SystemScan - www.suspectfile.com - ver. 3.5.5 (code: holifay & bReAkdOWn) Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1) System directory: C:\WINDOWS SystemScan file: C:\Dokumente und Einstellungen\Dennis\Desktop\sys59220.exe Running in: User mode Date: 29.08.2008 Time: 21:30:10 Output limited to: -Recent files -Duplicates in BAK folders -Services and Drivers (all) -Master Boot Record -Include HOSTS file -Suspicious Files ===================== RECENT FILES ===================== Showing files newer than 60 days ----- recent files in C:\ 12.07.2008 15:34:32 244 byte 48 days old -- sqmnoopt04.sqm 12.07.2008 15:34:33 268 byte 48 days old -- sqmdata04.sqm 28.07.2008 14:52:38 244 byte 32 days old -- sqmnoopt05.sqm 28.07.2008 14:52:39 268 byte 32 days old -- sqmdata05.sqm 25.08.2008 19:32:05 (DIR) 0 byte 4 days old -- System Volume Information 25.08.2008 21:49:42 244 byte 4 days old -- sqmnoopt06.sqm 25.08.2008 21:49:43 268 byte 4 days old -- sqmdata06.sqm 26.08.2008 09:35:23 1958 byte 3 days old -- Bug.txt 26.08.2008 19:15:03 (DIR) 0 byte 3 days old -- WINDOWS 26.08.2008 19:15:44 4562 byte 3 days old -- avenger.txt 26.08.2008 21:51:49 (DIR) 0 byte 3 days old -- Avenger 26.08.2008 21:52:00 (DIR) 0 byte 3 days old -- SDFix 26.08.2008 22:46:27 (DIR) 0 byte 3 days old -- Downloads 27.08.2008 00:14:33 211 byte 2 days old -- boot.ini 28.08.2008 00:37:14 805306368 byte 1 days old -- pagefile.sys 29.08.2008 10:16:33 (DIR) 0 byte 0 days old -- Programme 29.08.2008 10:18:25 (DIR) 0 byte 0 days old -- Config.Msi ----- recent files in C:\WINDOWS\ 01.07.2008 15:50:15 (DIR) 0 byte 59 days old -- .jagex_cache_32 09.07.2008 03:01:42 (DIR) 0 byte 51 days old -- $NtUninstallKB951748$ 11.07.2008 13:48:53 (DIR) 0 byte 49 days old -- LeagueWarZ 1.5 small Version 19.07.2008 03:03:56 (DIR) 0 byte 41 days old -- Registration 21.07.2008 07:54:27 (DIR) 0 byte 39 days old -- $NtUninstallWIC$ 21.07.2008 08:04:14 (DIR) 0 byte 39 days old -- $NtUninstallXPSEPSCLP$ 21.07.2008 08:44:02 (DIR) 0 byte 39 days old -- assembly 21.07.2008 08:44:02 (DIR) 0 byte 39 days old -- Microsoft.NET 22.07.2008 03:01:20 (DIR) 0 byte 38 days old -- $NtUninstallKB925720$ 14.08.2008 03:01:48 (DIR) 0 byte 15 days old -- $NtUninstallKB951066$ 14.08.2008 03:02:17 (DIR) 0 byte 15 days old -- ie7updates 14.08.2008 03:02:59 (DIR) 0 byte 15 days old -- $NtUninstallKB952287$ 14.08.2008 03:03:15 (DIR) 0 byte 15 days old -- $NtUninstallKB951072-v2$ 14.08.2008 03:03:23 (DIR) 0 byte 15 days old -- $NtUninstallKB950974$ 14.08.2008 03:03:32 (DIR) 0 byte 15 days old -- $NtUninstallKB953839$ 14.08.2008 03:03:37 (DIR) 0 byte 15 days old -- $hf_mig$ 14.08.2008 03:03:40 (DIR) 0 byte 15 days old -- $NtUninstallKB946648$ 14.08.2008 03:03:49 (DIR) 0 byte 15 days old -- $NtUninstallKB952954$ 21.08.2008 06:42:35 (DIR) 0 byte 8 days old -- Downloaded Program Files 22.08.2008 05:17:48 (DIR) 0 byte 7 days old -- Minidump 22.08.2008 05:17:50 (DIR) 0 byte 7 days old -- Debug 22.08.2008 17:49:56 399 byte 7 days old -- wmsetup.log 25.08.2008 18:04:28 (DIR) 0 byte 4 days old -- inf 25.08.2008 19:16:43 0 byte 4 days old -- setuperr.log 25.08.2008 19:16:44 75 byte 4 days old -- setupact.log 25.08.2008 19:16:44 14664 byte 4 days old -- setupapi.log 26.08.2008 06:34:16 1409 byte 3 days old -- QTFont.for 26.08.2008 06:34:16 54156 byte 3 days old -- QTFont.qfn 26.08.2008 09:51:12 (DIR) 0 byte 3 days old -- pss 26.08.2008 10:02:20 (DIR) 0 byte 3 days old -- erunt 26.08.2008 19:15:03 90112 byte 3 days old -- DUMP35d5.tmp 26.08.2008 19:15:11 172340 byte 3 days old -- ntbtlog.txt 26.08.2008 22:01:03 32644 byte 3 days old -- SchedLgU.Txt 27.08.2008 00:14:33 227 byte 2 days old -- system.ini 27.08.2008 00:14:33 845 byte 2 days old -- win.ini 28.08.2008 00:37:17 2048 byte 1 days old -- bootstat.dat 28.08.2008 00:37:36 0 byte 1 days old -- 0.log 28.08.2008 06:15:43 50 byte 1 days old -- wiaservc.log 29.08.2008 04:16:23 50 byte 0 days old -- GunzLauncher.INI 29.08.2008 06:36:01 541 byte 0 days old -- wiadebug.log 29.08.2008 10:16:57 (DIR) 0 byte 0 days old -- system32 29.08.2008 10:17:18 (DIR) 0 byte 0 days old -- Fonts 29.08.2008 10:18:14 (DIR) 0 byte 0 days old -- WinSxS 29.08.2008 10:27:31 (DIR) 0 byte 0 days old -- Installer 29.08.2008 20:24:17 1507495 byte 0 days old -- WindowsUpdate.log 29.08.2008 21:25:55 (DIR) 0 byte 0 days old -- Temp 29.08.2008 21:30:10 (DIR) 0 byte 0 days old -- Prefetch ----- recent files in C:\WINDOWS\Downloaded Program Files\ 07.07.2008 13:57:40 6091 byte 53 days old -- solidbrowserplugin.inf ----- recent files in C:\WINDOWS\system\ 26.08.2008 09:36:47 35 byte 3 days old -- cmicnfg.ini ----- recent files in C:\WINDOWS\system32\ 07.07.2008 22:30:55 253952 byte 53 days old -- es.dll 13.07.2008 07:41:17 520192 byte 47 days old -- Hancock Screensaver.scr 13.07.2008 07:41:26 (DIR) 0 byte 47 days old -- Hancock Screensaver dir 14.07.2008 13:09:18 62976 byte 46 days old -- tzchange.exe 19.07.2008 03:03:56 (DIR) 0 byte 41 days old -- wbem 19.07.2008 03:04:14 (DIR) 0 byte 41 days old -- config 21.07.2008 07:55:31 (DIR) 0 byte 39 days old -- spool 21.07.2008 07:57:02 (DIR) 0 byte 39 days old -- en-us 21.07.2008 08:02:56 442770 byte 39 days old -- perfh007.dat 21.07.2008 08:02:56 427592 byte 39 days old -- perfh009.dat 21.07.2008 08:02:56 78360 byte 39 days old -- perfc007.dat 21.07.2008 08:02:56 1023164 byte 39 days old -- PerfStringBackup.INI 21.07.2008 08:02:56 66376 byte 39 days old -- perfc009.dat 21.07.2008 08:03:48 (DIR) 0 byte 39 days old -- de-de 21.07.2008 08:03:48 (DIR) 0 byte 39 days old -- XPSViewer 21.07.2008 08:04:00 (DIR) 0 byte 39 days old -- mui 05.08.2008 11:11:02 15888504 byte 24 days old -- MRT.exe 09.08.2008 21:23:51 1472664 byte 20 days old -- FNTCACHE.DAT 14.08.2008 03:03:14 736758 byte 15 days old -- TZLog.log 15.08.2008 00:48:34 (DIR) 0 byte 14 days old -- dllcache 17.08.2008 08:24:25 168 byte 12 days old -- DF01BB0E3B.sys 19.08.2008 00:07:28 (DIR) 0 byte 10 days old -- Adobe 21.08.2008 06:28:59 6944 byte 8 days old -- jupdate-1.6.0_07-b06.log 21.08.2008 06:42:33 (DIR) 0 byte 8 days old -- SolidStateNetworks 22.08.2008 05:37:42 (DIR) 0 byte 7 days old -- MAGIX 25.08.2008 18:15:04 6580 byte 4 days old -- KGyGaAvL.sys 25.08.2008 19:32:05 (DIR) 0 byte 4 days old -- Restore 25.08.2008 22:06:00 (DIR) 0 byte 4 days old -- sysproc64 29.08.2008 04:16:07 (DIR) 0 byte 0 days old -- drivers 29.08.2008 10:29:41 (DIR) 0 byte 0 days old -- CatRoot2 29.08.2008 12:47:38 2206 byte 0 days old -- wpa.dbl ----- recent files in C:\WINDOWS\system32\drivers\ 04.07.2008 23:20:45 4224 byte 56 days old -- a781.sys 17.07.2008 23:35:32 75072 byte 43 days old -- avipbb.sys 17.08.2008 15:01:14 17144 byte 12 days old -- mbam.sys 17.08.2008 15:01:18 38472 byte 12 days old -- mbamswissarmy.sys ----- recent files in C:\WINDOWS\temp\ ----- recent files in C:\Programme\ 04.07.2008 23:19:23 (DIR) 0 byte 56 days old -- euro gunz 7.1 19.07.2008 02:00:45 (DIR) 0 byte 41 days old -- ACASystems 19.07.2008 03:03:21 (DIR) 0 byte 41 days old -- ePSXe 19.07.2008 03:03:28 (DIR) 0 byte 41 days old -- Game Cam v1.4 21.07.2008 07:55:57 (DIR) 0 byte 39 days old -- Reference Assemblies 21.07.2008 08:01:57 (DIR) 0 byte 39 days old -- MSBuild 21.07.2008 08:05:51 (DIR) 0 byte 39 days old -- TechSmith 22.07.2008 03:01:39 (DIR) 0 byte 38 days old -- MSXML 6.0 27.07.2008 06:51:40 (DIR) 0 byte 33 days old -- DivX 27.07.2008 06:51:41 (DIR) 0 byte 33 days old -- Install Creator 27.07.2008 06:51:42 (DIR) 0 byte 33 days old -- LeagueWarZ 1.5 small Version 27.07.2008 06:51:47 (DIR) 0 byte 33 days old -- Windows Media Player 27.07.2008 06:51:48 (DIR) 0 byte 33 days old -- Xvid 27.07.2008 06:57:55 (DIR) 0 byte 33 days old -- AVS4YOU 14.08.2008 03:02:30 (DIR) 0 byte 15 days old -- Internet Explorer 14.08.2008 03:03:43 (DIR) 0 byte 15 days old -- Messenger 21.08.2008 01:30:23 (DIR) 0 byte 8 days old -- Ulead Systems 21.08.2008 06:28:59 (DIR) 0 byte 8 days old -- Java 21.08.2008 19:23:01 (DIR) 0 byte 8 days old -- CamStudio 22.08.2008 05:34:44 (DIR) 0 byte 7 days old -- OpenOffice.org 2.2 22.08.2008 05:36:49 (DIR) 0 byte 7 days old -- ICQToolbar 22.08.2008 05:37:01 (DIR) 0 byte 7 days old -- eMule 22.08.2008 18:22:46 (DIR) 0 byte 7 days old -- Adobe 25.08.2008 01:53:30 (DIR) 0 byte 4 days old -- euro gunz beta 6 25.08.2008 20:11:31 (DIR) 0 byte 4 days old -- Malwarebytes' Anti-Malware 26.08.2008 02:31:41 (DIR) 0 byte 3 days old -- Game Cam 26.08.2008 02:31:41 (DIR) 0 byte 3 days old -- InstallShield Installation Information 26.08.2008 02:31:48 (DIR) 0 byte 3 days old -- Game Cam V2 26.08.2008 02:34:32 (DIR) 0 byte 3 days old -- Corel 26.08.2008 02:37:28 (DIR) 0 byte 3 days old -- LimeWire 26.08.2008 02:42:25 (DIR) 0 byte 3 days old -- Patch Maker 26.08.2008 02:44:52 (DIR) 0 byte 3 days old -- SFT Loader 26.08.2008 11:27:03 (DIR) 0 byte 3 days old -- Trend Micro 29.08.2008 10:16:34 (DIR) 0 byte 0 days old -- Gemeinsame Dateien 29.08.2008 10:16:34 (DIR) 0 byte 0 days old -- Pinnacle 29.08.2008 18:40:33 (DIR) 0 byte 0 days old -- Mozilla Firefox 3 Beta 3 ----- recent files in C:\Programme\Gemeinsame Dateien\ 27.07.2008 06:39:02 (DIR) 0 byte 33 days old -- Wise Installation Wizard 27.07.2008 06:57:49 (DIR) 0 byte 33 days old -- AVSMedia 21.08.2008 01:32:05 (DIR) 0 byte 8 days old -- Ulead Systems 26.08.2008 02:32:19 (DIR) 0 byte 3 days old -- Adobe 29.08.2008 10:16:34 (DIR) 0 byte 0 days old -- Yahoo! ----- recent files in C:\Dokumente und Einstellungen\Dennis\Anwendungsdaten\ 27.07.2008 06:50:17 (DIR) 0 byte 33 days old -- AVS4YOU 19.08.2008 00:21:26 (DIR) 0 byte 10 days old -- Adobe 22.08.2008 05:33:35 (DIR) 0 byte 7 days old -- OpenOffice.org2 25.08.2008 20:10:04 (DIR) 0 byte 4 days old -- Malwarebytes 27.08.2008 00:31:22 (DIR) 0 byte 2 days old -- Microsoft ----- recent files in C:\DOKUME~1\Dennis\LOKALE~1\Temp\ 25.08.2008 23:06:46 28704 byte 4 days old -- etilqs_iCtgpaE28CeisiicySSO 26.08.2008 00:07:12 12304 byte 3 days old -- etilqs_rprVUh3BzqmwhkXZY4vM 26.08.2008 05:41:05 28700 byte 3 days old -- etilqs_ixnRe1m5J5NuhLBdRsIb 27.08.2008 00:11:40 (DIR) 0 byte 2 days old -- RarSFX0 27.08.2008 00:31:21 (DIR) 0 byte 2 days old -- VBE 27.08.2008 04:06:55 0 byte 2 days old -- zwn63.tmp 27.08.2008 04:15:21 0 byte 2 days old -- Twunk002.MTX 27.08.2008 10:38:23 49152 byte 2 days old -- ~DFD6EC.tmp 28.08.2008 00:37:43 (DIR) 0 byte 1 days old -- WPDNSE 28.08.2008 00:42:41 342 byte 1 days old -- jusched.log 28.08.2008 21:38:03 (DIR) 0 byte 1 days old -- MessengerCache 29.08.2008 06:36:08 156 byte 0 days old -- Twunk001.MTX 29.08.2008 06:36:08 2 byte 0 days old -- Twain001.Mtx 29.08.2008 06:36:09 693 byte 0 days old -- TWAIN.LOG 29.08.2008 06:36:25 59964 byte 0 days old -- Adobelm_Cleanup.0001 29.08.2008 08:34:45 2048000 byte 0 days old -- AcrCB76.tmp 29.08.2008 08:34:53 358 byte 0 days old -- AcrCB77.tmp 29.08.2008 09:58:12 0 byte 0 days old -- lmj1F9.tmp 29.08.2008 10:10:28 0 byte 0 days old -- is1FF.tmp 29.08.2008 10:14:10 0 byte 0 days old -- is20A.tmp 29.08.2008 12:31:56 0 byte 0 days old -- etilqs_AVzttPJXgrqJ0nfi8OQ2 29.08.2008 12:42:57 1416 byte 0 days old -- wmplog00.sqm 29.08.2008 13:15:57 1532 byte 0 days old -- wmplog01.sqm 29.08.2008 13:19:30 1428 byte 0 days old -- wmplog02.sqm 29.08.2008 20:55:26 0 byte 0 days old -- t98282.tmp 29.08.2008 21:14:38 (DIR) 0 byte 0 days old -- plugtmp 29.08.2008 21:25:41 58 byte 0 days old -- systemscan.ini 29.08.2008 21:25:47 (DIR) 0 byte 0 days old -- nsm2BC.tmp 29.08.2008 21:25:47 16384 byte 0 days old -- ~DF928B.tmp ===================== DUPLICATE FILES IN BAK FOLDERS ===================== No BAK folders found ===================== LIST OF ALL SERVICES & DRIVERS ===================== -----HKLM\system\currentcontrolset\services----- 000) "Abiosdsk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 001) "abp480n5" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 002) "ACPI" - Microsoft ACPI-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\ACPI.sys ---> TYPE = KERNEL_DRIVER 003) "ACPIEC" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 004) "adpu160m" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 005) "aec" - Microsoft Kernel-Echounterdrückung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\aec.sys ---> TYPE = KERNEL_DRIVER 006) "AegisP" - AEGIS Protocol (IEEE 802.1x) v3.4.3.0 ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\AegisP.sys ---> TYPE = KERNEL_DRIVER 007) "AFD" - Umgebung für die AFD-Netzwerkunterstützung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\afd.sys ---> TYPE = KERNEL_DRIVER 008) "agp440" - Intel AGP-Bus-Filter ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\agp440.sys ---> TYPE = KERNEL_DRIVER 009) "Aha154x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 010) "aic78u2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 011) "aic78xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 012) "AliIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 013) "amsint" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 014) "ANIO" - ANIO Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\ANIO.SYS ---> TYPE = KERNEL_DRIVER 015) "Arp1394" - 1394-ARP-Clientprotokoll ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\arp1394.sys ---> TYPE = KERNEL_DRIVER 016) "asc" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 017) "asc3350p" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 018) "asc3550" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 019) "AsyncMac" - Asynchroner RAS -Medientreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\asyncmac.sys ---> TYPE = KERNEL_DRIVER 020) "atapi" - Standard-IDE/ESDI-Festplattencontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\atapi.sys ---> TYPE = KERNEL_DRIVER 021) "Atdisk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 022) "ati2mtag" ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\ati2mtag.sys ---> TYPE = KERNEL_DRIVER 023) "Atmarpc" - Protokoll für ATM ARP-Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\atmarpc.sys ---> TYPE = KERNEL_DRIVER 024) "audstub" - Audiostubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\audstub.sys ---> TYPE = KERNEL_DRIVER 025) "avgio" - avgio ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys ---> TYPE = KERNEL_DRIVER 026) "avgntflt" - avgntflt ---> STAT = (RUNNING) Started manually ---> FILE = C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys ---> TYPE = FILE_SYSTEM_DRIVER 027) "avipbb" - avipbb ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\avipbb.sys ---> TYPE = KERNEL_DRIVER 028) "Beep" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 029) "catchme" ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\DOKUME~1\Dennis\LOKALE~1\Temp\catchme.sys ---> TYPE = KERNEL_DRIVER 030) "cbidf2k" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 031) "cd20xrnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 032) "Cdaudio" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 033) "Cdfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 034) "Cdrom" - CD-ROM-Laufwerktreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\cdrom.sys ---> TYPE = KERNEL_DRIVER 035) "Changer" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 036) "CmdIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 037) "cmuda" - C-Media WDM Audio Interface ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\cmuda.sys ---> TYPE = KERNEL_DRIVER 038) "Cpqarray" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 039) "dac2w2k" ---> STAT = (RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 040) "dac960nt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 041) "Disk" - Laufwerktreiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\disk.sys ---> TYPE = KERNEL_DRIVER 042) "dmboot" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmboot.sys ---> TYPE = KERNEL_DRIVER 043) "dmio" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmio.sys ---> TYPE = KERNEL_DRIVER 044) "dmload" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmload.sys ---> TYPE = KERNEL_DRIVER 045) "DMusic" - Microsoft Kernel-DLS-Synthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\DMusic.sys ---> TYPE = KERNEL_DRIVER 046) "dpti2o" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 047) "drmkaud" - Microsoft Kernel-DRM-Audioentschlüsselung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\drmkaud.sys ---> TYPE = KERNEL_DRIVER 048) "DT T-Sinus 130data(R)" - DT T-Sinus 130data(R) Service for T-Sinus 130data ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\dtusbxp.sys ---> TYPE = KERNEL_DRIVER 049) "EagleNT" - EagleNT ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\drivers\EagleNT.sys ---> TYPE = KERNEL_DRIVER 050) "Fastfat" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 051) "Fdc" - Diskettencontrollertreiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\fdc.sys ---> TYPE = KERNEL_DRIVER 052) "FETND5BV" - VIA Rhine-Family Fast Ethernet Adapter Driver Service ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\fetnd5bv.sys ---> TYPE = KERNEL_DRIVER 053) "Fips" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 054) "Flpydisk" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 055) "FltMgr" - FltMgr ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\drivers\fltmgr.sys ---> TYPE = FILE_SYSTEM_DRIVER 056) "Ftdisk" - Treiber für Volume-Manager ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\ftdisk.sys ---> TYPE = KERNEL_DRIVER 057) "Gpc" - Standardpaketklassifizierung ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\msgpc.sys ---> TYPE = KERNEL_DRIVER 058) "hidusb" - Microsoft HID Class-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\hidusb.sys ---> TYPE = KERNEL_DRIVER 059) "hpn" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 060) "HTTP" - HTTP ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\HTTP.sys ---> TYPE = KERNEL_DRIVER 061) "i2omgmt" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 062) "i2omp" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 063) "i8042prt" - i8042-Tastatur- und PS/2-Mausanschluss-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\i8042prt.sys ---> TYPE = KERNEL_DRIVER 064) "Imapi" - Filtertreiber für CD-Brennen ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\imapi.sys ---> TYPE = KERNEL_DRIVER 065) "InCDFs" - InCD File System ---> STAT = (NOT RUNNING) Disabled ---> FILE = system32\drivers\InCDFs.sys ---> TYPE = FILE_SYSTEM_DRIVER 066) "InCDPass" - InCDPass ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> FILE = system32\drivers\InCDPass.sys ---> TYPE = KERNEL_DRIVER 067) "InCDRm" - InCD Reader ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> FILE = system32\drivers\InCDRm.sys ---> TYPE = KERNEL_DRIVER 068) "ini910u" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 069) "IntelIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 070) "intelppm" - Intel-Prozessortreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\intelppm.sys ---> TYPE = KERNEL_DRIVER 071) "ip6fw" - IPv6-Windows-Firewalltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\ip6fw.sys ---> TYPE = KERNEL_DRIVER 072) "IpFilterDriver" - Filtertreiber für IP-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\ipfltdrv.sys ---> TYPE = KERNEL_DRIVER 073) "IpInIp" - IP/IP-Tunneltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\ipinip.sys ---> TYPE = KERNEL_DRIVER 074) "IpNat" - Übersetzer für IP-Netzwerkadressen ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\ipnat.sys ---> TYPE = KERNEL_DRIVER 075) "IPSec" - IPSEC-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\ipsec.sys ---> TYPE = KERNEL_DRIVER 076) "IRENUM" - IR-Enumeratordienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\irenum.sys ---> TYPE = KERNEL_DRIVER 077) "isapnp" - PnP-ISA/EISA-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\isapnp.sys ---> TYPE = KERNEL_DRIVER 078) "Kbdclass" - Tastaturklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\kbdclass.sys ---> TYPE = KERNEL_DRIVER 079) "kbdhid" - Tastatur-HID-Treiber ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdhid.sys ---> TYPE = KERNEL_DRIVER 080) "kmixer" - Microsoft Kernel-Waveaudiomixer ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\kmixer.sys ---> TYPE = KERNEL_DRIVER 081) "KSecDD" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 082) "lbrtfdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 083) "mnmdd" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 084) "Modem" ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 085) "Mouclass" - Mausklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\mouclass.sys ---> TYPE = KERNEL_DRIVER 086) "mouhid" - Maus-HID-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\mouhid.sys ---> TYPE = KERNEL_DRIVER 087) "MountMgr" - Bereitstellungspunkt-Manager ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 088) "mraid35x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 089) "MRxDAV" - Redirector für WebDav-Client ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\mrxdav.sys ---> TYPE = FILE_SYSTEM_DRIVER 090) "MRxSmb" - MRXSMB ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\mrxsmb.sys ---> TYPE = FILE_SYSTEM_DRIVER 091) "Msfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 092) "MSKSSRV" - Microsoft Streaming Service Proxy ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSKSSRV.sys ---> TYPE = KERNEL_DRIVER 093) "MSPCLOCK" - Microsoft Proxy für Streaming Clock ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPCLOCK.sys ---> TYPE = KERNEL_DRIVER 094) "MSPQM" - Microsoft Proxy für Streaming Quality Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPQM.sys ---> TYPE = KERNEL_DRIVER 095) "mssmbios" - Microsoft-Systemverwaltungs-BIOS-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\mssmbios.sys ---> TYPE = KERNEL_DRIVER 096) "ms_mpu401" - Microsoft MPU-401 MIDI UART-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\msmpu401.sys ---> TYPE = KERNEL_DRIVER 097) "Mup" - Mup ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = FILE_SYSTEM_DRIVER 098) "NDIS" - NDIS-Systemtreiber ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 099) "NdisTapi" - RAS-NDIS-TAPI-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\ndistapi.sys ---> TYPE = KERNEL_DRIVER 100) "Ndisuio" - NDIS-Benutzermodus-E/A-Protokoll ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\ndisuio.sys ---> TYPE = KERNEL_DRIVER 101) "NdisWan" - RAS-NDIS-WAN-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\ndiswan.sys ---> TYPE = KERNEL_DRIVER 102) "NDProxy" - multi:NDIS-Proxy\00\00 ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 103) "NetBIOS" - NetBIOS-Schnittstelle ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\netbios.sys ---> TYPE = FILE_SYSTEM_DRIVER 104) "NetBT" - NetBios über TCP/IP ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\netbt.sys ---> TYPE = KERNEL_DRIVER 105) "NIC1394" - 1394-Netzwerktreiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\nic1394.sys ---> TYPE = KERNEL_DRIVER 106) "Npfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 107) "Ntfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 108) "Null" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 109) "NwlnkFlt" - Filtertreiber für IPX-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\nwlnkflt.sys ---> TYPE = KERNEL_DRIVER 110) "NwlnkFwd" - Treiber für IPX-Verkehrsweiterleitung ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\nwlnkfwd.sys ---> TYPE = KERNEL_DRIVER 111) "ohci1394" - VIA OHCI-konformer IEEE 1394-Hostcontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\ohci1394.sys ---> TYPE = KERNEL_DRIVER 112) "Parport" - Treiber für parallelen Anschluss ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\parport.sys ---> TYPE = KERNEL_DRIVER 113) "PartMgr" - Partitions-Manager ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 114) "ParVdm" ---> STAT = (RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 115) "PCANDIS5" - PCANDIS5 Protocol Driver ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\PCANDIS5.SYS ---> TYPE = KERNEL_DRIVER 116) "PCI" - PCI-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\pci.sys ---> TYPE = KERNEL_DRIVER 117) "PCIDump" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 118) "PCIIde" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\pciide.sys ---> TYPE = KERNEL_DRIVER 119) "Pcmcia" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 120) "PDCOMP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 121) "PDFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 122) "PDRELI" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 123) "PDRFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 124) "perc2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 125) "perc2hib" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 126) "pfc" - Padus ASPI Shell ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\pfc.sys ---> TYPE = KERNEL_DRIVER 127) "PptpMiniport" - WAN-Miniport (PPTP) ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\raspptp.sys ---> TYPE = KERNEL_DRIVER 128) "Processor" - Prozessortreiber ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\processr.sys ---> TYPE = KERNEL_DRIVER 129) "PSched" - QoS-Paketplaner ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\psched.sys ---> TYPE = KERNEL_DRIVER 130) "Ptilink" - Treiber für direkte Parallelverbindung ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\ptilink.sys ---> TYPE = KERNEL_DRIVER 131) "PxHelp20" - PxHelp20 ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\PxHelp20.sys ---> TYPE = KERNEL_DRIVER 132) "ql1080" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 133) "Ql10wnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 134) "ql12160" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 135) "ql1240" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 136) "ql1280" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 137) "RasAcd" - Treiber für automatische RAS-Verbindung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\rasacd.sys ---> TYPE = KERNEL_DRIVER 138) "Rasl2tp" - WAN-Miniport (L2TP) ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\rasl2tp.sys ---> TYPE = KERNEL_DRIVER 139) "RasPppoe" - Remotezugriff-PPPOE-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\raspppoe.sys ---> TYPE = KERNEL_DRIVER 140) "Raspti" - Parallelanschluss (direkt) ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\raspti.sys ---> TYPE = KERNEL_DRIVER 141) "Rdbss" - Rdbss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\rdbss.sys ---> TYPE = FILE_SYSTEM_DRIVER 142) "RDPCDD" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\RDPCDD.sys ---> TYPE = KERNEL_DRIVER 143) "RDPWD" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 144) "redbook" - Filtertreiber für digitale CD-Audiowiedergabe ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\redbook.sys ---> TYPE = KERNEL_DRIVER 145) "ROOTMODEM" - Microsoft Legacy Modem Driver ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\RootMdm.sys ---> TYPE = KERNEL_DRIVER 146) "RT73" - RT73 USB Wireless LAN Card Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rt73.sys ---> TYPE = KERNEL_DRIVER 147) "Secdrv" - Secdrv ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\secdrv.sys ---> TYPE = KERNEL_DRIVER 148) "serenum" - Serenum-Filtertreiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\serenum.sys ---> TYPE = KERNEL_DRIVER 149) "Serial" - Treiber für seriellen Anschluss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\serial.sys ---> TYPE = KERNEL_DRIVER 150) "Sfloppy" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 151) "Simbad" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 152) "Sparrow" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 153) "splitter" - Microsoft Kernel-Audiosplitter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\splitter.sys ---> TYPE = KERNEL_DRIVER 154) "sr" - Filtertreiber für Systemwiederherstellung ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\DRIVERS\sr.sys ---> TYPE = FILE_SYSTEM_DRIVER 155) "Srv" - Srv ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\srv.sys ---> TYPE = FILE_SYSTEM_DRIVER 156) "ssmdrv" - ssmdrv ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ssmdrv.sys ---> TYPE = KERNEL_DRIVER 157) "swenum" - Software-Bus-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\swenum.sys ---> TYPE = KERNEL_DRIVER 158) "swmidi" - Microsoft Kernel GS Wavetablesynthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\swmidi.sys ---> TYPE = KERNEL_DRIVER 159) "symc810" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 160) "symc8xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 161) "sym_hi" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 162) "sym_u3" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 163) "sysaudio" - Microsoft Kernel-Systemaudiogerät ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sysaudio.sys ---> TYPE = KERNEL_DRIVER 164) "Tcpip" - TCP/IP-Protokolltreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\tcpip.sys ---> TYPE = KERNEL_DRIVER 165) "TDPIPE" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 166) "TDTCP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 167) "TermDD" - Terminal-Gerätetreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\termdd.sys ---> TYPE = KERNEL_DRIVER 168) "TosIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 169) "Udfs" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 170) "ultra" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 171) "Update" - Microcode Updatetreiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\update.sys ---> TYPE = KERNEL_DRIVER 172) "usbccgp" - Microsoft Standard-USB-Haupttreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = System32\DRIVERS\usbccgp.sys ---> TYPE = KERNEL_DRIVER 173) "usbehci" - Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\usbehci.sys ---> TYPE = KERNEL_DRIVER 174) "usbhub" - USB2-aktivierter Hub ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\usbhub.sys ---> TYPE = KERNEL_DRIVER 175) "usbstor" - USB-Massenspeichertreiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\USBSTOR.SYS ---> TYPE = KERNEL_DRIVER 176) "usbuhci" - Miniporttreiber für universellen Microsoft USB-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\usbuhci.sys ---> TYPE = KERNEL_DRIVER 177) "VgaSave" - VGA-Anzeigecontroller. ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\vga.sys ---> TYPE = KERNEL_DRIVER 178) "ViaIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 179) "VolSnap" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 180) "Wanarp" - RAS-IP-ARP-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = System32\DRIVERS\wanarp.sys ---> TYPE = KERNEL_DRIVER 181) "WDICA" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 182) "wdmaud" - Treiber für Microsoft WINMM-WDM-Audiokompatibilität ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\wdmaud.sys ---> TYPE = KERNEL_DRIVER 183) "WS2IFSL" - Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung ---> STAT = (NOT RUNNING) Disabled ---> FILE = \SystemRoot\System32\drivers\ws2ifsl.sys ---> TYPE = KERNEL_DRIVER 184) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\WudfPf.sys ---> TYPE = KERNEL_DRIVER 185) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\wudfrd.sys ---> TYPE = KERNEL_DRIVER 186) "XDva032" - XDva032 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\XDva032.sys ---> TYPE = KERNEL_DRIVER -----HKLM\system\currentcontrolset\services----- 000) "Adobe LM Service" - Adobe LM Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe\ ---> TYPE = OWN_SERVICE 001) "Alerter" - Warndienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 002) "ALG" - Gatewaydienst auf Anwendungsebene ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\alg.exe ---> TYPE = OWN_SERVICE 003) "ANIWZCSdService" - ANIWZCSd Service ---> STAT = (NOT RUNNING) Started automatically ---> FILE = C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe ---> TYPE = SHARE_SERVICE 004) "AntiVirScheduler" - Avira AntiVir Personal – Free Antivirus Planer ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe\ ---> TYPE = OWN_SERVICE 005) "AntiVirService" - Avira AntiVir Personal – Free Antivirus Guard ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe\ ---> TYPE = OWN_SERVICE 006) "AppMgmt" - Anwendungsverwaltung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 007) "aspnet_state" - ASP.NET State Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe ---> TYPE = OWN_SERVICE 008) "AudioSrv" - Windows Audio ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 009) "BITS" - Intelligenter Hintergrundübertragungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 010) "Browser" - Computerbrowser ---> STAT = (NOT RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 011) "Capture Device Service" - Capture Device Service ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe\ ---> TYPE = OWN_SERVICE 012) "CiSvc" - Indexdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\cisvc.exe ---> TYPE = SHARE_SERVICE 013) "ClipSrv" - Ablagemappe ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\clipsrv.exe ---> TYPE = OWN_SERVICE 014) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ---> TYPE = OWN_SERVICE 015) "COMSysApp" - COM+-Systemanwendung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ---> TYPE = OWN_SERVICE 016) "CryptSvc" - Kryptografiedienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 017) "DcomLaunch" - DCOM-Server-Prozessstart ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch ---> TYPE = SHARE_SERVICE 018) "Dhcp" - DHCP-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 019) "dmadmin" - Verwaltungsdienst für die Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\dmadmin.exe /com ---> TYPE = SHARE_SERVICE 020) "dmserver" - Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 021) "Dnscache" - DNS-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k NetworkService ---> TYPE = SHARE_SERVICE 022) "ERSvc" - Fehlerberichterstattungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 023) "Eventlog" - Ereignisprotokoll ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 024) "EventSystem" - COM+-Ereignissystem ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 025) "FastUserSwitchingCompatibility" - Kompatibilität für schnelle Benutzerumschaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 026) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0 ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ---> TYPE = OWN_SERVICE 027) "helpsvc" - Hilfe und Support ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 028) "HidServ" - HID Input Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 029) "HTTPFilter" - HTTP-SSL ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter ---> TYPE = SHARE_SERVICE 030) "IDriverT" - InstallDriver Table Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe\ ---> TYPE = OWN_SERVICE 031) "idsvc" - Windows CardSpace ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\ ---> TYPE = SHARE_SERVICE 032) "ImapiService" - IMAPI-CD-Brenn-COM-Dienste ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\imapi.exe ---> TYPE = OWN_SERVICE 033) "lanmanserver" - Server ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 034) "lanmanworkstation" - Arbeitsstationsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 035) "LmHosts" - TCP/IP-NetBIOS-Hilfsprogramm ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 036) "Messenger" - Nachrichtendienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 037) "mnmsrvc" - NetMeeting-Remotedesktop-Freigabe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\mnmsrvc.exe ---> TYPE = OWN_SERVICE 038) "MSDTC" - Distributed Transaction Coordinator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\msdtc.exe ---> TYPE = OWN_SERVICE 039) "MSIServer" - Windows Installer ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msiexec.exe /V ---> TYPE = SHARE_SERVICE 040) "NetDDE" - Netzwerk-DDE-Dienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 041) "NetDDEdsdm" - Netzwerk-DDE-Serverdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 042) "Netlogon" - Anmeldedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\lsass.exe ---> TYPE = SHARE_SERVICE 043) "Netman" - Netzwerkverbindungen ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 044) "NetTcpPortSharing" - Net.Tcp Port Sharing Service ---> STAT = (NOT RUNNING) Disabled ---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\ ---> TYPE = SHARE_SERVICE 045) "Nla" - NLA (Network Location Awareness) ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 046) "NtLmSsp" - NT-LM-Sicherheitsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\lsass.exe ---> TYPE = SHARE_SERVICE 047) "NtmsSvc" - Wechselmedien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 048) "PlugPlay" - Plug & Play ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 049) "PolicyAgent" - IPSEC-Dienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\lsass.exe ---> TYPE = SHARE_SERVICE 050) "ProtectedStorage" - Geschützter Speicher ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 051) "ProtexisLicensing" - ProtexisLicensing ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\PSIService.exe ---> TYPE = OWN_SERVICE 052) "RasAuto" - Verwaltung für automatische RAS-Verbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 053) "RasMan" - RAS-Verbindungsverwaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 054) "RDSessMgr" - Sitzungs-Manager für Remotedesktophilfe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\sessmgr.exe ---> TYPE = OWN_SERVICE 055) "RemoteAccess" - Routing und RAS ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 056) "RpcLocator" - RPC-Locator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\locator.exe ---> TYPE = OWN_SERVICE 057) "RpcSs" - Remoteprozeduraufruf (RPC) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k rpcss ---> TYPE = SHARE_SERVICE 058) "RSVP" - QoS-RSVP ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\rsvp.exe ---> TYPE = OWN_SERVICE 059) "SamSs" - Sicherheitskontenverwaltung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 060) "SCardSvr" - Smartcard ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\SCardSvr.exe ---> TYPE = SHARE_SERVICE 061) "Schedule" - Taskplaner ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 062) "seclogon" - Sekundäre Anmeldung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 063) "SENS" - Systemereignisbenachrichtigung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 064) "SharedAccess" - Windows-Firewall/Gemeinsame Nutzung der Internetverbindung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 065) "ShellHWDetection" - Shellhardwareerkennung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 066) "Spooler" - Druckwarteschlange ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\spoolsv.exe ---> TYPE = OWN_SERVICE 067) "srservice" - Systemwiederherstellungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 068) "SSDPSRV" - SSDP-Suchdienst ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 069) "stisvc" - Windows-Bilderfassung (WIA) ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k imgsvc ---> TYPE = SHARE_SERVICE 070) "SwPrv" - MS Software Shadow Copy Provider ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\dllhost.exe /Processid:{745394DD-9D4E-4828-8252-606D663BA787} ---> TYPE = OWN_SERVICE 071) "SysmonLog" - Leistungsdatenprotokolle und Warnungen ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\smlogsvc.exe ---> TYPE = OWN_SERVICE 072) "TapiSrv" - Telefonie ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 073) "TermService" - Terminaldienste ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch ---> TYPE = SHARE_SERVICE 074) "Themes" - Designs ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 075) "TrkWks" - Überwachung verteilter Verknüpfungen (Client) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 076) "UleadBurningHelper" - Ulead Burning Helper ---> STAT = (RUNNING) Started automatically ---> FILE = C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe ---> TYPE = OWN_SERVICE 077) "upnphost" - Universeller Plug & Play-Gerätehost ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 078) "UPS" - Unterbrechungsfreie Stromversorgung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\ups.exe ---> TYPE = OWN_SERVICE 079) "usnjsvc" - Messenger USN Journal Reader-Service für freigegebene Ordner ---> STAT = (RUNNING) Started manually ---> FILE = \C:\Programme\MSN Messenger\usnsvc.exe\ ---> TYPE = OWN_SERVICE 080) "usprserv" - User Privilege Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = OWN_SERVICE 081) "VSS" - Volumeschattenkopie ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\vssvc.exe ---> TYPE = OWN_SERVICE 082) "W32Time" - Windows-Zeitgeber ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 083) "WebClient" - Webclient ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 084) "winmgmt" - Windows-Verwaltungsinstrumentation ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 085) "Winsock" ---> STAT = (RUNNING) Started manually ---> TYPE = ADAPTER 086) "WmdmPmSN" - Dienst für Seriennummern der tragbaren Medien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 087) "WmiApSrv" - WMI-Leistungsadapter ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\wbem\wmiapsrv.exe ---> TYPE = OWN_SERVICE 088) "WMPNetworkSvc" - Windows Media Player-Netzwerkfreigabedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Windows Media Player\WMPNetwk.exe\ ---> TYPE = OWN_SERVICE 089) "wscsvc" - Sicherheitscenter ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 090) "wuauserv" - Automatische Updates ---> STAT = (RUNNING) Started automatically ---> FILE = %systemRoot%\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 091) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ---> TYPE = SHARE_SERVICE 092) "WZCSVC" - Konfigurationsfreie drahtlose Verbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 093) "xmlprov" - Netzwerkversorgungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE ===================== MASTER BOOT RECORD ===================== device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK ===================== HOSTS FILE ===================== 127.0.0.1 localhost 127.0.0.1 microsoft.com ===================== SUSPICIOUS FILES ===================== EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\ ========================================== Scan completed in 4,4 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work