old -- $NtUninstallKB946627$ 02.07.2008 07:37:34 (DIR) 0 byte 29 days old -- $NtUninstallKB951376-v2_0$ 09.07.2008 22:52:48 (DIR) 0 byte 22 days old -- $NtUninstallKB951748_0$ 13.07.2008 14:48:17 (DIR) 0 byte 18 days old -- Minidump 14.07.2008 18:53:35 (DIR) 0 byte 17 days old -- system 14.07.2008 18:54:29 (DIR) 0 byte 17 days old -- srchasst 14.07.2008 18:54:35 (DIR) 0 byte 17 days old -- msagent 14.07.2008 18:59:55 (DIR) 0 byte 17 days old -- PeerNet 14.07.2008 19:00:04 (DIR) 0 byte 17 days old -- l2schemas 14.07.2008 19:00:38 (DIR) 0 byte 17 days old -- ime 14.07.2008 19:00:39 (DIR) 0 byte 17 days old -- network diagnostic 14.07.2008 19:00:39 (DIR) 0 byte 17 days old -- Help 14.07.2008 19:00:43 (DIR) 0 byte 17 days old -- ehome 14.07.2008 19:00:45 (DIR) 0 byte 17 days old -- ServicePackFiles 14.07.2008 19:00:55 (DIR) 0 byte 17 days old -- WinSxS 14.07.2008 19:51:07 (DIR) 0 byte 17 days old -- $NtUninstallKB950759$ 14.07.2008 19:51:40 (DIR) 0 byte 17 days old -- $NtUninstallKB950762$ 14.07.2008 19:51:57 (DIR) 0 byte 17 days old -- $NtUninstallKB951376-v2$ 14.07.2008 19:52:14 (DIR) 0 byte 17 days old -- $NtUninstallKB951698$ 14.07.2008 19:52:33 (DIR) 0 byte 17 days old -- $NtUninstallKB951748$ 14.07.2008 19:57:20 (DIR) 0 byte 17 days old -- security 14.07.2008 19:58:19 (DIR) 0 byte 17 days old -- Fonts 15.07.2008 16:02:34 (DIR) 0 byte 16 days old -- $hf_mig$ 15.07.2008 16:06:22 (DIR) 0 byte 16 days old -- $NtUninstallKB951978$ 17.07.2008 05:05:00 (DIR) 0 byte 14 days old -- Installer 21.07.2008 20:39:37 716 byte 10 days old -- win.ini 22.07.2008 04:16:39 272 byte 9 days old -- Wininit.ini 22.07.2008 07:44:01 (DIR) 0 byte 9 days old -- Debug 27.07.2008 04:21:47 0 byte 4 days old -- setuperr.log 27.07.2008 04:21:47 60 byte 4 days old -- setupact.log 27.07.2008 20:39:47 (DIR) 0 byte 4 days old -- erdnt 29.07.2008 07:34:49 (DIR) 0 byte 2 days old -- AppPatch 29.07.2008 07:36:00 227 byte 2 days old -- system.ini 29.07.2008 10:59:25 (DIR) 0 byte 2 days old -- ERUNT 29.07.2008 13:48:12 (DIR) 0 byte 2 days old -- $NtServicePackUninstall$ 30.07.2008 10:52:08 435062 byte 1 days old -- ntbtlog.txt 30.07.2008 14:26:40 (DIR) 0 byte 1 days old -- system32 30.07.2008 14:55:58 32624 byte 1 days old -- SchedLgU.Txt 30.07.2008 14:56:53 2048 byte 1 days old -- bootstat.dat 30.07.2008 14:57:37 50 byte 1 days old -- wiaservc.log 30.07.2008 14:57:38 159 byte 1 days old -- wiadebug.log 30.07.2008 14:57:48 0 byte 1 days old -- 0.log 30.07.2008 15:00:24 (DIR) 0 byte 1 days old -- Tasks 30.07.2008 15:18:02 (DIR) 0 byte 1 days old -- Downloaded Program Files 30.07.2008 15:19:01 (DIR) 0 byte 1 days old -- LastGood 30.07.2008 15:19:10 (DIR) 0 byte 1 days old -- inf 30.07.2008 15:19:22 54293 byte 1 days old -- setupapi.log 30.07.2008 21:41:12 116 byte 1 days old -- NeroDigital.ini 30.07.2008 21:41:13 7680 byte 1 days old -- Thumbs.db 30.07.2008 22:25:27 1060196 byte 1 days old -- WindowsUpdate.log 31.07.2008 05:49:31 (DIR) 0 byte 0 days old -- temp 31.07.2008 07:20:16 (DIR) 0 byte 0 days old -- Prefetch ----- recent files in C:\WINDOWS\Downloaded Program Files\ 27.06.2008 16:47:36 289 byte 34 days old -- as2stubie.inf 30.06.2008 10:39:58 128256 byte 31 days old -- as2stubie.dll ----- recent files in C:\WINDOWS\system\ ----- recent files in C:\WINDOWS\system32\ 11.06.2008 02:03:10 630784 byte 50 days old -- divxdec.ax 11.06.2008 02:03:18 683520 byte 50 days old -- DivX.dll 11.06.2008 02:03:20 802816 byte 50 days old -- divx_xx11.dll 11.06.2008 02:03:20 823296 byte 50 days old -- divx_xx0c.dll 11.06.2008 02:03:20 815104 byte 50 days old -- divx_xx0a.dll 11.06.2008 02:03:20 823296 byte 50 days old -- divx_xx07.dll 11.06.2008 02:03:22 593920 byte 50 days old -- dpuGUI11.dll 11.06.2008 02:03:22 344064 byte 50 days old -- dpus11.dll 11.06.2008 02:03:22 57344 byte 50 days old -- dpv11.dll 11.06.2008 02:03:22 294912 byte 50 days old -- dpu10.dll 11.06.2008 02:03:22 294912 byte 50 days old -- dpu11.dll 11.06.2008 02:03:22 53248 byte 50 days old -- dpuGUI10.dll 11.06.2008 02:03:24 8523 byte 50 days old -- dpude.qm 11.06.2008 02:03:24 3051 byte 50 days old -- dtu_de.qm 11.06.2008 02:03:26 81920 byte 50 days old -- dpl100.dll 11.06.2008 02:03:26 416 byte 50 days old -- dpl100.dll.manifest 11.06.2008 02:03:26 196608 byte 50 days old -- dtu100.dll 11.06.2008 02:03:26 416 byte 50 days old -- dtu100.dll.manifest 11.06.2008 02:04:26 1044480 byte 50 days old -- libdivx.dll 11.06.2008 02:04:26 200704 byte 50 days old -- ssldivx.dll 11.06.2008 02:07:20 3596288 byte 50 days old -- qt-dx331.dll 11.06.2008 02:07:24 10152 byte 50 days old -- dsm_de.qm 11.06.2008 02:07:24 4816 byte 50 days old -- divxsm.tlb 11.06.2008 02:07:24 524288 byte 50 days old -- DivXsm.exe 18.06.2008 19:52:28 161096 byte 43 days old -- DivXCodecVersionChecker.exe 20.06.2008 19:46:10 147968 byte 41 days old -- dnsapi.dll 20.06.2008 19:46:10 247296 byte 41 days old -- mswsock.dll 25.06.2008 18:15:46 17972344 byte 36 days old -- MRT.exe 08.07.2008 18:32:54 (DIR) 0 byte 23 days old -- repository 09.07.2008 23:04:32 216 byte 22 days old -- MRT.INI 14.07.2008 18:47:18 (DIR) 0 byte 17 days old -- ReinstallBackups 14.07.2008 18:53:38 (DIR) 0 byte 17 days old -- oobe 14.07.2008 18:54:20 (DIR) 0 byte 17 days old -- Com 14.07.2008 18:54:38 (DIR) 0 byte 17 days old -- npp 14.07.2008 18:54:38 (DIR) 0 byte 17 days old -- Restore 14.07.2008 18:59:55 (DIR) 0 byte 17 days old -- bits 14.07.2008 18:59:56 (DIR) 0 byte 17 days old -- de 14.07.2008 19:00:11 (DIR) 0 byte 17 days old -- usmt 14.07.2008 19:00:12 (DIR) 0 byte 17 days old -- de-de 14.07.2008 19:00:39 (DIR) 0 byte 17 days old -- inetsrv 14.07.2008 19:52:39 (DIR) 0 byte 17 days old -- CatRoot 14.07.2008 19:58:20 (DIR) 0 byte 17 days old -- wbem 14.07.2008 19:58:21 (DIR) 0 byte 17 days old -- Setup 14.07.2008 19:58:24 124520 byte 17 days old -- FNTCACHE.DAT 14.07.2008 20:00:46 90 byte 17 days old -- spupdwxp.log 14.07.2008 20:03:19 75116 byte 17 days old -- perfc007.dat 14.07.2008 20:03:19 401372 byte 17 days old -- perfh009.dat 14.07.2008 20:03:19 967166 byte 17 days old -- PerfStringBackup.INI 14.07.2008 20:03:19 415818 byte 17 days old -- perfh007.dat 14.07.2008 20:03:19 62460 byte 17 days old -- perfc009.dat 27.07.2008 20:40:02 (DIR) 0 byte 4 days old -- config 29.07.2008 11:02:55 (DIR) 0 byte 2 days old -- dllcache 30.07.2008 14:58:06 13646 byte 1 days old -- wpa.dbl 30.07.2008 15:18:00 (DIR) 0 byte 1 days old -- CatRoot2 30.07.2008 15:23:42 (DIR) 0 byte 1 days old -- drivers ----- recent files in C:\WINDOWS\system32\drivers\ 14.06.2008 19:32:01 273024 byte 47 days old -- bthport.sys 19.06.2008 17:24:30 28544 byte 42 days old -- pavboot.sys 20.06.2008 13:08:27 225856 byte 41 days old -- tcpip6.sys 20.06.2008 13:40:08 138496 byte 41 days old -- afd.sys 20.06.2008 13:51:12 361600 byte 41 days old -- tcpip.sys 23.07.2008 20:09:38 17144 byte 8 days old -- mbam.sys 23.07.2008 20:09:44 38472 byte 8 days old -- mbamswissarmy.sys 29.07.2008 11:04:56 (DIR) 0 byte 2 days old -- etc ----- recent files in C:\WINDOWS\temp\ 30.07.2008 13:35:11 10400 byte 1 days old -- MpSigStub.log 30.07.2008 14:58:16 409 byte 1 days old -- WGANotify.settings 30.07.2008 15:17:38 6800 byte 1 days old -- MpCmdRun.log 31.07.2008 07:12:22 255 byte 0 days old -- WGAErrLog.txt ----- recent files in C:\Programme\ 16.06.2008 16:48:52 (DIR) 0 byte 45 days old -- QuickDic 02.07.2008 07:21:33 (DIR) 0 byte 29 days old -- Adobe 03.07.2008 16:13:49 (DIR) 0 byte 28 days old -- Lavasoft 14.07.2008 16:05:51 (DIR) 0 byte 17 days old -- Spybot - Search & Destroy 14.07.2008 18:54:09 (DIR) 0 byte 17 days old -- Outlook Express 14.07.2008 18:54:09 (DIR) 0 byte 17 days old -- Windows NT 14.07.2008 18:54:10 (DIR) 0 byte 17 days old -- Windows Media Player 14.07.2008 18:54:25 (DIR) 0 byte 17 days old -- NetMeeting 14.07.2008 18:59:55 (DIR) 0 byte 17 days old -- Movie Maker 14.07.2008 19:00:04 (DIR) 0 byte 17 days old -- Internet Explorer 14.07.2008 19:00:47 (DIR) 0 byte 17 days old -- Messenger 14.07.2008 20:41:22 (DIR) 0 byte 17 days old -- McafeeRootkit 14.07.2008 20:43:17 (DIR) 0 byte 17 days old -- VS Revo Group 17.07.2008 05:12:37 (DIR) 0 byte 14 days old -- Coolspot 26.07.2008 16:02:57 (DIR) 0 byte 5 days old -- DivX 27.07.2008 12:34:35 (DIR) 0 byte 4 days old -- Malwarebytes' Anti-Malware 28.07.2008 12:28:27 (DIR) 0 byte 3 days old -- FarStone 28.07.2008 18:06:22 (DIR) 0 byte 3 days old -- Regsearch 30.07.2008 13:42:16 (DIR) 0 byte 1 days old -- Norton AntiVirus 30.07.2008 13:49:15 (DIR) 0 byte 1 days old -- Norton Personal Firewall 30.07.2008 14:57:19 (DIR) 0 byte 1 days old -- Gemeinsame Dateien 30.07.2008 15:00:16 (DIR) 0 byte 1 days old -- Registry Defragmentation 30.07.2008 15:19:11 (DIR) 0 byte 1 days old -- Panda Security ----- recent files in C:\Programme\Gemeinsame Dateien\ 03.07.2008 16:11:13 (DIR) 0 byte 28 days old -- Wise Installation Wizard 14.07.2008 18:54:04 (DIR) 0 byte 17 days old -- System 17.07.2008 05:04:57 (DIR) 0 byte 14 days old -- LightScribe 30.07.2008 15:10:54 (DIR) 0 byte 1 days old -- Symantec Shared ----- recent files in C:\Dokumente und Einstellungen\Ludwig\Anwendungsdaten\ 27.07.2008 12:34:41 (DIR) 0 byte 4 days old -- Malwarebytes ----- recent files in C:\DOKUME~1\Ludwig\LOKALE~1\Temp\ 29.07.2008 11:56:09 284 byte 2 days old -- MSI5fd36.LOG 29.07.2008 16:12:07 284 byte 2 days old -- MSI6c88.LOG 29.07.2008 16:12:09 284 byte 2 days old -- MSI6c89.LOG 29.07.2008 20:21:01 4332 byte 2 days old -- REVA8.tmp 29.07.2008 20:21:40 1598596 byte 2 days old -- VSUSetup.exe 30.07.2008 09:14:07 284 byte 1 days old -- MSI32740.LOG 30.07.2008 09:14:29 284 byte 1 days old -- MSI32741.LOG 30.07.2008 09:14:34 284 byte 1 days old -- MSI32742.LOG 30.07.2008 10:29:21 284 byte 1 days old -- MSI8deee.LOG 30.07.2008 10:29:23 284 byte 1 days old -- MSI8deef.LOG 30.07.2008 10:29:23 284 byte 1 days old -- MSI8def0.LOG 30.07.2008 10:32:50 (DIR) 0 byte 1 days old -- msohtml1 30.07.2008 10:41:43 (DIR) 0 byte 1 days old -- AVSETUP_48902947 30.07.2008 13:35:09 284 byte 1 days old -- MSI1febe.LOG 30.07.2008 13:35:11 284 byte 1 days old -- MSI1febf.LOG 30.07.2008 13:35:12 284 byte 1 days old -- MSI1fec0.LOG 30.07.2008 14:36:21 284 byte 1 days old -- MSI33c20.LOG 30.07.2008 14:36:40 284 byte 1 days old -- MSI33c21.LOG 30.07.2008 14:36:43 284 byte 1 days old -- MSI33c22.LOG 30.07.2008 14:56:45 2070 byte 1 days old -- sarclean.log 30.07.2008 14:57:26 (DIR) 0 byte 1 days old -- WPDNSE 30.07.2008 14:59:09 284 byte 1 days old -- MSI1ccb2.LOG 30.07.2008 14:59:09 284 byte 1 days old -- MSI1ccb1.LOG 30.07.2008 14:59:10 284 byte 1 days old -- MSI1ccb3.LOG 30.07.2008 15:02:21 865 byte 1 days old -- jusched.log 30.07.2008 15:17:53 284 byte 1 days old -- MSI39771.LOG 30.07.2008 15:17:53 284 byte 1 days old -- MSI39772.LOG 30.07.2008 15:21:41 15511 byte 1 days old -- PSSysChk.log 30.07.2008 22:09:57 17 byte 1 days old -- stadistic.log 30.07.2008 22:19:48 284 byte 1 days old -- MSI5e491.LOG 31.07.2008 07:20:07 16384 byte 0 days old -- ~DFCE3D.tmp 31.07.2008 07:20:07 57 byte 0 days old -- systemscan.ini 31.07.2008 07:20:37 (DIR) 0 byte 0 days old -- nsy1BA.tmp ===================== DUPLICATE FILES IN BAK FOLDERS ===================== BAK folders found: C:\Programme\LexisNexis\LEXsoft\components\bak No files within BAK folders ===================== REGISTRY SCAN ===================== -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [run] "ATIPTA"="\"C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe\"" "ccApp"="\"C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe\"" "Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" "Dit"="Dit.exe" "SunJavaUpdateSched"="\"C:\Programme\Java\jre1.6.0_03\bin\jusched.exe\"" "ToADiMon.exe"="C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart" "Adobe Reader Speed Launcher"="\"C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe\"" "UnlockerAssistant"="\"C:\Programme\Unlocker\UnlockerAssistant.exe\"" "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" "HP Software Update"="\"C:\Programme\HP\HP Software Update\HPWuSchd2.exe\"" "HP Component Manager"="\"C:\Programme\HP\hpcoretech\hpcmpmgr.exe\"" [run\OptionalComponents] @="" [run\OptionalComponents\IMAIL] "Installed"="1" @="" [run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" @="" [run\OptionalComponents\MSFS] "Installed"="1" @="" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" "MSMSGS"="\"C:\Programme\Messenger\msmsgs.exe\" /background" "NBJ"="\"C:\Programme\Ahead\Nero BackItUp\NBJ.exe\"" "RegDfrgSch"="C:\Programme\Registry Defragmentation\RegDfrgSch.exe /tray" -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" "DWQueuedReporting"="\"C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe\" -t" -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] "AppInit_DLLs"="" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%SystemRoot%\system32\webcheck.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" #### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\WPDShServiceObj.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="\"ShellExecuteHook\" von Microsoft AntiMalware" #### HKCR\CLSID\{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}\InprocServer32 @="C:\PROGRA~1\WINDOW~4\MpShHook.dll" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "Shell"="Explorer.exe" "System"="" "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "UIHost"=expand:"logonui.exe" "LogonType"=dword:00000001 "WinStationsDisabled"="0" "Userinit"="C:\WINDOWS\system32\userinit.exe," [Winlogon\GPExtensions] [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] "@="Drahtlos" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] "@="Folder Redirection" "DllName"=expand:"fdeploy.dll" [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] "@="Microsoft-Datenträgerkontingent" "DllName"=expand:"dskquota.dll" [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] "@="QoS-Paketplaner" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] "@="Skripts" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] "@="Internet Explorer-Zonenzuordnung" "DllName"=expand:"iedkcs32.dll" [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="Security" [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "DllName"=expand:"iedkcs32.dll" "@="Internet Explorer-Branding" [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="EFS recovery" [Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] "@="802.3 Group Policy" "DllName"=expand:"dot3gpclnt.dll" [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] "@="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\System32\cscui.dll" [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] "@="Softwareinstallation" "DllName"=expand:"appmgmts.dll" [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] "@="IP-Sicherheit" "DllName"=expand:"gptext.dll" [Winlogon\Notify] [Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" [Winlogon\Notify\crypt32chain] "DllName"=expand:"crypt32.dll" [Winlogon\Notify\cryptnet] "DllName"=expand:"cryptnet.dll" [Winlogon\Notify\cryptonet] [Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" [Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" [Winlogon\Notify\Schedule] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\sclgntfy] "DllName"=expand:"sclgntfy.dll" [Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" [Winlogon\Notify\termsrv] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\WgaLogon] "DllName"=expand:"WgaLogon.dll" [Winlogon\Notify\WgaLogon\Settings] [Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" [Winlogon\SCLogon] [Winlogon\SpecialAccounts] [Winlogon\SpecialAccounts\UserList] "Hilfeassistent"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "HelpAssistant"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 "ASPNET"=dword:00000000 -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "ParseAutoexec"="1" "ExcludeProfileDirs"="Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp;Lokale Einstellungen\Anwendungsdaten\Microsoft\Outlook" "BuildNumber"=dword:00000a28 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options----- [Image File Execution Options\Your Image File Name Here without a path] "Debugger"="ntsd -d" -----HKLM\System\CurrentControlSet\Control\Session Manager\----- [Session Manager] "BootExecute"=multi:"autocheck autochk *\00lsdelete\00\00" [Session Manager\SubSystems] "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" -----HKLM\SYSTEM\CurrentControlSet\Control\WOW----- [WOW] "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe" "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- [RunOnceEx] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] "DJSNetCN"="C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe" -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [Runonce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKLM\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup----- -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run----- -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler----- [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects----- [Browser Helper Objects] @="" -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks----- [URLSearchHooks] "{855F3B16-6D32-4fe6-8A56-BBB695989046}"="" "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"="" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @=expand:"%SystemRoot%\system32\shdocvw.dll" -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig----- [MSConfig] [MSConfig\services] [MSConfig\startupfolder] [MSConfig\startupreg] [MSConfig\state] "system.ini"=dword:00000000 "win.ini"=dword:00000000 "bootini"=dword:00000000 "services"=dword:00000000 "startup"=dword:00000000 -----HKCU\Control Panel\Desktop\----- [Desktop] [Desktop\WindowMetrics] -----HKEY_CLASSES_ROOT\exefile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\comfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\batfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\piffile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\scrFile\shell\open\command----- [command] @="\"%1\" /S" -----HKEY_CLASSES_ROOT\htafile\shell\open\command----- [Command] @="C:\WINDOWS\system32\mshta.exe \"%1\" %*" -----HKEY_CLASSES_ROOT\logfile\shell\open\command----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL----- [URL] [URL\DefaultPrefix] @="http://" [URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa----- [Lsa] [Lsa\AccessProviders] [Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll" [Lsa\Audit] [Lsa\Audit\PerUserAuditing] [Lsa\Audit\PerUserAuditing\System] [Lsa\Data] [Lsa\SSO] [Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [Lsa\SspiCache] [Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" [Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" [Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----- [SharedAccess] "DependOnGroup"=multi:"\00" "DependOnService"=multi:"Netman\00WinMgmt\00\00" "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [SharedAccess\Epoch] "Epoch"=dword:00002ce1 [SharedAccess\Parameters] "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll" [SharedAccess\Parameters\FirewallPolicy] [SharedAccess\Parameters\FirewallPolicy\DomainProfile] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" [SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000000 "DoNotAllowExceptions"=dword:00000000 [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2----- -----HKLM\Software\Microsoft\Ole----- [Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ "EnableDCOM"="Y" [Ole\AppCompat] [Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\----- [Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [Security Center\Monitoring] [Security Center\Monitoring\AhnlabAntiVirus] [Security Center\Monitoring\ComputerAssociatesAntiVirus] [Security Center\Monitoring\KasperskyAntiVirus] [Security Center\Monitoring\McAfeeAntiVirus] [Security Center\Monitoring\McAfeeFirewall] [Security Center\Monitoring\PandaAntiVirus] [Security Center\Monitoring\PandaFirewall] [Security Center\Monitoring\SophosAntiVirus] [Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [Security Center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [Security Center\Monitoring\TinyFirewall] [Security Center\Monitoring\TrendAntiVirus] [Security Center\Monitoring\TrendFirewall] [Security Center\Monitoring\ZoneLabsFirewall] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\----- [SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001 "DSMin"=dword:000000c8 "DSMax"=dword:00000190 "RPSessionInterval"=dword:00000000 "RPGlobalInterval"=dword:00015180 "RPLifeInterval"=dword:0076a700 "CompressionBurst"=dword:0000003c "TimerInterval"=dword:00000078 "DiskPercent"=dword:0000000c "ThawInterval"=dword:00000384 "RestoreDiskSpaceError"=dword:00000000 "RestoreStatus"=dword:00000000 "RestoreSafeModeStatus"=dword:00000000 [SystemRestore\Cfg] "DiskPercent"=dword:0000000c "MachineGuid"="{0815D400-5F54-4A05-BD67-A6CCCB7B235D}" [SystemRestore\SnapshotCallbacks] @="" -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings----- [VB and VBA Program Settings] [VB and VBA Program Settings\8237649284761] [VB and VBA Program Settings\8237649284761\Settings] [VB and VBA Program Settings\CCleaner] [VB and VBA Program Settings\CCleaner\Options] [VB and VBA Program Settings\Euro Add-in] [VB and VBA Program Settings\Euro Add-in\Wizard Options] [VB and VBA Program Settings\HeadCase] [VB and VBA Program Settings\HeadCase\Options] [VB and VBA Program Settings\MMMSONY] [VB and VBA Program Settings\MMMSONY\TempDisk] [VB and VBA Program Settings\MP3GainAnalysis] [VB and VBA Program Settings\MP3GainAnalysis\StartUp] -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- [AdvancedOptions] -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- -----HKLM\Software\Microsoft\Active Setup\Installed Components----- [Installed Components] [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP" "@="Microsoft Windows Media Player" "ComponentID"="WMPACCESS" [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] "@="Internet Explorer" "ComponentID"="IEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE" [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] "@="Browseranpassungen" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] "@="Outlook Express" "ComponentID"="OEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE" [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] "@="Java (Sun)" "ComponentID"="JAVAVM" "KeyFileName"="C:\Programme\Java\jre1.6.0_03\bin\regutils.dll" [Installed Components\{0E92DD42-76F5-4EF2-B381-F9C1D72BE23D}] "@="Security Update for Microsoft .NET Framework 2.0 (KB922770)" "ComponentID"="KB922770" [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] "@="Vektorgrafik-Rendering (VML)" "ComponentID"="MSVML" [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="NetShow" "StubPath"="" [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="Microsoft Windows Media Player" "StubPath"="" "@="Microsoft Windows Media Player 6.4" [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] #### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll" "@="DirectAnimation" "ComponentID"="DirectAnimation" [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] "@="Themes Setup" "ComponentID"="Theme Component" "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll" [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] "@="Dynamic HTML-Datenbindung für Java" "ComponentID"="TridataJava" [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "@="Offlinebrowsingpaket" "ComponentID"="MobilePk" [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] "@="Uniscribe" "ComponentID"="USP10" [Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}] "ComponentID"="S867460" "@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)" [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] "@="Erweitertes Authoring" "ComponentID"="AdvAuth" [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "@="Microsoft Outlook Express 6" "ComponentID"="MailNews" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] "@="NetMeeting 3.01" "ComponentID"="NetMeeting" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT" [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] "@="DirectShow" "ComponentID"="activemovie" [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] "@="DirectDrawEx" "ComponentID"="DirectDrawEx" [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] "@="Internet Explorer-Hilfe" "ComponentID"="HelpCont" [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] "@="DirectAnimation Java Classes" "ComponentID"="DAJava" [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] "@="Microsoft Windows Script 5.7" "ComponentID"="MSVBScript" [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] "@="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" "KeyFileName"="C:\Programme\Messenger\msmsgs.exe" [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] "@="Internet Explorer Setup Tools" "ComponentID"="GenSetup" [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "@="Browsererweiterungen" "ComponentID"="ExtraPack" "KeyFileName"="C:\WINDOWS\system32\msieftp.dll" [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll" "@="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub" [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] "@="Zugang zu MSN Site" "ComponentID"="MSN_Auth" [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{73FA19D0-2D75-11D2-995D-00C04F98BBC9}] "@="Webordner" "ComponentID"="WebFolders" "StubPath"="" [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "@="Adressbuch 6" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" [Installed Components\{8056AC9E-49C5-4375-9ADE-B2F862C9DF51}] "ComponentID"="KB928365" "@="Security Update for Microsoft .NET Framework 2.0 (KB928365)" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "@="Windows Desktop-Update" "ComponentID"="IE4Shell_NT" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "@="Internet Explorer 6" "ComponentID"="BASEIE40_W2K" "StubPath"=expand:"%SystemRoot%\system32\ie4uinit.exe" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix] [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "ComponentID"="DOTNETFRAMEWORKS" "StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" [Installed Components\{8D1D0E9A-C799-4D28-9E29-0061D1E66E43}] "ComponentID"="M928366" "@="Microsoft .NET Framework 1.1 Hotfix (KB928366)" [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] "@="Dynamic HTML-Datenbindung" "ComponentID"="Tridata" [Installed Components\{967B098A-042D-4367-BAC9-8BC11684174F}] "@="Security Update for Microsoft .NET Framework 2.0 (KB917283)" "ComponentID"="KB917283" [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] "@="Internet Explorer-Hauptschriftarten" "ComponentID"="Fontcore" [Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] "@="Taskplaner" "ComponentID"="MSTASK" [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] "@="Shockwave Flash" "ComponentID"="Flash" [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] "@="HTML-Hilfe" "ComponentID"="HTMLHelp" [Installed Components\{E78BFA60-5393-4C38-82AB-E8019E464EB4}] "@=".NET Framework" "ComponentID"=".NETFramework" [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] "@="Active Directory Service Interface" "ComponentID"="ADSI" -----Comparing registry keys CCS1 vs CCS2 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services Result compared: Identical -----Comparing registry keys CCS1 vs CCS3 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Dhcp\Parameters {83CDD3D3-DAF3-4F4F-A11D-EAB006753254} REG_BINARY 06000000000000000400000000000000BB109648C0A802010F000000000000001100000000000000BB1096485370656564706F72745F575F373030560000000003000000000000000400000000000000BB109648C0A8020101000000000000000400000000000000BB109648FFFFFF0033000000000000000400000000000000BB1096480005460036000000000000000400000000000000BB109648C0A8020135000000000000000100000000000000BB10964805000000FC000000000000000000000000000000B8CA9048 > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Dhcp\Parameters {83CDD3D3-DAF3-4F4F-A11D-EAB006753254} REG_BINARY 060000000000000004000000000000001AAB9548C0A802010F0000000000000011000000000000001AAB95485370656564706F72745F575F3730305600000000030000000000000004000000000000001AAB9548C0A80201010000000000000004000000000000001AAB9548FFFFFF00330000000000000004000000000000001AAB954800054600360000000000000004000000000000001AAB9548C0A80201350000000000000001000000000000001AAB954805000000 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT EventMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ C:\WINDOWS\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Application\ESENT CategoryMessageFile REG_EXPAND_SZ c:\windows\system32\ESENT.dll > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\DS > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\LSA > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\NetDDE Object > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\SC Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Security Account Manager > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\Eventlog\Security\Spooler > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\MRxDAV\EncryptedDirectories < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NAVENG ImagePath REG_EXPAND_SZ \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080730.003\NAVENG.Sys > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\NAVENG ImagePath REG_EXPAND_SZ \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080723.039\NAVENG.Sys < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NAVEX15 ImagePath REG_EXPAND_SZ \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080730.003\NavEx15.Sys > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\NAVEX15 ImagePath REG_EXPAND_SZ \??\C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080723.039\NavEx15.Sys < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\pavboot < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 11489 (0x2CE1) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SharedAccess\Epoch Epoch REG_DWORD 11487 (0x2CDF) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SPBBCDrv Start REG_DWORD 1 (0x1) > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\SPBBCDrv Start REG_DWORD 3 (0x3) Result compared: Different ===================== AUTOPLAY SETTINGS ===================== ~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~ (note: default values should be 91 or 95) -----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer----- [Explorer] "NoDriveTypeAutoRun"=dword:00000091 -----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer----- [Explorer] "NoDriveTypeAutoRun"=dword:00000091 Autorun is enabled on: DRIVE_UNKNOWN = Falsch DRIVE_NO_ROOT_DIR = Wahr DRIVE_REMOVABLE = Wahr DRIVE_FIXED = Wahr DRIVE_REMOTE = Falsch DRIVE_CDROM = Wahr DRIVE_RAMDISK = Wahr RESERVED = Falsch ~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~ ### C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\autorun.inf [C32] SetupGlue=0 PdiOffset=..\AiO\hpopdi05.exe GhoulOffset=hpzghl09.exe PinOffset=..\AiO\hpopin05.exe ### C:\Programme\HP\Temp\{A1062847-0846-427A-92A1-BB8251A91E91}\autorun.inf [C32] SetupGlue=0 PdiOffset=..\AiO\hpopdi05.exe GhoulOffset=hpzghl09.exe PinOffset=..\AiO\hpopin05.exe ### D:\Treiber\Sound\AUTORUN.INF OPEN=Setup.EXE ===================== SCHEDULED JOBS ===================== jobs found in C:\WINDOWS: 04.08.2004 14:00:00 65 byte 1457 days old -- C:\WINDOWS\tasks\desktop.ini 20.06.2008 21:23:29 398 byte 41 days old -- C:\WINDOWS\tasks\1-Klick-Wartung.job 28.06.2008 04:57:47 570 byte 33 days old -- C:\WINDOWS\tasks\Norton AntiVirus - Meinen Computer prüfen - Ludwig.job 30.07.2008 14:57:13 6 byte 1 days old -- C:\WINDOWS\tasks\SA.DAT 30.07.2008 15:00:24 322 byte 1 days old -- C:\WINDOWS\tasks\MP Scheduled Scan.job ~~~~~~~~~~~~~~~~~~~~~ Active jobs: ~~~~~~~~~~~~~~~~~~~~~ Most recent (50) lines in jobs scheduled log: "MP Scheduled Scan.job" (MpCmdRun.exe) Start: 28.07.2008 02:27:00 "MP Scheduled Scan.job" (MpCmdRun.exe) Ende: 28.07.2008 02:27:33 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "MP Scheduled Scan.job" (MpCmdRun.exe) Start: 29.07.2008 02:27:00 "MP Scheduled Scan.job" (MpCmdRun.exe) Ende: 29.07.2008 02:28:06 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). ===================== LIST OF ALL SERVICES & DRIVERS ===================== -----HKLM\system\currentcontrolset\services----- 000) "Abiosdsk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 001) "abp480n5" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 002) "ACPI" - Microsoft ACPI-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ACPI.sys ---> TYPE = KERNEL_DRIVER 003) "ACPIEC" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 004) "adpu160m" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 005) "aec" - Microsoft Kernel-Echounterdrückung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\aec.sys ---> TYPE = KERNEL_DRIVER 006) "AFD" - AFD ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\afd.sys ---> TYPE = KERNEL_DRIVER 007) "Aha154x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 008) "aic78u2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 009) "aic78xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 010) "AliIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 011) "amsint" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 012) "Arp1394" - 1394-ARP-Clientprotokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\arp1394.sys ---> TYPE = KERNEL_DRIVER 013) "asc" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 014) "asc3350p" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 015) "asc3550" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 016) "AsyncMac" - Asynchroner RAS -Medientreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\asyncmac.sys ---> TYPE = KERNEL_DRIVER 017) "atapi" - Standard-IDE/ESDI-Festplattencontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\atapi.sys ---> TYPE = KERNEL_DRIVER 018) "Atdisk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 019) "ati2mtag" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ati2mtag.sys ---> TYPE = KERNEL_DRIVER 020) "Atmarpc" - Protokoll für ATM ARP-Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\atmarpc.sys ---> TYPE = KERNEL_DRIVER 021) "audstub" - Audiostubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\audstub.sys ---> TYPE = KERNEL_DRIVER 022) "Beep" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 023) "catchme" ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\DOKUME~1\Ludwig\LOKALE~1\Temp\catchme.sys ---> TYPE = KERNEL_DRIVER 024) "cbidf2k" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 025) "CCDECODE" - Untertiteldecoder ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\CCDECODE.sys ---> TYPE = KERNEL_DRIVER 026) "cd20xrnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 027) "Cdaudio" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 028) "Cdfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 029) "Cdrom" - CD-ROM-Laufwerktreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\cdrom.sys ---> TYPE = KERNEL_DRIVER 030) "Changer" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 031) "CmdIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 032) "cmuda" - C-Media WDM Audio Interface ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\cmuda.sys ---> TYPE = KERNEL_DRIVER 033) "CO_Mon" - CO_Mon ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\Drivers\CO_Mon.sys ---> TYPE = KERNEL_DRIVER 034) "Cpqarray" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 035) "dac2w2k" ---> STAT = (RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 036) "dac960nt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 037) "DCDisk" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 038) "Disk" - Laufwerktreiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\disk.sys ---> TYPE = KERNEL_DRIVER 039) "dmboot" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmboot.sys ---> TYPE = KERNEL_DRIVER 040) "dmio" - Treiber für die Verwaltung logischer Datenträger ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\drivers\dmio.sys ---> TYPE = KERNEL_DRIVER 041) "dmload" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\drivers\dmload.sys ---> TYPE = KERNEL_DRIVER 042) "DMusic" - Microsoft Kernel-DLS-Synthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\DMusic.sys ---> TYPE = KERNEL_DRIVER 043) "dpti2o" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 044) "drmkaud" - Microsoft Kernel-DRM-Audioentschlüsselung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\drmkaud.sys ---> TYPE = KERNEL_DRIVER 045) "ENTECH" - ENTECH ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\DRIVERS\ENTECH.sys ---> TYPE = KERNEL_DRIVER 046) "exdisk" - Express Disk Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\exdisk.sys ---> TYPE = KERNEL_DRIVER 047) "Fastfat" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 048) "Fdc" - Diskettencontrollertreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\fdc.sys ---> TYPE = KERNEL_DRIVER 049) "Fips" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 050) "Flpydisk" - Diskettenlaufwerktreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\flpydisk.sys ---> TYPE = KERNEL_DRIVER 051) "FltMgr" - FltMgr ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\drivers\fltmgr.sys ---> TYPE = FILE_SYSTEM_DRIVER 052) "Ftdisk" - Treiber für Volume-Manager ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ftdisk.sys ---> TYPE = KERNEL_DRIVER 053) "gameenum" - Gameport-Enumerator ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\gameenum.sys ---> TYPE = KERNEL_DRIVER 054) "Gpc" - Standardpaketklassifizierung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\msgpc.sys ---> TYPE = KERNEL_DRIVER 055) "hamachi" - Hamachi Network Interface ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\hamachi.sys ---> TYPE = KERNEL_DRIVER 056) "HidUsb" - Microsoft HID Class-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\hidusb.sys ---> TYPE = KERNEL_DRIVER 057) "hpn" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 058) "HPZid412" - IEEE-1284.4 Driver HPZid412 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\HPZid412.sys ---> TYPE = KERNEL_DRIVER 059) "HPZipr12" - Print Class Driver for IEEE-1284.4 HPZipr12 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\HPZipr12.sys ---> TYPE = KERNEL_DRIVER 060) "HPZius12" - USB to IEEE-1284.4 Translation Driver HPZius12 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\HPZius12.sys ---> TYPE = KERNEL_DRIVER 061) "HTTP" - HTTP ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\Drivers\HTTP.sys ---> TYPE = KERNEL_DRIVER 062) "i2omgmt" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 063) "i2omp" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 064) "i8042prt" - i8042-Tastatur- und PS/2-Mausanschluss-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\i8042prt.sys ---> TYPE = KERNEL_DRIVER 065) "Imapi" - Filtertreiber für CD-Brennen ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\imapi.sys ---> TYPE = KERNEL_DRIVER 066) "ini910u" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 067) "IntelIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 068) "intelppm" - Intel-Prozessortreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\intelppm.sys ---> TYPE = KERNEL_DRIVER 069) "Ip6Fw" - IPv6-Windows-Firewalltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\ip6fw.sys ---> TYPE = KERNEL_DRIVER 070) "IpFilterDriver" - Filtertreiber für IP-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipfltdrv.sys ---> TYPE = KERNEL_DRIVER 071) "IpInIp" - IP/IP-Tunneltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipinip.sys ---> TYPE = KERNEL_DRIVER 072) "IpNat" - Übersetzer für IP-Netzwerkadressen ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ipnat.sys ---> TYPE = KERNEL_DRIVER 073) "IPSec" - IPSEC-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ipsec.sys ---> TYPE = KERNEL_DRIVER 074) "IRENUM" - IR-Enumeratordienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\irenum.sys ---> TYPE = KERNEL_DRIVER 075) "isapnp" - PnP-ISA/EISA-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\isapnp.sys ---> TYPE = KERNEL_DRIVER 076) "Kbdclass" - Tastaturklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdclass.sys ---> TYPE = KERNEL_DRIVER 077) "kbdhid" - Tastatur-HID-Treiber ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdhid.sys ---> TYPE = KERNEL_DRIVER 078) "kmixer" - Microsoft Kernel-Waveaudiomixer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\kmixer.sys ---> TYPE = KERNEL_DRIVER 079) "KSecDD" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 080) "lbrtfdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 081) "MIINPazX" - MIINPazX NDIS Protocol Driver ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\PROGRA~1\GEMEIN~1\MARMIK~1\MInfraIS\MIINPazX.SYS ---> TYPE = KERNEL_DRIVER 082) "mnmdd" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 083) "Modem" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 084) "Mouclass" - Mausklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mouclass.sys ---> TYPE = KERNEL_DRIVER 085) "mouhid" - Maus-HID-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mouhid.sys ---> TYPE = KERNEL_DRIVER 086) "MountMgr" - Bereitstellungspunkt-Manager ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 087) "mraid35x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 088) "MRxDAV" - Redirector für WebDav-Client ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mrxdav.sys ---> TYPE = FILE_SYSTEM_DRIVER 089) "MRxSmb" - MRXSMB ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mrxsmb.sys ---> TYPE = FILE_SYSTEM_DRIVER 090) "Msfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 091) "MSKSSRV" - Microsoft Streaming Service Proxy ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSKSSRV.sys ---> TYPE = KERNEL_DRIVER 092) "MSPCLOCK" - Microsoft Proxy für Streaming Clock ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPCLOCK.sys ---> TYPE = KERNEL_DRIVER 093) "MSPQM" - Microsoft Proxy für Streaming Quality Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPQM.sys ---> TYPE = KERNEL_DRIVER 094) "mssmbios" - Microsoft-Systemverwaltungs-BIOS-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mssmbios.sys ---> TYPE = KERNEL_DRIVER 095) "MSTEE" - Microsoft Streaming Tee/Sink-to-Sink-Konvertierung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSTEE.sys ---> TYPE = KERNEL_DRIVER 096) "ms_mpu401" - Microsoft MPU-401 MIDI UART-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\msmpu401.sys ---> TYPE = KERNEL_DRIVER 097) "MTOnlPktAlyX" - MTOnlPktAlyX NDIS Protocol Driver ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS ---> TYPE = KERNEL_DRIVER 098) "Mup" - Mup ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = FILE_SYSTEM_DRIVER 099) "NABTSFEC" - NABTS/FEC VBI-Codec ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\NABTSFEC.sys ---> TYPE = KERNEL_DRIVER 100) "NAVENG" - NAVENG ---> STAT = (RUNNING) Started manually ---> FILE = C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080730.003\NAVENG.Sys ---> TYPE = KERNEL_DRIVER 101) "NAVEX15" - NAVEX15 ---> STAT = (RUNNING) Started manually ---> FILE = C:\PROGRA~1\GEMEIN~1\SYMANT~1\VIRUSD~1\20080730.003\NavEx15.Sys ---> TYPE = KERNEL_DRIVER 102) "NDIS" - NDIS-Systemtreiber ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 103) "NdisIP" - Microsoft TV-/Videoverbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\NdisIP.sys ---> TYPE = KERNEL_DRIVER 104) "NdisTapi" - RAS-NDIS-TAPI-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndistapi.sys ---> TYPE = KERNEL_DRIVER 105) "Ndisuio" - NDIS-Benutzermodus-E/A-Protokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndisuio.sys ---> TYPE = KERNEL_DRIVER 106) "NdisWan" - RAS-NDIS-WAN-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndiswan.sys ---> TYPE = KERNEL_DRIVER 107) "NDProxy" - multi:NDIS-Proxy\00\00 ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 108) "NetBIOS" - NetBIOS-Schnittstelle ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbios.sys ---> TYPE = FILE_SYSTEM_DRIVER 109) "NetBT" - NetBios über TCP/IP ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbt.sys ---> TYPE = KERNEL_DRIVER 110) "NIC1394" - 1394-Netzwerktreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\nic1394.sys ---> TYPE = KERNEL_DRIVER 111) "nm" - Netzwerkmonitortreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\NMnt.sys ---> TYPE = KERNEL_DRIVER 112) "Npfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 113) "Ntfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 114) "Null" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 115) "NwlnkFlt" - Filtertreiber für IPX-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkflt.sys ---> TYPE = KERNEL_DRIVER 116) "NwlnkFwd" - Treiber für IPX-Verkehrsweiterleitung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkfwd.sys ---> TYPE = KERNEL_DRIVER 117) "ohci1394" - OHCI-konformer IEEE 1394-Hostcontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ohci1394.sys ---> TYPE = KERNEL_DRIVER 118) "Parport" - Treiber für parallelen Anschluss ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\parport.sys ---> TYPE = KERNEL_DRIVER 119) "PartMgr" - Partitions-Manager ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 120) "ParVdm" ---> STAT = (RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 121) "pavboot" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\drivers\pavboot.sys ---> TYPE = FILE_SYSTEM_DRIVER 122) "PCI" - PCI Bus Driver ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pci.sys ---> TYPE = KERNEL_DRIVER 123) "PCIDump" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 124) "PCIIde" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pciide.sys ---> TYPE = KERNEL_DRIVER 125) "Pcmcia" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 126) "PDCOMP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 127) "PDFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 128) "PDRELI" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 129) "PDRFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 130) "perc2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 131) "perc2hib" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 132) "PptpMiniport" - WAN-Miniport (PPTP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspptp.sys ---> TYPE = KERNEL_DRIVER 133) "PSched" - QoS-Paketplaner ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\psched.sys ---> TYPE = KERNEL_DRIVER 134) "Ptilink" - Treiber für direkte Parallelverbindung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ptilink.sys ---> TYPE = KERNEL_DRIVER 135) "PxHelp20" - PxHelp20 ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\PxHelp20.sys ---> TYPE = KERNEL_DRIVER 136) "QCDonner" - Logitech QuickCam Express ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\OVCD.sys ---> TYPE = KERNEL_DRIVER 137) "ql1080" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 138) "Ql10wnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 139) "ql12160" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 140) "ql1240" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 141) "ql1280" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 142) "RasAcd" - Treiber für automatische RAS-Verbindung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rasacd.sys ---> TYPE = KERNEL_DRIVER 143) "Rasl2tp" - WAN-Miniport (L2TP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rasl2tp.sys ---> TYPE = KERNEL_DRIVER 144) "RasPppoe" - Remotezugriff-PPPOE-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspppoe.sys ---> TYPE = KERNEL_DRIVER 145) "Raspti" - Parallelanschluss (direkt) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspti.sys ---> TYPE = KERNEL_DRIVER 146) "Rdbss" - Rdbss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rdbss.sys ---> TYPE = FILE_SYSTEM_DRIVER 147) "RDPCDD" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\RDPCDD.sys ---> TYPE = KERNEL_DRIVER 148) "rdpdr" - Treiber für Terminalserver-Geräteumleitung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rdpdr.sys ---> TYPE = KERNEL_DRIVER 149) "RDPWD" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 150) "redbook" - Filtertreiber für digitale CD-Audiowiedergabe ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\redbook.sys ---> TYPE = KERNEL_DRIVER 151) "SAVRKBootTasks" - Boot Tasks Driver ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\WINDOWS\system32\SAVRKBootTasks.sys ---> TYPE = KERNEL_DRIVER 152) "SAVRT" - SAVRT ---> STAT = (RUNNING) Started manually ---> FILE = C:\Programme\Norton AntiVirus\SAVRT.SYS ---> TYPE = KERNEL_DRIVER 153) "SAVRTPEL" - SAVRTPEL ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\Norton AntiVirus\SAVRTPEL.SYS ---> TYPE = KERNEL_DRIVER 154) "Secdrv" - Secdrv ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\secdrv.sys ---> TYPE = KERNEL_DRIVER 155) "serenum" - Serenum-Filtertreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\serenum.sys ---> TYPE = KERNEL_DRIVER 156) "Serial" - Treiber für seriellen Anschluss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\serial.sys ---> TYPE = KERNEL_DRIVER 157) "Sfloppy" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 158) "Simbad" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 159) "SISAGP" - SiS AGP Filter ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\SISAGPX.sys ---> TYPE = KERNEL_DRIVER 160) "SISNIC" - SiS PCI Fast Ethernet Adapter Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\sisnic.sys ---> TYPE = KERNEL_DRIVER 161) "SLIP" - BDA Slip De-Framer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\SLIP.sys ---> TYPE = KERNEL_DRIVER 162) "Sparrow" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 163) "SPBBCDrv" - SPBBCDrv ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys ---> TYPE = KERNEL_DRIVER 164) "splitter" - Microsoft Kernel-Audiosplitter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\splitter.sys ---> TYPE = KERNEL_DRIVER 165) "sr" - Filtertreiber für Systemwiederherstellung ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\sr.sys ---> TYPE = FILE_SYSTEM_DRIVER 166) "Srv" - Srv ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\srv.sys ---> TYPE = FILE_SYSTEM_DRIVER 167) "ssm_bus" - Samsung Mobile USB Device II 1.0 driver (WDM) ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ssm_bus.sys ---> TYPE = KERNEL_DRIVER 168) "ssm_mdfl" - Samsung Mobile USB Modem II 1.0 Filter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ssm_mdfl.sys ---> TYPE = KERNEL_DRIVER 169) "ssm_mdm" - Samsung Mobile USB Modem II 1.0 Drivers ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ssm_mdm.sys ---> TYPE = KERNEL_DRIVER 170) "streamip" - BDA-IPSink ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\StreamIP.sys ---> TYPE = KERNEL_DRIVER 171) "swenum" - Software-Bus-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\swenum.sys ---> TYPE = KERNEL_DRIVER 172) "swmidi" - Microsoft Kernel GS Wavetablesynthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\swmidi.sys ---> TYPE = KERNEL_DRIVER 173) "symc810" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 174) "symc8xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 175) "SYMDNS" ---> STAT = (RUNNING) Started manually ---> FILE = \SystemRoot\System32\Drivers\SYMDNS.SYS ---> TYPE = KERNEL_DRIVER 176) "SymEvent" ---> STAT = (RUNNING) Started manually ---> FILE = C:\Programme\Symantec\SYMEVENT.SYS ---> TYPE = KERNEL_DRIVER 177) "SYMFW" ---> STAT = (RUNNING) Started manually ---> FILE = \SystemRoot\System32\Drivers\SYMFW.SYS ---> TYPE = KERNEL_DRIVER 178) "SYMIDS" ---> STAT = (RUNNING) Started manually ---> FILE = \SystemRoot\System32\Drivers\SYMIDS.SYS ---> TYPE = KERNEL_DRIVER 179) "SYMIDSCO" ---> STAT = (RUNNING) Started manually ---> FILE = C:\PROGRA~1\GEMEIN~1\SYMANT~1\SymcData\idsdefs\20080729.001\symidsco.sys ---> TYPE = KERNEL_DRIVER 180) "symlcbrd" - symlcbrd ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\drivers\symlcbrd.sys ---> TYPE = KERNEL_DRIVER 181) "SYMNDIS" ---> STAT = (RUNNING) Started manually ---> FILE = \SystemRoot\System32\Drivers\SYMNDIS.SYS ---> TYPE = KERNEL_DRIVER 182) "SYMREDRV" ---> STAT = (RUNNING) Started manually ---> FILE = \SystemRoot\System32\Drivers\SYMREDRV.SYS ---> TYPE = KERNEL_DRIVER 183) "SYMTDI" - SYMTDI ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\Drivers\SYMTDI.SYS ---> TYPE = KERNEL_DRIVER 184) "sym_hi" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 185) "sym_u3" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 186) "sysaudio" - Microsoft Kernel-Systemaudiogerät ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sysaudio.sys ---> TYPE = KERNEL_DRIVER 187) "Tcpip" - TCP/IP-Protokolltreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\tcpip.sys ---> TYPE = KERNEL_DRIVER 188) "TDPIPE" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 189) "TDTCP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 190) "TermDD" - Terminal-Gerätetreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\termdd.sys ---> TYPE = KERNEL_DRIVER 191) "TosIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 192) "TSMPacket" - DSL-Manager Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\tsmpkt.sys ---> TYPE = KERNEL_DRIVER 193) "uagp35" - Microsoft AGPv3.5-Filter ---> STAT = (NOT RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\uagp35.sys ---> TYPE = KERNEL_DRIVER 194) "Udfs" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 195) "ultra" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 196) "UnlockerDriver5" ---> FILE = C:\Programme\Unlocker\UnlockerDriver5.sys ---> TYPE = KERNEL_DRIVER 197) "Update" - Microcode Updatetreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\update.sys ---> TYPE = KERNEL_DRIVER 198) "usbccgp" - Microsoft Standard-USB-Haupttreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbccgp.sys ---> TYPE = KERNEL_DRIVER 199) "usbehci" - Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbehci.sys ---> TYPE = KERNEL_DRIVER 200) "UsbFltr" - %SvcDisplayName% ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\copperhd.sys ---> TYPE = KERNEL_DRIVER 201) "usbhub" - USB2-aktivierter Hub ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbhub.sys ---> TYPE = KERNEL_DRIVER 202) "usbohci" - Miniporttreiber für Microsoft USB Open Host-Controller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbohci.sys ---> TYPE = KERNEL_DRIVER 203) "usbprint" - Microsoft USB-Druckerklasse ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbprint.sys ---> TYPE = KERNEL_DRIVER 204) "usbscan" - USB-Scannertreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbscan.sys ---> TYPE = KERNEL_DRIVER 205) "usbstor" - USB-Massenspeichertreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\USBSTOR.SYS ---> TYPE = KERNEL_DRIVER 206) "VgaSave" - VGA-Anzeigecontroller. ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\vga.sys ---> TYPE = KERNEL_DRIVER 207) "ViaIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 208) "VolSnap" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 209) "Wanarp" - RAS-IP-ARP-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\wanarp.sys ---> TYPE = KERNEL_DRIVER 210) "WDICA" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 211) "wdmaud" - Treiber für Microsoft WINMM-WDM-Audiokompatibilität ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\wdmaud.sys ---> TYPE = KERNEL_DRIVER 212) "WS2IFSL" - Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys ---> TYPE = KERNEL_DRIVER 213) "WSTCODEC" - World Standard Teletext-Codec ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\WSTCODEC.SYS ---> TYPE = KERNEL_DRIVER 214) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\WudfPf.sys ---> TYPE = KERNEL_DRIVER 215) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\wudfrd.sys ---> TYPE = KERNEL_DRIVER -----HKLM\system\currentcontrolset\services----- 000) "aawservice" - Lavasoft Ad-Aware Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Lavasoft\Ad-Aware\aawservice.exe ---> TYPE = OWN_SERVICE 001) "Alerter" - Warndienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 002) "ALG" - Gatewaydienst auf Anwendungsebene ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\alg.exe ---> TYPE = OWN_SERVICE 003) "AppMgmt" - Anwendungsverwaltung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 004) "aspnet_state" - ASP.NET State Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe ---> TYPE = OWN_SERVICE 005) "Ati HotKey Poller" ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\Ati2evxx.exe ---> TYPE = OWN_SERVICE 006) "ATI Smart" - ATI Smart ---> STAT = (NOT RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\ati2sgag.exe ---> TYPE = OWN_SERVICE 007) "AudioSrv" - Windows Audio ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 008) "Automatisches LiveUpdate - Scheduler" - Automatisches LiveUpdate - Scheduler ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe\ ---> TYPE = OWN_SERVICE 009) "BITS" - Intelligenter Hintergrundübertragungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 010) "Browser" - Computerbrowser ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 011) "ccEvtMgr" - Symantec Event Manager ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe\ ---> TYPE = OWN_SERVICE 012) "ccProxy" - Symantec Network Proxy ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe\ ---> TYPE = OWN_SERVICE 013) "ccSetMgr" - Symantec Settings Manager ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe\ ---> TYPE = OWN_SERVICE 014) "CiSvc" - Indexing Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\cisvc.exe ---> TYPE = SHARE_SERVICE 015) "ClipSrv" - Ablagemappe ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\clipsrv.exe ---> TYPE = OWN_SERVICE 016) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ---> TYPE = OWN_SERVICE 017) "COMSysApp" - COM+-Systemanwendung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ---> TYPE = OWN_SERVICE 018) "CryptSvc" - Kryptografiedienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 019) "DcomLaunch" - DCOM-Server-Prozessstart ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch ---> TYPE = SHARE_SERVICE 020) "Dhcp" - DHCP-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 021) "DJSNETCN" - Symantec Licensing Detect Internet Connection ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe\ ---> TYPE = OWN_SERVICE 022) "dmadmin" - Verwaltungsdienst für die Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\dmadmin.exe /com ---> TYPE = SHARE_SERVICE 023) "dmserver" - Verwaltung logischer Datenträger ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 024) "Dnscache" - DNS-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService ---> TYPE = SHARE_SERVICE 025) "Dot3svc" - Automatische Konfiguration (verkabelt) ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k dot3svc ---> TYPE = SHARE_SERVICE 026) "EapHost" - Extensible Authentication-Protokolldienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k eapsvcs ---> TYPE = SHARE_SERVICE 027) "ERSvc" - Error Reporting Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 028) "Eventlog" - Ereignisprotokoll ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 029) "EventSystem" - COM+-Ereignissystem ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 030) "FastUserSwitchingCompatibility" - Kompatibilität für schnelle Benutzerumschaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 031) "gusvc" - Google Updater Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe\ ---> TYPE = OWN_SERVICE 032) "helpsvc" - Hilfe und Support ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 033) "HidServ" - Eingabegerätezugang ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 034) "hkmsvc" - Integritätsschlüssel- und Zertifikatverwaltungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 035) "HTTPFilter" - HTTP-SSL ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter ---> TYPE = SHARE_SERVICE 036) "IDriverT" - InstallDriver Table Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe\ ---> TYPE = OWN_SERVICE 037) "ImapiService" - IMAPI-CD-Brenn-COM-Dienste ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\imapi.exe ---> TYPE = OWN_SERVICE 038) "ISSVC" - ISSvc ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Norton Personal Firewall\ISSVC.exe\ ---> TYPE = OWN_SERVICE 039) "lanmanserver" - Server ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 040) "lanmanworkstation" - Arbeitsstationsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 041) "LiveUpdate" - LiveUpdate ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE\ ---> TYPE = OWN_SERVICE 042) "LmHosts" - TCP/IP-NetBIOS-Hilfsprogramm ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 043) "MDM" - Machine Debug Manager ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe\ ---> TYPE = OWN_SERVICE 044) "Messenger" - Nachrichtendienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 045) "mnmsrvc" - NetMeeting-Remotedesktop-Freigabe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\mnmsrvc.exe ---> TYPE = OWN_SERVICE 046) "MSDTC" - Distributed Transaction Coordinator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msdtc.exe ---> TYPE = OWN_SERVICE 047) "MSIServer" - Windows Installer ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msiexec.exe /V ---> TYPE = SHARE_SERVICE 048) "napagent" - NAP-Agent (Network Access Protection) ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 049) "navapsvc" - Norton AntiVirus Auto-Protect-Dienst ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Norton AntiVirus\navapsvc.exe\ ---> TYPE = OWN_SERVICE 050) "NetDDE" - Netzwerk-DDE-Dienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 051) "NetDDEdsdm" - Netzwerk-DDE-Serverdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 052) "Netlogon" - Anmeldedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 053) "Netman" - Netzwerkverbindungen ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 054) "Nla" - NLA (Network Location Awareness) ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 055) "NPFMntor" - Norton AntiVirus Firewall Monitor Service ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe\ ---> TYPE = OWN_SERVICE 056) "NtLmSsp" - NT-LM-Sicherheitsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 057) "NtmsSvc" - Wechselmedien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 058) "PlugPlay" - Plug & Play ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 059) "Pml Driver HPZ12" - Pml Driver HPZ12 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\HPZipm12.exe ---> TYPE = OWN_SERVICE 060) "PolicyAgent" - IPSEC-Dienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 061) "ProtectedStorage" - Geschützter Speicher ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 062) "RasAuto" - Verwaltung für automatische RAS-Verbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 063) "RasMan" - RAS-Verbindungsverwaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 064) "RDSessMgr" - Sitzungs-Manager für Remotedesktophilfe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\sessmgr.exe ---> TYPE = OWN_SERVICE 065) "RegManServ" - Registry Management Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Registry Defragmentation\RegManServ.exe ---> TYPE = OWN_SERVICE 066) "RemoteAccess" - Routing und RAS ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 067) "RemoteRegistry" - Remote-Registrierung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 068) "RpcLocator" - RPC-Locator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\locator.exe ---> TYPE = OWN_SERVICE 069) "RpcSs" - Remoteprozeduraufruf (RPC) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k rpcss ---> TYPE = SHARE_SERVICE 070) "RSVP" - QoS-RSVP ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\rsvp.exe ---> TYPE = OWN_SERVICE 071) "SamSs" - Sicherheitskontenverwaltung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 072) "SAVScan" - SAVScan ---> STAT = (RUNNING) Started manually ---> FILE = \C:\Programme\Norton AntiVirus\SAVScan.exe\ ---> TYPE = OWN_SERVICE 073) "SBService" - ScriptBlocking Service ---> STAT = (NOT RUNNING) Started automatically ---> FILE = C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe ---> TYPE = OWN_SERVICE 074) "SCardSvr" - Smartcard ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\SCardSvr.exe ---> TYPE = SHARE_SERVICE 075) "Schedule" - Taskplaner ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 076) "seclogon" - Sekundäre Anmeldung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 077) "SENS" - Systemereignisbenachrichtigung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 078) "SharedAccess" - Windows-Firewall/Gemeinsame Nutzung der Internetverbindung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 079) "ShellHWDetection" - Shellhardwareerkennung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 080) "SNDSrvc" - Symantec Network Drivers Service ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe\ ---> TYPE = OWN_SERVICE 081) "SPBBCSvc" - Symantec SPBBCSvc ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe\ ---> TYPE = OWN_SERVICE 082) "Spooler" - Druckwarteschlange ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\spoolsv.exe ---> TYPE = OWN_SERVICE 083) "srservice" - Systemwiederherstellungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 084) "SSDPSRV" - SSDP-Suchdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 085) "stisvc" - Windows-Bilderfassung (WIA) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc ---> TYPE = SHARE_SERVICE 086) "SwPrv" - MS Software Shadow Copy Provider ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{37AE1847-A83A-48F5-9575-77C289D1F070} ---> TYPE = OWN_SERVICE 087) "Symantec Core LC" - Symantec Core LC ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe ---> TYPE = OWN_SERVICE 088) "SysmonLog" - Leistungsdatenprotokolle und Warnungen ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\smlogsvc.exe ---> TYPE = OWN_SERVICE 089) "TapiSrv" - Telefonie ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 090) "TDslMgrService" - DSL-Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe\ ---> TYPE = OWN_SERVICE 091) "TermService" - Terminaldienste ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch ---> TYPE = SHARE_SERVICE 092) "Themes" - Designs ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 093) "TlntSvr" - Telnet ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\tlntsvr.exe ---> TYPE = OWN_SERVICE 094) "TrkWks" - Überwachung verteilter Verknüpfungen (Client) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 095) "TUWinStylerThemeSvc" - TuneUp WinStyler Theme Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe\ ---> TYPE = OWN_SERVICE 096) "upnphost" - Universeller Plug & Play-Gerätehost ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 097) "UPS" - Uninterruptible Power Supply ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\ups.exe ---> TYPE = OWN_SERVICE 098) "VSS" - Volumeschattenkopie ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\vssvc.exe ---> TYPE = OWN_SERVICE 099) "W32Time" - Windows-Zeitgeber ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 100) "WebClient" - Webclient ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 101) "WinDefend" - Windows Defender ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Windows Defender\MsMpEng.exe\ ---> TYPE = OWN_SERVICE 102) "winmgmt" - Windows-Verwaltungsinstrumentation ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 103) "Winsock" ---> STAT = (RUNNING) Started manually ---> TYPE = ADAPTER 104) "WmdmPmSN" - Dienst für Seriennummern der tragbaren Medien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 105) "Wmi" - Treibererweiterungen für Windows-Verwaltungsinstrumentation ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 106) "WmiApSrv" - WMI-Leistungsadapter ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe ---> TYPE = OWN_SERVICE 107) "WMPNetworkSvc" - Windows Media Player-Netzwerkfreigabedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Windows Media Player\WMPNetwk.exe\ ---> TYPE = OWN_SERVICE 108) "wscsvc" - Sicherheitscenter ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 109) "wuauserv" - Automatische Updates ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 110) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ---> TYPE = SHARE_SERVICE 111) "WZCSVC" - Konfigurationsfreie drahtlose Verbindung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 112) "xmlprov" - Netzwerkversorgungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE ===================== SVCHOST INSTANCES ===================== HTTPFilter +---- HTTPFilter +---- %SystemRoot%\System32\w3ssl.dll LocalService +---- Alerter +---- %SystemRoot%\system32\alrsvc.dll +---- WebClient +---- %SystemRoot%\System32\webclnt.dll +---- LmHosts +---- %SystemRoot%\System32\lmhsvc.dll +---- RemoteRegistry +---- %SystemRoot%\system32\regsvc.dll +---- upnphost +---- %SystemRoot%\System32\upnphost.dll +---- SSDPSRV +---- %SystemRoot%\System32\ssdpsrv.dll NetworkService +---- DnsCache +---- %SystemRoot%\System32\dnsrslvr.dll netsvcs +---- 6to4 +---- AppMgmt +---- %SystemRoot%\System32\appmgmts.dll +---- AudioSrv +---- %SystemRoot%\System32\audiosrv.dll +---- Browser +---- %SystemRoot%\System32\browser.dll +---- CryptSvc +---- %SystemRoot%\System32\cryptsvc.dll +---- DMServer +---- %SystemRoot%\System32\dmserver.dll +---- DHCP +---- %SystemRoot%\System32\dhcpcsvc.dll +---- ERSvc +---- %SystemRoot%\System32\ersvc.dll +---- EventSystem +---- C:\WINDOWS\system32\es.dll +---- FastUserSwitchingCompatibility +---- %SystemRoot%\System32\shsvcs.dll +---- HidServ +---- %SystemRoot%\System32\hidserv.dll +---- Ias +---- Iprip +---- Irmon +---- LanmanServer +---- %SystemRoot%\System32\srvsvc.dll +---- LanmanWorkstation +---- %SystemRoot%\System32\wkssvc.dll +---- Messenger +---- %SystemRoot%\System32\msgsvc.dll +---- Netman +---- %SystemRoot%\System32\netman.dll +---- Nla +---- %SystemRoot%\System32\mswsock.dll +---- Ntmssvc +---- %SystemRoot%\system32\ntmssvc.dll +---- NWCWorkstation +---- Nwsapagent +---- Rasauto +---- %SystemRoot%\System32\rasauto.dll +---- Rasman +---- %SystemRoot%\System32\rasmans.dll +---- Remoteaccess +---- %SystemRoot%\System32\mprdim.dll +---- Schedule +---- %SystemRoot%\system32\schedsvc.dll +---- Seclogon +---- %SystemRoot%\System32\seclogon.dll +---- SENS +---- %SystemRoot%\system32\sens.dll +---- Sharedaccess +---- %SystemRoot%\System32\ipnathlp.dll +---- SRService +---- C:\WINDOWS\system32\srsvc.dll +---- Tapisrv +---- %SystemRoot%\System32\tapisrv.dll +---- Themes +---- %SystemRoot%\System32\shsvcs.dll +---- TrkWks +---- %SystemRoot%\system32\trkwks.dll +---- W32Time +---- %systemroot%\system32\w32time.dll +---- WZCSVC +---- %SystemRoot%\System32\wzcsvc.dll +---- Wmi +---- %SystemRoot%\System32\advapi32.dll +---- WmdmPmSp +---- winmgmt +---- %SystemRoot%\system32\wbem\WMIsvc.dll +---- wscsvc +---- %SYSTEMROOT%\system32\wscsvc.dll +---- xmlprov +---- %SystemRoot%\System32\xmlprov.dll +---- BITS +---- %systemroot%\system32\qmgr.dll +---- wuauserv +---- C:\WINDOWS\system32\wuauserv.dll +---- ShellHWDetection +---- %SystemRoot%\System32\shsvcs.dll +---- helpsvc +---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll +---- WmdmPmSN +---- C:\WINDOWS\system32\MsPMSNSv.dll +---- napagent +---- %SystemRoot%\System32\qagentrt.dll +---- hkmsvc +---- %SystemRoot%\System32\kmsvc.dll DcomLaunch +---- DcomLaunch +---- %SystemRoot%\system32\rpcss.dll +---- TermService +---- %SystemRoot%\System32\termsrv.dll rpcss +---- RpcSs +---- %SystemRoot%\System32\rpcss.dll imgsvc +---- StiSvc +---- %SystemRoot%\system32\wiaservc.dll termsvcs +---- TermService +---- %SystemRoot%\System32\termsrv.dll WudfServiceGroup +---- WUDFSvc +---- %SystemRoot%\System32\WUDFSvc.dll eapsvcs +---- eaphost +---- %SystemRoot%\System32\eapsvc.dll dot3svc +---- dot3svc +---- %SystemRoot%\System32\dot3svc.dll ===================== LOADED MODULES ===================== *** NOTE *** Process uuoywfrygn.exe belongs to SystemScan Already known legit dlls are not shown ------------------------------------------------------------------------------ System pid: 4 Command line: ------------------------------------------------------------------------------ smss.exe pid: 948 Command line: \SystemRoot\System32\smss.exe Base Size Version Path 0x48580000 0xf000 \SystemRoot\System32\smss.exe ------------------------------------------------------------------------------ csrss.exe pid: 1060 Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Base Size Version Path 0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe 0x75ae0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\CSRSRV.dll 0x75af0000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\basesrv.dll 0x75b00000 0x4b000 5.01.2600.5512 C:\WINDOWS\system32\winsrv.dll ------------------------------------------------------------------------------ winlogon.exe pid: 1088 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe 0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x10000000 0x10000 6.14.0010.4119 C:\WINDOWS\system32\Ati2evxx.dll 0x01250000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x74e70000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemprox.dll 0x74e50000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x76750000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x74900000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll ------------------------------------------------------------------------------ services.exe pid: 1136 Command line: C:\WINDOWS\system32\services.exe Base Size Version Path 0x01000000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\services.exe 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x77b40000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\SCESRV.dll 0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll 0x7dbb0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\umpnpmgr.dll 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x47440000 0xf000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcAdProc.dll 0x772d0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\eventlog.dll ------------------------------------------------------------------------------ lsass.exe pid: 1148 Command line: C:\WINDOWS\system32\lsass.exe Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\lsass.exe 0x753d0000 0xb7000 5.01.2600.5512 C:\WINDOWS\system32\LSASRV.dll 0x76750000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x743c0000 0x6e000 5.01.2600.5512 C:\WINDOWS\system32\SAMSRV.dll 0x76740000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x4d200000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\msprivs.dll 0x71c70000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\kerberos.dll 0x74430000 0x65000 5.01.2600.5512 C:\WINDOWS\system32\netlogon.dll 0x76770000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x767a0000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\schannel.dll 0x742f0000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\wdigest.dll 0x7d520000 0x31000 5.01.2600.5512 C:\WINDOWS\system32\scecli.dll 0x74350000 0x30000 5.01.2600.5512 C:\WINDOWS\system32\ipsecsvc.dll 0x77690000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll 0x756c0000 0xd0000 5.01.2600.5512 C:\WINDOWS\system32\oakley.DLL 0x742e0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\WINIPSEC.DLL 0x74310000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\pstorsvc.dll 0x74330000 0x1b000 5.01.2600.5512 C:\WINDOWS\system32\psbase.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll ------------------------------------------------------------------------------ ati2evxx.exe pid: 1308 Command line: C:\WINDOWS\system32\Ati2evxx.exe Base Size Version Path 0x00400000 0x61000 6.14.0010.4119 C:\WINDOWS\system32\Ati2evxx.exe 0x00bd0000 0xf000 6.14.0010.2497 C:\WINDOWS\system32\Ati2edxx.dll ------------------------------------------------------------------------------ svchost.exe pid: 1320 Command line: C:\WINDOWS\system32\svchost -k DcomLaunch Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll 0x76ad0000 0x11000 3.05.2284.0001 c:\windows\system32\ATL.DLL ------------------------------------------------------------------------------ svchost.exe pid: 1392 Command line: C:\WINDOWS\system32\svchost -k rpcss Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll ------------------------------------------------------------------------------ MsMpEng.exe pid: 1484 Command line: "C:\Programme\Windows Defender\MsMpEng.exe" Base Size Version Path 0x01000000 0x4000 1.01.1593.0000 C:\Programme\Windows Defender\MsMpEng.exe 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x5c800000 0x44000 1.01.1593.0000 C:\Programme\Windows Defender\MpSvc.dll 0x7c420000 0x87000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll 0x5b800000 0x4f000 1.01.1593.0000 C:\Programme\Windows Defender\MpClient.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x5a100000 0x38e000 1.01.3806.0000 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Windows Defender\Definition Updates\{8C78CB7A-5947-4E84-8E10-B8C86C5B23A6}\mpengine.dll 0x5e800000 0xf000 1.01.1593.0000 C:\Programme\Windows Defender\mprtplug.dll ------------------------------------------------------------------------------ svchost.exe pid: 1528 Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\System32\svchost.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll 0x745c0000 0xb000 5.01.2600.5512 c:\windows\system32\EapolQec.dll 0x76ad0000 0x11000 3.05.2284.0001 c:\windows\system32\ATL.DLL 0x61900000 0x16000 5.01.2600.5512 c:\windows\system32\QUtil.dll 0x76020000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll 0x5f8f0000 0xa000 5.01.2600.5512 c:\windows\system32\dot3api.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\System32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x767a0000 0x27000 5.01.2600.5512 C:\WINDOWS\System32\SCHANNEL.dll 0x76750000 0x13000 5.01.2600.5512 c:\windows\system32\NTDSAPI.dll 0x5af90000 0x6b000 6.07.2600.5512 c:\windows\system32\qmgr.dll 0x74ec0000 0xc000 5.01.2600.5512 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 0x776e0000 0x42000 2001.12.4414.0701 c:\windows\system32\es.dll 0x74f10000 0x9000 2600.5512.0503.0000 c:\windows\system32\dmserver.dll 0x76bc0000 0x2f000 5.01.2600.5512 c:\windows\system32\credui.dll 0x71260000 0x6000 5.01.2600.5512 c:\windows\system32\dot3dlg.dll 0x72760000 0x28000 5.01.2600.5512 c:\windows\system32\OneX.DLL 0x6db40000 0x22000 5.01.2600.5512 c:\windows\system32\eappcfg.dll 0x47700000 0xe000 5.01.2600.5512 c:\windows\system32\eappprxy.dll 0x50000000 0x5000 5.04.3790.5512 c:\windows\system32\wuauserv.dll 0x4f110000 0x28000 5.01.2600.5512 c:\windows\system32\wbem\wmisvc.dll 0x50040000 0x1a2000 7.00.6000.0381 C:\WINDOWS\system32\wuaueng.dll 0x750d0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\Cabinet.dll 0x604a0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\mspatcha.dll 0x76770000 0x2d000 5.01.2600.5512 c:\windows\system32\w32time.dll 0x77690000 0x12000 5.01.2600.5512 c:\windows\system32\AUTHZ.dll 0x742e0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\WINIPSEC.DLL 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll 0x58030000 0x36000 5.01.2600.5512 C:\WINDOWS\System32\unimdm.tsp 0x580b0000 0xb000 5.01.2600.5512 C:\WINDOWS\System32\kmddsp.tsp 0x58090000 0x10000 5.01.2600.5512 C:\WINDOWS\System32\ndptsp.tsp 0x580c0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\ipconf.tsp 0x580e0000 0x46000 5.01.2600.5512 C:\WINDOWS\System32\h323.tsp 0x580d0000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\hidphone.tsp 0x71c70000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\kerberos.dll 0x76740000 0xc000 5.01.2600.5512 C:\WINDOWS\System32\cryptdll.dll 0x4db70000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\RASQEC.DLL 0x74900000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x74e50000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\wbem\wbemsvc.dll ------------------------------------------------------------------------------ svchost.exe pid: 1568 Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x76ee0000 0x27000 5.01.2600.5625 c:\windows\system32\DNSAPI.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ svchost.exe pid: 1620 Command line: C:\WINDOWS\system32\svchost.exe -k LocalService Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x76aa0000 0x12000 5.01.2600.5512 c:\windows\system32\regsvc.dll ------------------------------------------------------------------------------ CCPROXY.EXE pid: 1912 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe" ------------------------------------------------------------------------------ CCSETMGR.EXE pid: 1924 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe" ------------------------------------------------------------------------------ ISSVC.exe pid: 1936 Command line: "C:\Programme\Norton Personal Firewall\ISSVC.exe" ------------------------------------------------------------------------------ SNDSrvc.exe pid: 1948 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe" ------------------------------------------------------------------------------ SPBBCSvc.exe pid: 1968 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe" ------------------------------------------------------------------------------ ati2evxx.exe pid: 280 Command line: Ati2evxx.exe -Client Base Size Version Path 0x00400000 0x61000 6.14.0010.4119 C:\WINDOWS\system32\Ati2evxx.exe 0x00c20000 0xf000 6.14.0010.2497 C:\WINDOWS\system32\Ati2edxx.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll ------------------------------------------------------------------------------ explorer.exe pid: 364 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\Explorer.EXE 0x75f20000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll 0x7e1e0000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\SHDOCVW.dll 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x5b9b0000 0x72000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll 0x76320000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll 0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x7c420000 0x87000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll 0x71cc0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll 0x76930000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x76bc0000 0x2f000 5.01.2600.5512 C:\WINDOWS\system32\credui.dll 0x5f8f0000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\dot3api.dll 0x71260000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dot3dlg.dll 0x72760000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\OneX.DLL 0x6db40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\eappcfg.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x47700000 0xe000 5.01.2600.5512 C:\WINDOWS\system32\eappprxy.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x765c0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\stobject.dll 0x74a70000 0xa000 6.00.2900.5512 C:\WINDOWS\system32\BatMeter.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x75f00000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll 0x71b90000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll 0x71c50000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll 0x71c10000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll 0x75f10000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll 0x00ac0000 0x6000 C:\Programme\Unlocker\UnlockerCOM.dll 0x02a40000 0x35000 11.00.0016.0002 C:\Programme\Norton AntiVirus\NavShExt.dll 0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x6af30000 0x3d000 103.00.0011.0004 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccL30.dll 0x01780000 0x12000 1.01.0000.0000 C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll 0x02a80000 0x2c000 C:\Programme\WinRAR\rarext.dll 0x71600000 0x13000 6.00.2900.5512 C:\WINDOWS\system32\browselc.dll 0x6c670000 0x4d000 5.01.2600.5512 C:\WINDOWS\system32\DUSER.dll 0x035d0000 0x4c000 8.00.0000.0000 C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU 0x71800000 0x8e000 6.00.2900.5512 C:\WINDOWS\system32\shdoclc.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x73aa0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\mscms.dll 0x79000000 0x45000 2.00.50727.0832 C:\WINDOWS\system32\mscoree.dll 0x641f0000 0x1d000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll 0x60610000 0x6000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll 0x60340000 0x8000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll 0x64220000 0x18000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll 0x73620000 0x7000 6.05.2600.5512 C:\WINDOWS\system32\msdmo.dll 0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll 0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\DCIMAN32.dll 0x07e10000 0x11b000 1.01.0017.2243 C:\Programme\Gemeinsame Dateien\Ahead\Lib\AdvrCntr.dll 0x50640000 0x9000 7.00.6000.0381 C:\WINDOWS\system32\wups.dll ------------------------------------------------------------------------------ CCEVTMGR.EXE pid: 616 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe" ------------------------------------------------------------------------------ aawservice.exe pid: 1020 Command line: C:\Programme\Lavasoft\Ad-Aware\aawservice.exe Base Size Version Path 0x00400000 0x97000 7.01.0000.0012 C:\Programme\Lavasoft\Ad-Aware\aawservice.exe 0x10000000 0xc5000 7.01.0000.0012 C:\Programme\Lavasoft\Ad-Aware\CEAPI.dll 0x004a0000 0x21b000 8.04.1045.0000 C:\Programme\Lavasoft\Ad-Aware\PKArchive85u.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ------------------------------------------------------------------------------ spoolsv.exe pid: 1576 Command line: C:\WINDOWS\system32\spoolsv.exe Base Size Version Path 0x01000000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\spoolsv.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll 0x10000000 0x2e000 2.323.0000.0000 C:\WINDOWS\system32\hpzsnt10.dll 0x009a0000 0xc000 C:\WINDOWS\system32\PDFreDirectMonNT.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll 0x76750000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\NTDSAPI.dll ------------------------------------------------------------------------------ atiptaxx.exe pid: 228 Command line: "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" Base Size Version Path 0x00400000 0x55000 6.14.0010.5166 C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x00a80000 0x41000 6.14.0010.5166 C:\Programme\ATI Technologies\ATI Control Panel\atipdsxx.dll 0x00ad0000 0x27000 6.14.0010.5166 C:\PROGRAMME\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.DEU 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x00c60000 0x13000 6.14.0010.5166 C:\Programme\ATI Technologies\ATI Control Panel\atipdxxx.dll 0x6d2f0000 0x39000 5.03.2600.5512 C:\WINDOWS\system32\DINPUT8.dll ------------------------------------------------------------------------------ CCAPP.EXE pid: 240 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" ------------------------------------------------------------------------------ Dit.exe pid: 256 Command line: "C:\WINDOWS\Dit.exe" Base Size Version Path 0x00400000 0x1f000 C:\WINDOWS\Dit.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll ------------------------------------------------------------------------------ jusched.exe pid: 288 Command line: "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" Base Size Version Path 0x00400000 0x21000 6.00.0030.0005 C:\Programme\Java\jre1.6.0_03\bin\jusched.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ------------------------------------------------------------------------------ ToADiMon.exe pid: 276 Command line: "C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" -TOnlineAutodialStart Base Size Version Path 0x00400000 0x4a000 6.26.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe 0x22300000 0x1e000 6.20.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHlp.dll 0x22400000 0xf000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHRC.dll 0x20700000 0x11000 6.15.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MMSOSINQ.dll 0x20a00000 0x2b000 6.36.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MSYSTINQ.dll 0x10000000 0x14000 6.07.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MLIB32.dll 0x22500000 0xd000 6.07.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x00ba0000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x00bb0000 0x49000 6.17.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMRC.dll ------------------------------------------------------------------------------ UnlockerAssistant.exe pid: 452 Command line: "C:\Programme\Unlocker\UnlockerAssistant.exe" Base Size Version Path 0x00400000 0x6000 C:\Programme\Unlocker\UnlockerAssistant.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll ------------------------------------------------------------------------------ hpwuSchd2.exe pid: 516 Command line: "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" Base Size Version Path 0x00400000 0xc000 2.00.0039.0000 C:\Programme\HP\HP Software Update\HPWuSchd2.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll ------------------------------------------------------------------------------ hpcmpmgr.exe pid: 532 Command line: "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" Base Size Version Path 0x00400000 0x3b000 2.01.0001.0000 C:\Programme\HP\hpcoretech\hpcmpmgr.exe 0x7c000000 0x54000 7.00.9466.0000 C:\Programme\HP\hpcoretech\HPVCR70.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x750d0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\Cabinet.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x69b10000 0x13c000 4.20.9848.0000 C:\WINDOWS\system32\MSXML4.dll 0x75dc0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll ------------------------------------------------------------------------------ ctfmon.exe pid: 548 Command line: "C:\WINDOWS\system32\ctfmon.exe" Base Size Version Path 0x00400000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\ctfmon.exe 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x60010000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\MSUTB.dll 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll ------------------------------------------------------------------------------ TeaTimer.exe pid: 592 Command line: "C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" Base Size Version Path 0x00400000 0x20b000 1.05.0002.0016 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x76320000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\msimg32.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x7e400000 0x89000 5.02.3790.4110 C:\WINDOWS\system32\hhctrl.ocx 0x68da0000 0x18000 4.74.9273.0000 C:\WINDOWS\system32\mui\0007\hhctrlui.dll 0x65f40000 0x7000 6.00.2900.5512 C:\WINDOWS\system32\jsproxy.dll 0x02ec0000 0xe6000 1.05.0004.0005 C:\Programme\Spybot - Search & Destroy\advcheck.dll ------------------------------------------------------------------------------ AluSchedulerSvc.exe pid: 1268 Command line: "C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe" ------------------------------------------------------------------------------ DitExp.exe pid: 1188 Command line: DitExp.exe Base Size Version Path 0x00400000 0x10000 C:\WINDOWS\DitExp.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x75f20000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\browseui.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x75f00000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll 0x71b90000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll 0x71c50000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll 0x71c10000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll 0x75f10000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x73b10000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll 0x74a60000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll ------------------------------------------------------------------------------ msmsgs.exe pid: 1696 Command line: "C:\Programme\Messenger\msmsgs.exe" /background Base Size Version Path 0x01000000 0x1a3000 4.07.0000.3001 C:\Programme\Messenger\msmsgs.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x76320000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll 0x76740000 0xc000 5.01.2600.5512 C:\WINDOWS\system32\cryptdll.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x00910000 0x6c000 5.01.2600.5512 C:\WINDOWS\system32\XPOB2RES.DLL 0x776e0000 0x42000 2001.12.4414.0701 C:\WINDOWS\system32\es.dll ------------------------------------------------------------------------------ DJSNETCN.exe pid: 1704 Command line: "C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe" ------------------------------------------------------------------------------ mdm.exe pid: 2076 Command line: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe" Base Size Version Path 0x00400000 0x44000 7.00.9064.9150 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ------------------------------------------------------------------------------ NPFMNTOR.EXE pid: 2132 Command line: "C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe" ------------------------------------------------------------------------------ RegManServ.exe pid: 2300 Command line: "C:\Programme\Registry Defragmentation\RegManServ.exe" Base Size Version Path 0x00400000 0xe000 C:\Programme\Registry Defragmentation\RegManServ.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ------------------------------------------------------------------------------ svchost.exe pid: 2528 Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc Base Size Version Path 0x01000000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x75b50000 0x55000 5.01.2600.5512 c:\windows\system32\wiaservc.dll 0x74a60000 0x7000 5.01.2600.5512 c:\windows\system32\CFGMGR32.dll 0x73aa0000 0x15000 5.01.2600.5512 c:\windows\system32\mscms.dll 0x71cc0000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll 0x73b10000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll ------------------------------------------------------------------------------ symlcsvc.exe pid: 2556 Command line: "C:\PROGRAMME\GEMEINSAME DATEIEN\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE" ------------------------------------------------------------------------------ hptskmgr.exe pid: 2704 Command line: C:\Programme\HP\hpcoretech\comp\hptskmgr.exe -Embedding Base Size Version Path 0x00400000 0x22000 2.01.0005.0000 C:\Programme\HP\hpcoretech\comp\hptskmgr.exe 0x779b0000 0x9b000 2.40.4517.0000 C:\WINDOWS\system32\HPVAUT32.dll 0x7c080000 0x77000 7.00.9466.0000 C:\WINDOWS\system32\HPVCP70.dll 0x7c000000 0x54000 7.00.9466.0000 C:\WINDOWS\system32\HPVCR70.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x01690000 0x19000 2.01.0005.0000 C:\Programme\HP\hpcoretech\HPCmpMgr.dll 0x69b10000 0x13c000 4.20.9848.0000 C:\WINDOWS\system32\MSXML4.dll 0x75dc0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll 0x02410000 0x20000 2.01.0005.0000 C:\Programme\HP\hpcoretech\comp\hpschedr.dll ------------------------------------------------------------------------------ alg.exe pid: 3376 Command line: C:\WINDOWS\System32\alg.exe Base Size Version Path 0x01000000 0xd000 5.01.2600.5512 C:\WINDOWS\System32\alg.exe 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\System32\ATL.DLL 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\MSWSOCK.DLL 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ kernel.exe pid: 2332 Command line: "C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe" Base Size Version Path 0x00400000 0x3e3000 2.17.0000.0001 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x73250000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RICHED32.DLL 0x74db0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll 0x019f0000 0x18000 6.13.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADial.dll 0x22300000 0x1e000 6.20.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHlp.dll 0x22400000 0xf000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADialHRC.dll 0x20700000 0x11000 6.15.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MMSOSINQ.dll 0x20a00000 0x2b000 6.36.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MSYSTINQ.dll 0x01a10000 0x14000 6.07.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MLIB32.dll 0x22500000 0xd000 6.07.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll 0x01ab0000 0x12000 6.05.0002.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToCnfWCI.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x01af0000 0x15000 6.19.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToCnfAMP.dll 0x21700000 0x66000 6.53.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MToCfPrf.dll 0x01b10000 0x24000 6.20.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MACnfAcM.dll 0x01b40000 0x16000 6.17.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTolA132.dll 0x01bb0000 0x51000 6.58.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToDialer.dll 0x01c10000 0x7a000 6.26.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\WLaCSeH.dll 0x01c90000 0x63000 6.08.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MaLaRA.dll 0x20200000 0x27000 6.72.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MDun32.dll 0x01d00000 0x1e000 6.22.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MADialer.dll 0x01d20000 0x20000 1.04.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAly.dll 0x01e00000 0xce000 2.18.0000.0002 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\guistartcenter.dll 0x20c00000 0x15f000 6.64.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MToCfg32.dll 0x023b0000 0x2c000 6.25.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MCompIDB.dll 0x20100000 0x10000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MCommHlp.dll 0x5f1a0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\OLEPRO32.DLL 0x02960000 0x125000 6.48.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MToCfgRC.dll 0x02b90000 0x58000 6.09.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToCnfWiz.dll 0x02420000 0x37000 6.05.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToCnfWRC.dll 0x02bf0000 0x4000 6.02.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiRC.dll 0x03520000 0x1a000 6.30.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToDialRC.dll 0x7e1e0000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\shdocvw.dll 0x71800000 0x8e000 6.00.2900.5512 C:\WINDOWS\system32\shdoclc.dll 0x7dbe0000 0x2f7000 6.00.2900.5583 C:\WINDOWS\system32\mshtml.dll 0x74640000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll 0x75dc0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\MLANG.dll 0x04660000 0x3000 6.20.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MToCfPRC.dll 0x74670000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\msimtf.dll 0x04680000 0x14000 11.00.0016.0002 C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\scrauth.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x046b0000 0x13000 11.00.0016.0002 C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\ScrBlock.dll 0x6af30000 0x3d000 103.00.0011.0004 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccL30.dll 0x6b180000 0x12000 103.00.0011.0004 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccVrTrst.dll 0x66d10000 0xc000 6.00.2900.5512 C:\WINDOWS\system32\ImgUtil.dll 0x5e6e0000 0xc000 6.00.2900.5512 C:\WINDOWS\system32\pngfilt.dll 0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x046d0000 0xd0000 2.14.0000.0003 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\update_abocfg.dll 0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll 0x73270000 0x69000 5.07.0000.18066 c:\windows\system32\vbscript.dll 0x30000000 0x2ee000 9.00.0028.0000 C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx 0x75d40000 0x71000 6.00.2900.5512 C:\WINDOWS\system32\mshtmled.dll 0x767a0000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\schannel.dll 0x6d910000 0xa000 5.03.2600.5512 C:\WINDOWS\system32\ddrawex.dll 0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll ------------------------------------------------------------------------------ sc_watch.exe pid: 3948 Command line: C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe 328058 Base Size Version Path 0x00400000 0x1b000 2.17.0000.0002 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll ------------------------------------------------------------------------------ PROFIL~1.EXE pid: 2420 Command line: C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE -Embedding Base Size Version Path 0x00400000 0xc6000 2.18.0000.0001 C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x73250000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RICHED32.DLL 0x74db0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll 0x022a0000 0x13000 6.03.0001.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MCSTools.dll ------------------------------------------------------------------------------ Notifier.exe pid: 2040 Command line: C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe -Embedding Base Size Version Path 0x00400000 0x5c000 6.04.0000.0002 C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x10000000 0xaf000 C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\LIBCURL.dll 0x00340000 0x24000 C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\LIBEXPAT.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x01370000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x01390000 0xd7000 6.04.0000.0001 C:\Programme\T-Online\T-Online_Software_6\Notifier\PlugIn\eMailPlugIn.dll 0x01780000 0xe5000 2.00.0000.0568 C:\Programme\T-Online\T-Online_Software_6\Notifier\Bin\tollay32.dll 0x5f1a0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\OLEPRO32.DLL 0x75ec0000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\MSVFW32.dll 0x76320000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\msimg32.dll 0x01990000 0x62000 1.00.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Notifier\Layout\NotifierRes.dll 0x2d600000 0x24000 6.00.0000.0500 C:\Programme\T-Online\T-Online_Software_6\Notifier\Bin\funTNCRand.dll 0x2d500000 0xe0000 6.00.0000.0502 C:\Programme\T-Online\T-Online_Software_6\Notifier\Bin\funTNCProtocol.dll 0x2d300000 0xad000 6.00.0000.0501 C:\Programme\T-Online\T-Online_Software_6\Notifier\Bin\funTNCLayer.dll 0x2d700000 0x1b000 6.00.0000.0501 C:\Programme\T-Online\T-Online_Software_6\Notifier\Bin\funTNCText.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll ------------------------------------------------------------------------------ NAVAPSVC.EXE pid: 2788 Command line: "C:\Programme\Norton AntiVirus\navapsvc.exe" ------------------------------------------------------------------------------ SAVSCAN.EXE pid: 3080 Command line: "C:\Programme\Norton AntiVirus\SAVScan.exe" ------------------------------------------------------------------------------ MInfraIS.exe pid: 2884 Command line: "C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MInfraIS.exe" /ClientStart Base Size Version Path 0x00400000 0x5c000 6.02.0005.0000 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MInfraIS.exe 0x10000000 0x20000 6.02.0002.0000 C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPaz.dll 0x5f1a0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\OLEPRO32.DLL 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x00940000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ browser.exe pid: 2280 Command line: C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE http://www.t-online.de/service/redir/tosw6_sc_startseite_breitband.htm Base Size Version Path 0x60a00000 0x215000 6.05.0000.0003 C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x75f20000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\browseui.dll 0x7e1e0000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\shdocvw.dll 0x71800000 0x8e000 6.00.2900.5512 C:\WINDOWS\system32\shdoclc.dll 0x75dc0000 0x91000 6.00.2900.5512 C:\WINDOWS\system32\mlang.dll 0x7dbe0000 0x2f7000 6.00.2900.5583 C:\WINDOWS\system32\mshtml.dll 0x74640000 0x27000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll 0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x025f0000 0x14000 11.00.0016.0002 C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\scrauth.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll 0x02620000 0x13000 11.00.0016.0002 C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\ScrBlock.dll 0x6af30000 0x3d000 103.00.0011.0004 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccL30.dll 0x6b180000 0x12000 103.00.0011.0004 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccVrTrst.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll 0x22000000 0x1d000 6.09.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AAdHnd.DLL 0x22500000 0xd000 6.07.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll 0x73270000 0x69000 5.07.0000.18066 c:\windows\system32\vbscript.dll 0x74900000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x75d40000 0x71000 6.00.2900.5512 C:\WINDOWS\system32\mshtmled.dll 0x6c290000 0x36000 6.03.2900.5512 C:\WINDOWS\system32\dxtrans.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x6d910000 0xa000 5.03.2600.5512 C:\WINDOWS\system32\ddrawex.dll 0x736d0000 0x4b000 5.03.2600.5512 C:\WINDOWS\system32\DDRAW.dll 0x6c2d0000 0x5a000 6.03.2900.5512 C:\WINDOWS\system32\dxtmsft.dll 0x767a0000 0x27000 5.01.2600.5512 C:\WINDOWS\system32\schannel.dll 0x66d10000 0xc000 6.00.2900.5512 C:\WINDOWS\system32\ImgUtil.dll 0x68100000 0x26000 5.01.2600.5507 C:\WINDOWS\system32\dssenh.dll 0x30000000 0x2ee000 9.00.0028.0000 C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx 0x20000000 0xc0000 5.01.2600.5512 C:\WINDOWS\system32\xpsp3res.dll 0x60320000 0x26000 6.00.2900.5512 C:\WINDOWS\system32\MSRATING.dll 0x60350000 0x12000 6.00.2600.0000 C:\WINDOWS\system32\msratelc.dll ------------------------------------------------------------------------------ dlman.exe pid: 2860 Command line: c:\programme\t-online\t-online_software_6\browser\dlman.exe Base Size Version Path 0x60900000 0x188000 6.04.0000.0005 c:\programme\t-online\t-online_software_6\browser\dlman.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll 0x4eba0000 0x1a6000 5.01.3102.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x73b30000 0x6000 5.01.2600.5512 C:\WINDOWS\system32\dciman32.dll 0x75f20000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\browseui.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x7e1e0000 0x171000 6.00.2900.5512 C:\WINDOWS\system32\shdocvw.dll 0x75f00000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll 0x71b90000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll 0x71c50000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll 0x71c10000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll 0x75f10000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x73b10000 0x14000 5.01.2600.5512 C:\WINDOWS\system32\sti.dll 0x74a60000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\CFGMGR32.dll 0x76930000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll 0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll 0x22000000 0x1d000 6.09.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AAdHnd.DLL 0x22500000 0xd000 6.07.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll 0x5f800000 0x16000 1.01.1593.0000 C:\PROGRA~1\WINDOW~4\MpShHook.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x7c420000 0x87000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCP80.dll ------------------------------------------------------------------------------ sys3645.exe pid: 1592 Command line: "C:\Dokumente und Einstellungen\Ludwig\Desktop\sys3645.exe" Base Size Version Path 0x00400000 0x39000 C:\Dokumente und Einstellungen\Ludwig\Desktop\sys3645.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll ------------------------------------------------------------------------------ runme.exe pid: 2692 Command line: runme.exe Base Size Version Path 0x00400000 0x63000 C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nsy1BA.tmp\runme.exe 0x73390000 0x153000 6.00.0098.0002 C:\WINDOWS\system32\MSVBVM60.DLL 0x66630000 0x22000 6.00.0089.0088 C:\WINDOWS\system32\VB6DE.DLL 0x746a0000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x4000 C:\Programme\Unlocker\UnlockerHook.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x01400000 0x13000 11.00.0016.0002 C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\ScrBlock.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x6af30000 0x3d000 103.00.0011.0004 C:\Programme\Gemeinsame Dateien\Symantec Shared\ccL30.dll 0x01430000 0x14000 11.00.0016.0002 C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking\scrauth.dll 0x73510000 0x2a000 5.07.0000.18066 C:\WINDOWS\system32\scrrun.dll 0x719b0000 0x40000 5.01.2600.5625 C:\WINDOWS\System32\mswsock.dll 0x76ee0000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x72240000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sensapi.dll 0x22200000 0xe000 6.06.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll 0x22000000 0x1d000 6.09.0000.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AAdHnd.DLL 0x22500000 0xd000 6.07.0010.0000 C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ADParmIF.dll 0x66710000 0x59000 5.01.2600.5512 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ cmd.exe pid: 3720 Command line: cmd /c uuoywfrygn.exe > tempd.txt Base Size Version Path 0x4ad00000 0x64000 5.01.2600.5512 C:\WINDOWS\system32\cmd.exe 0x5cf00000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ------------------------------------------------------------------------------ uuoywfrygn.exe pid: 3804 Command line: uuoywfrygn.exe Base Size Version Path 0x00400000 0x14000 2.25.0000.0000 C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nsy1BA.tmp\uuoywfrygn.exe 0x773a0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ===================== NTFS ADS ===================== c:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Neuer Ordner\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Desktop\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Meine Scans\2008-02 (Feb)\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Meine Scans\2008-06 (Jun)\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Meine Scans\2008-07 (Jul)\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Eigene Bilder\Microsoft Clip Organizer\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Eigene Bilder\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Eigene Videos\Thumbs.db:encryptable 0 bytes c:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\Anwendungsdaten\Microsoft\Thumbs.db:encryptable 0 bytes c:\Programme\Messenger\Thumbs.db:encryptable 0 bytes c:\Programme\Microsoft Office\media\cagcat10\Thumbs.db:encryptable 0 bytes c:\Programme\T-Online\T-Online_Software_6\Internet-Telefon\Thumbs.db:encryptable 0 bytes c:\Programme\T-Online\T-Online_Software_6\Thumbs.db:encryptable 0 bytes c:\Programme\Windows Media Connect 2\Thumbs.db:encryptable 0 bytes c:\Programme\ICOO Loader\My downloads\Thumbs.db:encryptable 0 bytes c:\Thumbs.db:encryptable 0 bytes c:\WINDOWS\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\biglips\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\butts\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\closeup\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\fuck\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\Sonstige\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\toys\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Sonstige\women\Thumbs.db:encryptable 0 bytes c:\Alex-Bilder\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\LeichtOpa-Grab-Urne\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\AutobahnSee\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\BavariaCup2008-Siegesfeier\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Benefiz-Turnier-Muko-2005\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Caritas-2007\Kunsttherapie-Alexander Leicht\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Caritas-2007\Kunsttherapie-Andreas Fleischner\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Caritas-2007\Kunsttherapie-Christina Dräger\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Caritas-2007\Prospekt-Caritas-Bilder\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Caritas-2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Chioggia-Michael\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Dodge-Chrysler\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Garten-2005\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Garten-2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Gymnasium-Papa\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Gärten-LeichtOpa\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\HapeGrundstück\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\HS-Nachtflohm.2006\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Karin-50.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\MeinNachbar-Fotos\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-14.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-15.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-16.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-Fussball-2007\B1-Bergkirchen\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-Fussball-2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-FussballMeister-B1-2008\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-M-Zug-Abschlussfest\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Michael-Roller\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Oma-80.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Opa-81.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Papa-50.Geburtstag\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Predigtstuhl2006\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Rollerteile-Michael\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Rollerunfall-Arno\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Sardinien-2006\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Silvester2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Sollinger-eBay-Fotos\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Sonstige\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Straßenfest2006\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Svenja-Köln-2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Söhne2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\TSV-Schiedsrichter\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Volksfest2007-Abitstammtisch\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Weihenstephan2006\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Weihnacht2000\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Weihnacht2006\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\Weihnacht2007\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\WM2006-FanFest\Thumbs.db:encryptable 0 bytes c:\Bilder-Alex\ZirkusKrone2008\Thumbs.db:encryptable 0 bytes ===================== ENCRYPTED FILES ===================== ===================== HIDDEN OBJECTS ===================== scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ===================== RUSTOCK ROOTKIT DETECTION ===================== #### NOTHING FOUND #### ===================== MASTER BOOT RECORD ===================== device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK copy of MBR has been found in sector 1 ! ===================== NETWORK SETTINGS ===================== ~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\----- [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] "LibraryPath"="%SystemRoot%\System32\mswsock.dll" [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002] "LibraryPath"="%SystemRoot%\System32\winrnr.dll" [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] "LibraryPath"="%SystemRoot%\System32\mswsock.dll" [Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000016] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000017] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000018] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000019] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll ~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~ Hostname. . . . . . . . . . . . . : c3po Primäres DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Unbekannt WINS-Proxy aktiviert. . . . . . . : Nein DNS-Suffixsuchliste . . . . . . . : Speedport_W_700V Ethernetadapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: Speedport_W_700V Beschreibung. . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter Physikalische Adresse . . . . . . : 00-0C-76-75-B2-71 DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja Subnetzmaske. . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : 192.168.2.1 DHCP-Server . . . . . . . . . . . : 192.168.2.1 DNS-Server. . . . . . . . . . . . : 192.168.2.1 Lease erhalten. . . . . . . . . . : Mittwoch, 30. Juli 2008 14:56:58 Lease läuft ab. . . . . . . . . . : Sonntag, 3. August 2008 14:56:58 -----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces ~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~ Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status PID TCP c3po:epmap c3po:0 ABH™REN 1392 c:\windows\system32\WS2_32.dll C:\WINDOWS\system32\RPCRT4.dll c:\windows\system32\rpcss.dll C:\WINDOWS\system32\svchost.exe -- unbekannte Komponente(n) -- [svchost.exe] TCP c3po:microsoft-ds c3po:0 ABH™REN 4 [System] TCP c3po:1025 c3po:0 ABH™REN 1912 [ccProxy.exe] TCP c3po:1026 c3po:0 ABH™REN 3376 [alg.exe] TCP c3po:1028 c3po:0 ABH™REN 240 [ccApp.exe] TCP c3po:6973 c3po:0 ABH™REN 2884 [MInfraIS.exe] TCP c3po:netbios-ssn c3po:0 ABH™REN 4 [System] TCP c3po:3670 localhost:6973 HERGESTELLT 2332 [kernel.exe] TCP c3po:6973 localhost:3670 HERGESTELLT 2884 [MInfraIS.exe] TCP c3po:1504 email.t-online.de:https SCHLIESSEND 2280 [BROWSER.EXE] TCP c3po:1510 email.t-online.de:https SCHLIESSEND 2280 [BROWSER.EXE] TCP c3po:1569 email.t-online.de:https SCHLIESSEND 2280 [BROWSER.EXE] TCP c3po:1478 sam.t-online.com:https WARTEND 0 TCP c3po:1491 tbx2.t-online.de:http WARTEND 0 TCP c3po:1568 email.t-online.de:https WARTEND 0 UDP c3po:isakmp *:* 1148 [lsass.exe] UDP c3po:4500 *:* 1148 [lsass.exe] UDP c3po:microsoft-ds *:* 4 [System] UDP c3po:ntp *:* 1528 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\System32\svchost.exe [svchost.exe] UDP c3po:1356 *:* 2332 [kernel.exe] UDP c3po:3675 *:* 2280 [BROWSER.EXE] UDP c3po:ntp *:* 1528 c:\windows\system32\WS2_32.dll c:\windows\system32\w32time.dll C:\WINDOWS\system32\ADVAPI32.dll C:\WINDOWS\System32\svchost.exe [svchost.exe] UDP c3po:netbios-dgm *:* 4 [System] UDP c3po:netbios-ns *:* 4 [System] ~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~ Name Ressource Beschreibung IPC$ Remote-IPC D$ D:\ Standardfreigabe ADMIN$ C:\WINDOWS Remoteadmin C$ C:\ Standardfreigabe E$ E:\ Standardfreigabe Der Befehl wurde erfolgreich ausgefhrt. ~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~ Keine Verbindungen Der Befehl wurde erfolgreich ausgefhrt. ~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~ -----C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Network\Connections\Pbk\rasphone.pbk [T-Online 6.0] Encoding=1 Type=1 AutoLogon=0 UseRasCredentials=1 DialParamsUID=70829625 Guid=C02B9EA630AE6448BA786B7D3F13A812 BaseProtocol=1 VpnStrategy=0 ExcludedProtocols=3 LcpExtensions=1 DataEncryption=8 SwCompression=0 NegotiateMultilinkAlways=0 SkipNwcWarning=0 SkipDownLevelDialog=0 SkipDoubleDialDialog=0 DialMode=1 DialPercent=90 DialSeconds=20 HangUpPercent=20 HangUpSeconds=20 OverridePref=15 RedialAttempts=3 RedialSeconds=60 IdleDisconnectSeconds=0 RedialOnLinkFailure=0 CallbackMode=0 CustomDialDll= CustomDialFunc= CustomRasDialDll=C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\cmdial32.dll AuthenticateServer=0 ShareMsFilePrint=0 BindMsNetClient=0 SharedPhoneNumbers=1 GlobalDeviceSettings=0 PrerequisiteEntry= PrerequisitePbk= PreferredPort=PPPoE7-0 PreferredDevice=WAN-Miniport (PPPOE) PreferredBps=0 PreferredHwFlow=0 PreferredProtocol=0 PreferredCompression=0 PreferredSpeaker=0 PreferredMdmProtocol=0 PreviewUserPw=0 PreviewDomain=0 PreviewPhoneNumber=0 ShowDialingProgress=1 ShowMonitorIconInTaskBar=0 CustomAuthKey=-1 AuthRestrictions=632 TypicalAuth=1 IpPrioritizeRemote=0 IpHeaderCompression=0 IpAddress=0.0.0.0 IpDnsAddress=0.0.0.0 IpDns2Address=0.0.0.0 IpWinsAddress=0.0.0.0 IpWins2Address=0.0.0.0 IpAssign=1 IpNameAssign=1 IpFrameSize=1006 IpDnsFlags=0 IpNBTFlags=1 TcpWindowSize=0 UseFlags=0 IpSecFlags=0 IpDnsSuffix= NETCOMPONENTS= ms_msclient=0 ms_server=0 MEDIA=rastapi Port=PPPoE7-0 Device=WAN-Miniport (PPPOE) DEVICE=rastapi LastSelectedPhone=0 PromoteAlternates=0 TryNextAlternateOnFail=1 [T-Online Direktanwahl] Encoding=1 Type=1 AutoLogon=0 UseRasCredentials=1 DialParamsUID=5687390 Guid=3EEFF25D8C22104AA3709E7D49C5923F BaseProtocol=1 VpnStrategy=0 ExcludedProtocols=3 LcpExtensions=1 DataEncryption=8 SwCompression=1 NegotiateMultilinkAlways=1 SkipNwcWarning=0 SkipDownLevelDialog=0 SkipDoubleDialDialog=0 DialMode=0 DialPercent=0 DialSeconds=0 HangUpPercent=0 HangUpSeconds=0 OverridePref=15 RedialAttempts=0 RedialSeconds=0 IdleDisconnectSeconds=0 RedialOnLinkFailure=0 CallbackMode=0 CustomDialDll=C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdHndCnt.dll CustomDialFunc=RasADFunc CustomRasDialDll=C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\AdCustDl.dll AuthenticateServer=0 ShareMsFilePrint=0 BindMsNetClient=0 SharedPhoneNumbers=0 GlobalDeviceSettings=0 PrerequisiteEntry= PrerequisitePbk= PreferredPort=LPT1 PreferredDevice=Parallelanschluss (direkt) PreferredBps=0 PreferredHwFlow=0 PreferredProtocol=0 PreferredCompression=0 PreferredSpeaker=0 PreferredMdmProtocol=0 PreviewUserPw=1 PreviewDomain=0 PreviewPhoneNumber=1 ShowDialingProgress=1 ShowMonitorIconInTaskBar=1 CustomAuthKey=-1 AuthRestrictions=888 TypicalAuth=1 IpPrioritizeRemote=1 IpHeaderCompression=1 IpAddress=0.0.0.0 IpDnsAddress=0.0.0.0 IpDns2Address=0.0.0.0 IpWinsAddress=0.0.0.0 IpWins2Address=0.0.0.0 IpAssign=1 IpNameAssign=1 IpFrameSize=1006 IpDnsFlags=0 IpNBTFlags=1 TcpWindowSize=0 UseFlags=0 IpSecFlags=0 IpDnsSuffix= NETCOMPONENTS= ms_msclient=0 ms_server=0 MEDIA=rastapi Port=LPT1 Device=Parallelanschluss (direkt) DEVICE=PARALLEL PhoneNumber=7 AreaCode= CountryCode=0 CountryID=0 UseDialingRules=0 Comment= LastSelectedPhone=0 PromoteAlternates=0 TryNextAlternateOnFail=1 ===================== HOSTS FILE ===================== 127.0.0.1 localhost ===================== SUSPICIOUS FILES ===================== EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\ C:\WINDOWS\Nircmd.exe --> is compressed with UPX C:\WINDOWS\swreg.exe --> is compressed with UPX C:\WINDOWS\swsc.exe --> is compressed with UPX ===================== UNINSTALL LIST ===================== -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\ActiveScan 2.0] "DisplayName"="Panda ActiveScan 2.0" "UninstallString"="C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe" "DisplayIcon"="C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe" [Uninstall\All ATI Software] "DisplayName"="ATI - Dienstprogramm zur Deinstallation der Software" "UninstallString"="C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe" "DisplayIcon"="C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe" [Uninstall\ATI Display Driver] "DisplayName"="ATI Display Driver" "UninstallString"="rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean" [Uninstall\Branding] [Uninstall\C-Media Audio] "UninstallString"="C:\WINDOWS\CMIUnInstall.exe" "DisplayName"="C-Media 3D Audio" [Uninstall\CCleaner] "DisplayName"="CCleaner (remove only)" "UninstallString"="\"C:\Programme\CCleaner\uninst.exe\"" [Uninstall\Click'n View_is1] "DisplayName"="ClicknView 3.0.9" "DisplayIcon"="C:\Programme\Click'n View\MyProg.exe" "UninstallString"="\"C:\Programme\Click'n View\uninstaller\unins000.exe\"" [Uninstall\Connection Manager] [Uninstall\DVD Shrink DE_is1] "DisplayName"="DVD Shrink 3.2 deutsch" "DisplayIcon"="C:\Programme\DVD Shrink DE\DVD Shrink 3.2 DE.exe" "UninstallString"="\"C:\Programme\DVD Shrink DE\unins000.exe\"" [Uninstall\HeadCase Mind Mapper, SmartAce edition] "DisplayName"="HeadCase Mind Mapper, SmartAce edition" "UninstallString"="C:\WINDOWS\HeadCase Mind Mapper, SmartAce edition Uninstaller.exe" [Uninstall\HijackThis] "DisplayName"="HijackThis 2.0.2" "UninstallString"="\"D:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Exe-Dateien\HJT\HijackThis.exe\" /uninstall" "DisplayIcon"="D:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Exe-Dateien\HJT\HijackThis.exe" [Uninstall\HP Photo & Imaging] "UninstallString"="C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat" "DisplayName"="HP Image Zone 4.2" "DisplayIcon"="C:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe,0" [Uninstall\InstallShield Uninstall Information] [Uninstall\KB884016] [Uninstall\KB884267] [Uninstall\KB885353] [Uninstall\KB886612] [Uninstall\KB887078] [Uninstall\KB887626] [Uninstall\KB888656] [Uninstall\KB889858] [Uninstall\KB891122] [Uninstall\KB892313] [Uninstall\KB893240] [Uninstall\KB893241] [Uninstall\KB893803] [Uninstall\KB895181] [Uninstall\KB895316] [Uninstall\KB895572] [Uninstall\KB897586] [Uninstall\KB898549] [Uninstall\KB900399] [Uninstall\KB902344] [Uninstall\KB907658] [Uninstall\KB911854] [Uninstall\KB936782_WMP11] "DisplayName"="Sicherheitsupdate für Windows Media Player 11 (KB936782)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\"" [Uninstall\KB939683] "DisplayName"="Hotfix für Windows Media Player 11 (KB939683)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\"" [Uninstall\KB941569] "DisplayName"="Sicherheitsupdate für Windows XP (KB941569)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe\"" [Uninstall\KB950759] "DisplayName"="Sicherheitsupdate für Windows XP (KB950759)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe\"" [Uninstall\KB950760] "DisplayName"="Sicherheitsupdate für Windows XP (KB950760)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe\"" [Uninstall\KB950762] "DisplayName"="Sicherheitsupdate für Windows XP (KB950762)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe\"" [Uninstall\KB951376-v2] "DisplayName"="Sicherheitsupdate für Windows XP (KB951376-v2)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe\"" [Uninstall\KB951698] "DisplayName"="Sicherheitsupdate für Windows XP (KB951698)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe\"" [Uninstall\KB951748] "DisplayName"="Sicherheitsupdate für Windows XP (KB951748)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe\"" [Uninstall\KB951978] "DisplayName"="Update für Windows XP (KB951978)" "UninstallString"="\"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe\"" [Uninstall\LiveReg] "DisplayName"="LiveReg (Symantec Corporation)" "UninstallString"="C:\Programme\Gemeinsame Dateien\Symantec Shared\LiveReg\VcSetup.exe /REMOVE" [Uninstall\LiveUpdate] "UninstallString"="\"C:\Programme\Symantec\LiveUpdate\LSETUP.EXE\" /U" "DisplayName"="LiveUpdate 3.0 (Symantec Corporation)" "DisplayIcon"="\"C:\Programme\Symantec\LiveUpdate\LUALL.EXE\"" [Uninstall\M928366] "DisplayName"="Microsoft .NET Framework 1.1 Hotfix (KB928366)" "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "UninstallString"="\"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe\" \"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp\"" [Uninstall\Malwarebytes' Anti-Malware_is1] "DisplayName"="Malwarebytes' Anti-Malware" "UninstallString"="\"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe\"" [Uninstall\Microsoft .NET Framework 1.1 (1033)] "UninstallString"="msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" "DisplayName"="Microsoft .NET Framework 1.1" "DisplayIcon"="C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ndpsetup.ico" [Uninstall\Microsoft .NET Framework 2.0] "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 2.0" "UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe" [Uninstall\MSI30-Beta1] [Uninstall\MSI30-Beta2] [Uninstall\MSI30-KB884016] [Uninstall\MSI30-RC1] [Uninstall\MSI30-RC2] [Uninstall\MSI30a-KB884016] [Uninstall\MSI31-Beta] [Uninstall\MSI31-RC1] [Uninstall\Nero - Burning Rom!UninstallKey] "UninstallString"="C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL" "DisplayName"="Nero 6 Enterprise Edition" "DisplayIcon"="C:\Programme\Ahead\nero\nero.exe" [Uninstall\PCHealth] "UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf" [Uninstall\PDF reDirect] "DisplayName"="PDF reDirect (remove only)" "UninstallString"="C:\WINDOWS\system32\PDF reDirect\Uninstall.exe" [Uninstall\PDF-to-HTML 1.0] "DisplayName"="PDF-to-HTML 1.0" "UninstallString"="C:\PROGRA~1\PDF2HTML\UNWISE.EXE /U C:\PROGRA~1\PDF2HTML\pdf2htm.log" [Uninstall\Picasa2] "DisplayName"="Picasa 2" "UninstallString"="\"C:\Programme\Picasa2\Uninstall.exe\"" [Uninstall\PixDiscount] "DisplayName"="PixDiscount" "UninstallString"="\"C:\Programme\PixDiscount\uninstall.exe\"" [Uninstall\Registry Defragmentation] "DisplayName"="Registry Defragmentation" "UninstallString"=expand:"C:\Programme\Registry Defragmentation\Registry Defragmentation deinstallieren.exe" "DisplayIcon"="C:\Programme\Registry Defragmentation\RegDefrag.exe,0" [Uninstall\Revo Uninstaller] "DisplayName"="Revo Uninstaller 1.71" "UninstallString"="C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe" "DisplayIcon"="C:\Programme\VS Revo Group\Revo Uninstaller\revouninstaller.exe" [Uninstall\Samsung Mobile USB Modem] "DisplayName"="Samsung Mobile USB Modem Software" "UninstallString"="C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe" [Uninstall\Sevinst] [Uninstall\ShockwaveFlash] "DisplayName"="Adobe Flash Player 9 ActiveX" "UninstallString"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete" [Uninstall\SiSLan] "DisplayName"="SiS 900 PCI Fast Ethernet Adapter Driver" "UninstallString"="C:\Progra~1\SiSLan\Uninst.exe" [Uninstall\SymSetup.{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}] "DisplayName"="Norton Personal Firewall 2005 (Symantec Corporation)" "InstallSource"="J:\Norton_Personal_Firewall_2005" "DisplayIcon"="C:\Programme\Norton Personal Firewall\AlertAst.exe,0" "UninstallString"="C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}.exe /X" [Uninstall\SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}] "DisplayName"="Norton AntiVirus 2005 (Symantec Corporation)" "InstallSource"="J:\Norton_Antivirus_2005" "DisplayIcon"="C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe" "UninstallString"="C:\Programme\Gemeinsame Dateien\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X" [Uninstall\Unlocker] "DisplayName"="Unlocker 1.8.5" "UninstallString"="C:\Programme\Unlocker\uninst.exe" "DisplayIcon"="C:\Programme\Unlocker\Unlocker.exe" [Uninstall\Winamp] "DisplayName"="Winamp (remove only)" "UninstallString"="\"C:\Programme\Winamp\UninstWA.exe\"" [Uninstall\Windows Media Format Runtime] "DisplayName"="Windows Media Format 11 runtime" "UninstallString"="\"C:\Programme\Windows Media Player\wmsetsdk.exe\" /UninstallAll" "DisplayIcon"="C:\Programme\Windows Media Player\wmplayer.exe" [Uninstall\Windows Media Player] "DisplayName"="Windows Media Player 11" "UninstallString"="\"C:\Programme\Windows Media Player\Setup_wm.exe\" /Uninstall" "DisplayIcon"="C:\Programme\Windows Media Player\wmplayer.exe" [Uninstall\Windows XP Service Pack] "DisplayName"="Windows XP Service Pack 3" "UninstallString"="\"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe\"" [Uninstall\WinRAR archiver] "DisplayName"="WinRAR archiver" "UninstallString"="C:\Programme\WinRAR\uninstall.exe" [Uninstall\WMCSetup] [Uninstall\xp-AntiSpy] "DisplayName"="xp-AntiSpy 3.93" "UninstallString"="C:\Programme\xp-AntiSpy\uninst.exe" "DisplayIcon"="C:\Programme\xp-AntiSpy\AppMainExe.exe" [Uninstall\{03EB79B7-2152-4C98-AEA0-254F881A3275}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{03EB79B7-2152-4C98-AEA0-254F881A3275}\setup.exe\" -l0x7 -removeonly" "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\bye29.tmp\Disk1\" "DisplayName"="ElsterFormular 2004/2005" [Uninstall\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe\" " "DisplayName"="ATI Control Panel" "DisplayIcon"="C:\Programme\ATI Technologies\ATI Control Panel\atiprbxx.exe" [Uninstall\{12E2B9E9-05B1-407d-B0FD-B5F350535125}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}" "DisplayName"="Norton Internet Security" [Uninstall\{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}] "InstallSource"="J:\Setup\scan\" "DisplayName"="Scan" [Uninstall\{21E75254-410E-49C4-8981-2E1A2A2221F2}] "InstallSource"="J:\Setup\RedBox\" "DisplayName"="HP Diagnostic Assistant" [Uninstall\{228F6876-A313-40A3-91C0-C3CBE6997D09}] "InstallSource"="J:\Norton_Antivirus_2005\Support\MSRedist\" "UninstallString"=expand:"MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}" "DisplayName"="Symantec" [Uninstall\{2405665A-16C9-4D3A-B70E-F006220E1472}] "InstallSource"="J:\Setup\overland\" "DisplayName"="Overland" [Uninstall\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{2638924D-DC58-4C40-BB1C-48C2B24B7B1B}\Setup.exe\" -L0x7" [Uninstall\{267868CE-6DFF-40F7-9C58-C01119B7B117}] "InstallSource"="J:\Setup\fax\" "DisplayName"="Fax" [Uninstall\{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}] "InstallSource"="J:\Norton_Antivirus_2005\NAV\" "UninstallString"=expand:"MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" "DisplayName"="Internet Worm Protection" [Uninstall\{2BBC9458-07CA-4843-848B-5C8146E5EFA8}] "InstallSource"="J:\Setup\CreativeProjects\" "DisplayName"="CreativeProjects" [Uninstall\{2F71F2BA-B513-4113-969C-18A84D238E27}] "InstallSource"="C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\Product\" "DisplayName"="1310" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}] "DisplayIcon"="C:\Programme\Java\jre1.5.0_10\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.5.0_10-b03/windows-i586//" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}" "DisplayName"="J2SE Runtime Environment 5.0 Update 10" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_01\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_01-b06/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}" "DisplayName"="Java(TM) SE Runtime Environment 6 Update 1" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_02\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}" "DisplayName"="Java(TM) 6 Update 2" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_03\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}" "DisplayName"="Java(TM) 6 Update 3" [Uninstall\{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}] "InstallSource"="J:\Setup\AiOSoftware\" "DisplayName"="AiOSoftware" [Uninstall\{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}] "InstallSource"="J:\Norton_Antivirus_2005\Support\Help\" "UninstallString"=expand:"MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" "DisplayName"="Norton AntiVirus Help" [Uninstall\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}] "InstallSource"="C:\WINDOWS\system32\" "DisplayName"="WebFldrs XP" [Uninstall\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}] "InstallSource"="c:\9b7a31307c8e4e087197fc90\" "UninstallString"=expand:"MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}" "DisplayName"="MSXML 4.0 SP2 (KB927978)" [Uninstall\{3AE681E0-4E8D-453F-950A-48534D3C0724}] "InstallSource"="J:\Setup\Copy\" "DisplayName"="Copy" [Uninstall\{3B29A786-5803-4e9e-9B58-3014A5B4E519}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{3B29A786-5803-4e9e-9B58-3014A5B4E519}" "DisplayName"="Norton AntiSpam" [Uninstall\{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" "DisplayName"="Norton Personal Firewall" [Uninstall\{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}] "InstallSource"="J:\Setup\Sherlock\" "DisplayName"="HPSystemDiagnostics" [Uninstall\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}] "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\{F2A7CB01-D0D4-4A11-AF07-EBB416FDC18A}\" "UninstallString"=expand:"MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" "DisplayName"="Google Earth" [Uninstall\{41254D7B-EADF-4078-AE4A-BD73B300EE86}] "InstallSource"="J:\Setup\UnloadIntent\" "DisplayName"="Unload" [Uninstall\{457791C5-D702-4143-A7B2-2744BE9573F2}] "InstallSource"="J:\Setup\HPSoftwareUpdate\" "UninstallString"=expand:"MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}" "DisplayName"="HP Software Update" [Uninstall\{48185814-A224-447a-81DA-71BD20580E1B}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}" "DisplayName"="Norton Internet Security" [Uninstall\{4C14659E-9844-4DE8-B295-0FA05B80EE0D}] "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\" "UninstallString"=expand:"MsiExec.exe /I{4C14659E-9844-4DE8-B295-0FA05B80EE0D}" "DisplayName"="ccCommon" [Uninstall\{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" "DisplayName"="Norton Internet Security" [Uninstall\{52739387-B81C-4C55-9593-EB7A1044A657}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{52739387-B81C-4C55-9593-EB7A1044A657}\Setup.exe\" -L0x7" [Uninstall\{541230A3-1D3A-4879-B7E0-E71F90E35548}] "InstallSource"="J:\Norton_Antivirus_2005\NAV\" "UninstallString"=expand:"MsiExec.exe /I{541230A3-1D3A-4879-B7E0-E71F90E35548}" "DisplayName"="Norton AntiVirus SCSSDist MSI" [Uninstall\{56070147-0F87-4A25-8A94-7E32B33E7D6A}] "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\_is1371\" "UninstallString"=expand:"MsiExec.exe /X{56070147-0F87-4A25-8A94-7E32B33E7D6A}" "DisplayName"="Opera 9.27" [Uninstall\{56122F61-1EDB-4215-AE26-618D89CA9820}] "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\" "UninstallString"=expand:"MsiExec.exe /I{56122F61-1EDB-4215-AE26-618D89CA9820}" "DisplayName"="SymNet" [Uninstall\{597D73A8-5FDB-4bc1-9893-40B54459F1BC}] "InstallSource"="C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\Product\" "DisplayName"="ProductContext" [Uninstall\{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}] "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\IXP000.TMP\" "UninstallString"=expand:"MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" "DisplayName"="Windows Genuine Advantage v1.3.0254.0" [Uninstall\{67BBD00E-02E0-40C3-A0BC-DA52BD6C51AF}] "UninstallString"="\"C:\Programme\InstallShield Installation Information\{67BBD00E-02E0-40C3-A0BC-DA52BD6C51AF}\setup.exe\" -runfromtemp -l0x0007 UNINSTALL -removeonly" "InstallSource"="J:\" "DisplayName"="LEXsoft Professional 3.0" "DisplayIcon"="C:\Programme\LexisNexis\LEXsoft\lexsoft.exe,0" [Uninstall\{6846389C-BAC0-4374-808E-B120F86AF5D7}] "InstallSource"="C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\Anwendungsdaten\Adobe\Updater5\Install\reader8rdr-de_DE\" "UninstallString"=expand:"MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}" "DisplayName"="Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)" [Uninstall\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "DisplayIcon"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ndpsetup.ico" "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\IXP000.TMP\" "DisplayName"="Microsoft .NET Framework 2.0" [Uninstall\{7585478E9D9B42108671C12F8714CEFE}] "DisplayIcon"="C:\Programme\DivX\DivX Converter\Converter.exe,0" "UninstallString"="C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER" [Uninstall\{77772678-817F-4401-9301-ED1D01A8DA56}] "InstallSource"="J:\Norton_Antivirus_2005\Support\SPBBC\" "UninstallString"=expand:"MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}" "DisplayName"="SPBBC" [Uninstall\{7F46E168-E0F4-45EA-81F5-80488334B609}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{7F46E168-E0F4-45EA-81F5-80488334B609}\Setup.exe\" -l0x7 " "DisplayName"="Usb to Serial Driver 1.12.28" [Uninstall\{80413011-029C-4D6B-B3AD-725DDE60B81C}] "InstallSource"="C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\AiOHelp\" "DisplayName"="1310Trb" [Uninstall\{80F24F31-F641-4349-83F3-59E335976D16}] "UninstallString"="C:\Programme\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0007 -removeonly" "InstallSource"="D:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Exe-Dateien\SpeedScan\SpeedScan_setup.exe" "DisplayName"="PC SpeedScan Pro" [Uninstall\{82A083E6-029E-45C3-99E5-CEA6895AA1EE}] "InstallSource"="C:\Programme\Samsung\Samsung PC Studio 3\{82A083E6-029E-45C3-99E5-CEA6895AA1EE}\" "DisplayName"="Samsung PC Studio" [Uninstall\{845AF1DD-3618-471F-9745-B1CD9378F669}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{845AF1DD-3618-471F-9745-B1CD9378F669}" "DisplayName"="Symantec SCSSDist MSI" [Uninstall\{868D7896-99D4-4513-BC62-2B3AD3E24926}] "DisplayIcon"="C:\Programme\TuneUp Utilities 2006\Integrator.exe,0" "InstallSource"="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\" "UninstallString"=expand:"MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}" "DisplayName"="TuneUp Utilities 2006" [Uninstall\{8777AC6D-89F9-4793-8266-DE406F343E89}] "InstallSource"="J:\setup\QFolder\" "DisplayName"="QFolder" [Uninstall\{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}] "InstallSource"="D:\Mircrosoft-Tools\" "UninstallString"=expand:"MsiExec.exe /I{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" "DisplayName"="Microsoft Baseline Security Analyzer 2.0" [Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}] "DisplayName"="DivX Player" "DisplayIcon"="C:\Programme\DivX\DivX Player\DivX Player.exe,0" "UninstallString"="C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER" [Uninstall\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}] "DisplayIcon"="C:\Programme\T-Online\DSL-Manager\DslMgr.exe" "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe\" -l0x7 " "DisplayName"="DSL-Manager" [Uninstall\{91110407-6000-11D3-8CFE-0050048383C9}] "InstallSource"="J:\" "UninstallString"=expand:"MsiExec.exe /I{91110407-6000-11D3-8CFE-0050048383C9}" "DisplayName"="Microsoft Office XP Professional" [Uninstall\{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}] "InstallSource"="J:\Setup\SkinsHP\" "DisplayName"="SkinsHP1" [Uninstall\{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}] "InstallSource"="J:\Setup\QuickProjects\" "DisplayName"="QuickProjects" [Uninstall\{9EDCCF9F-4196-46EA-8486-68D7B34D2F51}] "InstallSource"="J:\" "UninstallString"=expand:"MsiExec.exe /X{9EDCCF9F-4196-46EA-8486-68D7B34D2F51}" "DisplayName"="Business Concept 2005" [Uninstall\{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}] "InstallSource"="J:\Setup\printscreen\" "DisplayName"="PrintScreen" [Uninstall\{A06275F4-324B-4E85-95E6-87B2CD729401}] "InstallSource"="C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\Temporary Internet Files\Content.IE5\STIJWLA7\" "UninstallString"=expand:"MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}" "DisplayName"="Windows Defender" [Uninstall\{A1062847-0846-427A-92A1-BB8251A91E91}] "UninstallString"="\"C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe\" -datfile hposcr04.dat" "DisplayName"="HP PSC & OfficeJet 4.2" "DisplayIcon"="C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe,0" [Uninstall\{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}] "InstallSource"="J:\Setup\PhotoGallery\" "DisplayName"="PhotoGallery" [Uninstall\{A2500497-FD32-493e-B8E5-28D6728DBEF5}] "InstallSource"="J:\Setup\readme\" "DisplayName"="Readme" [Uninstall\{A4EA3AB4-E78C-4286-96DF-26035507CE55}] "InstallSource"="J:\Setup\AiO_Scan\" "DisplayName"="AiO_Scan" [Uninstall\{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}] "InstallSource"="C:\Programme\Windows Defender\" "UninstallString"=expand:"MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" "DisplayName"="Windows Defender Signatures" [Uninstall\{AB1EC3DC-C845-4378-B747-175E8CD2928B}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{AB1EC3DC-C845-4378-B747-175E8CD2928B}\Setup.exe\" " "DisplayName"="Photo Collage 1.41" [Uninstall\{AC76BA86-7AD7-1031-7B44-A81200000003}] "InstallSource"="C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\Anwendungsdaten\Adobe\Updater5\Install\reader8rdr-de_DE\" "UninstallString"=expand:"MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}" "DisplayName"="Adobe Reader 8.1.2 - Deutsch" [Uninstall\{AC76BA86-7AD7-5464-3428-800000000003}] "InstallSource"="C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\Anwendungsdaten\Adobe\Updater5\Install\reader8rdr-de_DE\" "UninstallString"=expand:"MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}" "DisplayName"="Spelling Dictionaries Support For Adobe Reader 8" [Uninstall\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}\Setup.exe\" CPAS" "DisplayName"="T-Online 6.0" "DisplayIcon"="C:\Programme\T-Online\T-Online_Software_6\sw6.ico" [Uninstall\{B13A7C41581B411290FBC0395694E2A9}] "DisplayName"="DivX Converter" "DisplayIcon"="C:\Programme\DivX\DivX Converter\Converter.exe,0" "UninstallString"="C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER" [Uninstall\{B32C75F2-7495-4D01-9431-C11E97D66F8C}] "InstallSource"="J:\Setup\DocProc\" "DisplayName"="DocProc" [Uninstall\{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}] "InstallSource"="J:\Setup\Director\" "DisplayName"="Director" [Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1] "DisplayName"="Spybot - Search & Destroy" "DisplayIcon"="C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" "UninstallString"="\"C:\Programme\Spybot - Search & Destroy\unins000.exe\"" [Uninstall\{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}] "InstallSource"="J:\Setup\CreativeProjectsTemplates\" "DisplayName"="CreativeProjectsTemplates" [Uninstall\{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}] "InstallSource"="J:\Setup\DocumentViewer\" "DisplayName"="DocumentViewer" [Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}] "DisplayName"="DivX Web Player" "DisplayIcon"="C:\Programme\DivX\DivX Web Player\npdivx32.dll,0" "UninstallString"="C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN" [Uninstall\{B7C61755-DB48-4003-948F-3D34DB8EAF69}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Support\Redist\" "UninstallString"=expand:"MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}" "DisplayName"="MSRedist" [Uninstall\{BB05BD70-4605-4829-93FC-AD80D8CC5B66}] "UninstallString"="C:\Programme\InstallShield Installation Information\{BB05BD70-4605-4829-93FC-AD80D8CC5B66}\setup.exe -runfromtemp -l0x0007 -removeonly" "InstallSource"="C:\Dokumente und Einstellungen\Ludwig\Lokale Einstellungen\Temp\{9A36CF4E-D98D-4850-8E60-4FB02C00BB22}\{80F24F31-F641-4349-83F3-59E335976D16}\APC.setup.exe" "DisplayName"="Performance Center" [Uninstall\{BCC992E5-5C81-4066-9B55-03DC10B24D21}] "InstallSource"="J:\Setup\InstantShare\" "DisplayName"="InstantShare" [Uninstall\{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}] "InstallSource"="J:\Setup\TrayApp\" "DisplayName"="TrayApp" [Uninstall\{C04E32E0-0416-434D-AFB9-6969D703A9EF}] "InstallSource"="d:\1247740a7f4cfef4c5cf4e\" "UninstallString"=expand:"MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}" "DisplayName"="MSXML 4.0 SP2 (KB936181)" [Uninstall\{C1D7EE03-2A8B-11D5-87F2-0050DAD6BB7B}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{C1D7EE03-2A8B-11D5-87F2-0050DAD6BB7B}\Setup.exe\" -l0x7 UNINSTALL" "DisplayName"="LEXsoft Professional" "DisplayIcon"="C:\Programme\LEXsoftPro\lexprof.exe,0" [Uninstall\{C6F5B6CF-609C-428E-876F-CA83176C021B}] "InstallSource"="J:\Norton_Antivirus_2005\NAV\" "UninstallString"=expand:"MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}" "DisplayName"="Norton AntiVirus 2005" [Uninstall\{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}] "InstallSource"="C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec\LIVEUP~1\DOWNLO~1\Updt278\" "DisplayName"="Symantec Network Drivers Update" [Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "DisplayIcon"="C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ndpsetup.ico" "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\IXP000.TMP\" "UninstallString"=expand:"MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" "DisplayName"="Microsoft .NET Framework 1.1" [Uninstall\{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}] "InstallSource"="J:\Norton_Antivirus_2005\NAV\" "UninstallString"=expand:"MsiExec.exe /I{D1FF75E7-DD42-4CFD-B052-20B3FFF4EDB8}" "DisplayName"="Norton AntiVirus SYMLT MSI" [Uninstall\{D327AFC9-7BAA-473A-8319-6EB7A0D40138}] "InstallSource"="J:\Norton_Antivirus_2005\Support\ScrBlock\" "UninstallString"=expand:"MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" "DisplayName"="Symantec Script Blocking Installer" [Uninstall\{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Support\Proxy\" "UninstallString"=expand:"MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}" "DisplayName"="CC_ccProxyExt" [Uninstall\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}] "InstallSource"="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\" "UninstallString"=expand:"MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" "DisplayName"="Ad-Aware" [Uninstall\{E21658D0-8C83-4ADD-937B-6ED07F335ABA}] "InstallSource"="C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\Tour\" "DisplayName"="1310Tour" [Uninstall\{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Support\HelpMSI\" "UninstallString"=expand:"MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" "DisplayName"="Norton Personal Firewall" [Uninstall\{E5EE9939-259F-4DE2-8023-5C49E16A4F43}] "InstallSource"="J:\Norton_Antivirus_2005\NAV\" "UninstallString"=expand:"MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" "DisplayName"="Norton AntiVirus Parent MSI" [Uninstall\{E78BFA60-5393-4C38-82AB-E8019E464EB4}] "InstallSource"="C:\DOKUME~1\Ludwig\LOKALE~1\Temp\IXP000.TMP\" "UninstallString"=expand:"MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}" "DisplayName"="Microsoft .NET Framework 1.1 German Language Pack" [Uninstall\{E85FA9A1-C241-4698-893B-DD99509B8DB0}] "DisplayIcon"=",0" "InstallSource"="J:\Norton_Personal_Firewall_2005\Support\SymSC\" "UninstallString"=expand:"MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}" "DisplayName"="Norton WMI Update" [Uninstall\{E90BEB5B-CFA0-418E-9ABB-4C4A7B0D9483}] "InstallSource"="C:\Programme\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\AiOHelp\" "DisplayName"="1310_Help" [Uninstall\{EA1CB7AC-E221-4822-A789-0ADB051DC498}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe\" -l0x9 " "DisplayName"="Medion Flash XL" [Uninstall\{EC8673DA-F96B-497E-B2DB-BC7B029FD680}] "InstallSource"="J:\Setup\BufferChm\" "DisplayName"="BufferChm" [Uninstall\{F00D9007-4CAA-48C6-9DB0-4B40CC1CEACF}] "InstallSource"="C:\Programme\Ascentive\PC SpeedScan Pro\{F00D9007-4CAA-48C6-9DB0-4B40CC1CEACF}\" "DisplayName"="PC SpeedScan Pro" [Uninstall\{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}] "InstallSource"="J:\Setup\Destinations\" "DisplayName"="Destinations" [Uninstall\{F64306A5-4C32-41bb-B153-53986527FAB4}] "DisplayIcon"=",0" "InstallSource"="J:\Norton_Antivirus_2005\Support\SymSC\" "UninstallString"=expand:"MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}" "DisplayName"="Norton WMI Update" [Uninstall\{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}] "InstallSource"="J:\Setup\WebReg\" "DisplayName"="WebReg" [Uninstall\{FC08587A-4F01-4188-819F-F55880022917}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Support\Proxy\" "UninstallString"=expand:"MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}" "DisplayName"="ccPxyCore" [Uninstall\{FC2C0536-583C-46c0-844A-62CECAE01F22}] "InstallSource"="J:\Norton_Personal_Firewall_2005\Setup\" "UninstallString"=expand:"MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}" "DisplayName"="Norton Internet Security" [Uninstall\{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}] "InstallSource"="J:\Setup\CueTour\" "DisplayName"="CueTour" -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] ===================== HIJACKTHIS LOG ===================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:14:32, on 31.07.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe C:\Programme\Norton Personal Firewall\ISSVC.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\WINDOWS\Dit.exe C:\Programme\Java\jre1.6.0_03\bin\jusched.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\HP\HP Software Update\HPWuSchd2.exe C:\Programme\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\DitExp.exe C:\Programme\Messenger\msmsgs.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe C:\Programme\Registry Defragmentation\RegManServ.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programme\HP\hpcoretech\comp\hptskmgr.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\Programme\Norton AntiVirus\SAVScan.exe C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MInfraIS.exe C:\PROGRAMME\T-ONLINE\T-ONLINE_SOFTWARE_6\BROWSER\BROWSER.EXE C:\Dokumente und Einstellungen\Ludwig\Desktop\sys3645.exe C:\DOKUME~1\Ludwig\LOKALE~1\Temp\nsy1BA.tmp\runme.exe D:\Dokumente und Einstellungen\Ludwig\Eigene Dateien\Exe-Dateien\HJT\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ilove.de/dtf/register/validateEmailVpin.do?vpin=2147591219-1002299935 R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Personal Firewall - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Dit] Dit.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ToADiMon.exe] C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programme\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Programme\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\RunServices: [DJSNetCN] C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [RegDfrgSch] C:\Programme\Registry Defragmentation\RegDfrgSch.exe /tray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM') O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user') O8 - Extra context menu item: &eBay Search - res://C:\Programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} (Eyeball Video Message Control) - http://wildmatch.com/ChatSource/hVideoContol.cab O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1208082504906 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.pixdiscount.de/clients/uploader_v2.2.0.6.cab O20 - Winlogon Notify: cryptonet - C:\WINDOWS\ O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatisches LiveUpdate - Scheduler - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\DJSNETCN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Personal Firewall\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect-Dienst (navapsvc) - Symantec Corporation - C:\Programme\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programme\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Programme\Registry Defragmentation\RegManServ.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe -- End of file - 11168 bytes ========================================== Scan completed in 113 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work