SystemScan - www.suspectfile.com - ver. 3.6.2 (code: holifay & bReAkdOWn) Running on: Windows XP PROFESSIONAL Edition, Service Pack 2 (2600.5.1) System directory: C:\WINDOWS SystemScan file: C:\Dokumente und Einstellungen\Joe\Desktop\sys76501.exe Running in: User mode Date: 2009-02-10 Time: 16:55:17 Output limited to: -Recent files -Registry Run Keys -Scheduled jobs -Services and Drivers (all) -Svchost.exe instances -Loaded Dlls -Master Boot Record -Suspicious Files -Installed Applications -Include HIJACKTHIS.log ===================== RECENT FILES ===================== Listing files newer than 60 days ---- recent files in C:\ 09/08/2007 17:19:58 -- 10/02/2009 15:37:38 (DIR) ---- 0 days old -- C:\WINDOWS 09/02/2009 16:25:39 -- 10/02/2009 14:58:39 (DIR) HS-- 0 days old -- C:\RECYCLER 09/08/2007 16:26:01 -- 09/02/2009 17:37:07 (DIR) HS-- 0 days old -- C:\System Volume Information 09/02/2009 17:27:11 -- 09/02/2009 17:27:17 (DIR) ---- 0 days old -- C:\CFix 09/08/2007 16:28:40 -- 09/02/2009 01:07:36 (DIR) --R- 1 days old -- C:\Programme 03/02/2009 14:31:29 -- 03/02/2009 14:31:29 (DIR) ---A 7 days old -- C:\autorun.inf 10/02/2009 16:23:52 -- 10/02/2009 16:23:52 14181 ---A 0 days old -- C:\files.txt 09/08/2007 17:19:58 -- 10/02/2009 15:59:182145386496 HS-A 0 days old -- C:\pagefile.sys 09/08/2007 17:25:08 -- 10/02/2009 15:58:18 211 HS-- 0 days old -- C:\boot.ini 09/02/2009 16:03:56 -- 09/02/2009 16:03:56 21469 ---A 1 days old -- C:\ComboFix.txt 03/02/2009 14:32:35 -- 03/02/2009 14:41:45 2315 ---A 7 days old -- C:\rapport.txt 18/08/2007 22:48:33 -- 01/02/2009 19:00:42 44988 ---A 8 days old -- C:\moduleName.txt 29/01/2009 18:29:11 -- 29/01/2009 18:29:11 164 -S-A 11 days old -- C:\158508124794.kwm 04/12/2008 18:41:44 -- 16/12/2008 20:38:56 0 ---A 55 days old -- C:\MMiPodExcept.log 04/12/2008 18:41:44 -- 16/12/2008 20:38:56 0 ---A 55 days old -- C:\MMWMDMExcept.log ---- recent files in C:\DOKUME~1\Joe\LOKALE~1\Temp\ 10/02/2009 16:53:30 -- 10/02/2009 16:53:30 (DIR) ---- 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\nsz55.tmp 10/02/2009 15:59:42 -- 10/02/2009 15:59:42 (DIR) ---- 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\WPDNSE 09/02/2009 17:32:22 -- 09/02/2009 17:32:22 (DIR) ---- 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\KAV Updater update files 10/02/2009 16:53:30 -- 10/02/2009 16:53:30 16384 ---A 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\~DFC7A6.tmp 10/02/2009 16:53:30 -- 10/02/2009 16:53:30 55 ---A 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\systemscan.ini 10/02/2009 16:39:34 -- 10/02/2009 16:39:34 273 ---A 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\libFNP_events.log 10/02/2009 16:04:40 -- 10/02/2009 16:04:41 243 ---A 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\jusched.log 10/02/2009 16:00:11 -- 15/01/2009 16:17:34 158960 ---A 0 days old -- C:\DOKUME~1\Joe\LOKALE~1\Temp\SSUPDATE.EXE ---- recent files in C:\WINDOWS\ 09/02/2009 16:03:57 -- 10/02/2009 16:38:06 (DIR) ---- 0 days old -- C:\WINDOWS\temp 09/08/2007 17:19:58 -- 10/02/2009 16:03:55 (DIR) ---- 0 days old -- C:\WINDOWS\system32 10/02/2009 15:37:38 -- 10/02/2009 15:37:39 (DIR) ---- 0 days old -- C:\WINDOWS\ERUNT 09/08/2007 17:19:58 -- 09/02/2009 17:32:21 (DIR) -S-- 0 days old -- C:\WINDOWS\Downloaded Program Files 09/08/2007 17:19:58 -- 09/02/2009 17:32:20 (DIR) H--- 0 days old -- C:\WINDOWS\inf 01/02/2009 15:38:40 -- 09/02/2009 17:27:15 (DIR) ---- 0 days old -- C:\WINDOWS\ERDNT 09/08/2007 17:19:58 -- 09/02/2009 16:01:07 (DIR) ---- 1 days old -- C:\WINDOWS\AppPatch 09/08/2007 15:33:54 -- 09/02/2009 13:38:01 (DIR) ---- 1 days old -- C:\WINDOWS\Registration 09/08/2007 15:42:37 -- 09/02/2009 12:37:32 (DIR) ---- 1 days old -- C:\WINDOWS\Prefetch 09/08/2007 17:19:58 -- 09/02/2009 01:07:36 (DIR) ---- 1 days old -- C:\WINDOWS\Help 29/01/2009 17:39:30 -- 04/02/2009 20:36:46 (DIR) ---- 5 days old -- C:\WINDOWS\Minidump 09/08/2007 17:19:58 -- 04/02/2009 20:36:46 (DIR) ---- 5 days old -- C:\WINDOWS\Debug 09/08/2007 16:28:45 -- 03/02/2009 15:38:45 (DIR) HS-- 7 days old -- C:\WINDOWS\Installer 09/08/2007 17:19:58 -- 02/02/2009 08:47:09 (DIR) ---- 8 days old -- C:\WINDOWS\SoftwareDistribution 09/08/2007 17:19:58 -- 01/02/2009 15:45:24 (DIR) ---- 9 days old -- C:\WINDOWS\ime 09/08/2007 15:35:01 -- 29/01/2009 17:09:21 (DIR) -S-- 11 days old -- C:\WINDOWS\Tasks 09/08/2007 17:19:58 -- 23/01/2009 09:10:41 (DIR) ---- 18 days old -- C:\WINDOWS\WinSxS 09/08/2007 17:19:58 -- 23/01/2009 00:52:54 (DIR) ---- 18 days old -- C:\WINDOWS\security 09/08/2007 15:38:22 -- 27/12/2008 16:38:19 (DIR) -SR- 45 days old -- C:\WINDOWS\assembly 27/12/2008 16:37:57 -- 27/12/2008 16:37:57 (DIR) ---- 45 days old -- C:\WINDOWS\Logs 04/02/2009 20:43:02 -- 10/02/2009 16:00:04 16532 ---A 0 days old -- C:\WINDOWS\FSSTM.LOG 04/02/2009 20:43:04 -- 10/02/2009 15:59:56 0 ---A 0 days old -- C:\WINDOWS\0.log 09/08/2007 15:36:01 -- 10/02/2009 15:59:55 1073850 ---A 0 days old -- C:\WINDOWS\WindowsUpdate.log 09/08/2007 16:31:38 -- 10/02/2009 15:59:54 159 ---A 0 days old -- C:\WINDOWS\wiadebug.log 09/08/2007 16:31:38 -- 10/02/2009 15:59:53 50 ---A 0 days old -- C:\WINDOWS\wiaservc.log 09/08/2007 15:40:57 -- 10/02/2009 15:59:34 2048 -S-A 0 days old -- C:\WINDOWS\bootstat.dat 18/08/2001 12:00:00 -- 10/02/2009 15:58:18 227 ---A 0 days old -- C:\WINDOWS\system.ini 18/08/2001 12:00:00 -- 10/02/2009 15:58:18 507 ---A 0 days old -- C:\WINDOWS\win.ini 09/08/2007 15:42:37 -- 10/02/2009 15:29:36 32346 ---A 0 days old -- C:\WINDOWS\SchedLgU.Txt 09/02/2009 15:50:11 -- 10/02/2009 14:58:48 389292 ---A 0 days old -- C:\WINDOWS\ntbtlog.txt 09/02/2009 17:32:20 -- 09/02/2009 17:32:21 3628 ---A 0 days old -- C:\WINDOWS\setupapi.log 05/02/2009 21:18:48 -- 09/02/2009 11:30:42 240 ---A 1 days old -- C:\WINDOWS\setupact.log 09/02/2009 01:06:26 -- 09/02/2009 01:07:50 66 ---A 1 days old -- C:\WINDOWS\err.txt 09/02/2009 01:07:35 -- 09/02/2009 01:07:44 1287 ---A 1 days old -- C:\WINDOWS\wmsetup.log 20/10/2007 20:35:37 -- 08/02/2009 13:42:42 4 ---A 2 days old -- C:\WINDOWS\Twain001.Mtx 20/10/2007 20:35:37 -- 08/02/2009 13:42:42 156 ---A 2 days old -- C:\WINDOWS\Twunk001.MTX 08/02/2009 13:42:38 -- 08/02/2009 13:42:42 217 ---A 2 days old -- C:\WINDOWS\TWAIN.LOG 05/02/2009 21:18:48 -- 05/02/2009 21:18:48 0 ---A 4 days old -- C:\WINDOWS\setuperr.log 14/08/2007 11:23:10 -- 26/01/2009 22:48:59 69 ---A 14 days old -- C:\WINDOWS\NeroDigital.ini 26/01/2009 00:02:25 -- 26/01/2009 09:38:29 249856 ---- 15 days old -- C:\WINDOWS\Setup1.exe 26/01/2009 00:02:25 -- 26/01/2009 09:38:29 73216 ---A 15 days old -- C:\WINDOWS\ST6UNST.EXE 01/12/2007 21:34:39 -- 17/01/2009 22:27:44 754 ---A 23 days old -- C:\WINDOWS\WORDPAD.INI 01/12/2007 21:31:03 -- 28/12/2008 17:01:33 4173 ---A 43 days old -- C:\WINDOWS\seRapid.INI ---- recent files in C:\WINDOWS\system\ ---- recent files in C:\WINDOWS\system32\ 09/08/2007 16:26:36 -- 10/02/2009 16:00:05 (DIR) ---- 0 days old -- C:\WINDOWS\system32\CatRoot2 09/08/2007 15:36:51 -- 10/02/2009 15:40:24 (DIR) ---- 0 days old -- C:\WINDOWS\system32\dllcache 09/08/2007 15:34:35 -- 09/02/2009 17:37:07 (DIR) ---- 0 days old -- C:\WINDOWS\system32\Restore 09/02/2009 17:32:20 -- 09/02/2009 17:32:20 (DIR) ---- 0 days old -- C:\WINDOWS\system32\Kaspersky Lab 09/08/2007 17:19:58 -- 09/02/2009 16:01:08 (DIR) ---- 1 days old -- C:\WINDOWS\system32\drivers 09/08/2007 17:19:58 -- 09/02/2009 13:38:22 (DIR) ---- 1 days old -- C:\WINDOWS\system32\config 09/08/2007 17:19:58 -- 09/02/2009 13:38:01 (DIR) ---- 1 days old -- C:\WINDOWS\system32\wbem 09/08/2007 16:26:36 -- 03/02/2009 14:22:39 (DIR) ---- 7 days old -- C:\WINDOWS\system32\CatRoot 16/11/2007 11:08:10 -- 03/02/2009 10:38:01 (DIR) ---- 7 days old -- C:\WINDOWS\system32\oodag 01/02/2009 15:45:23 -- 01/02/2009 15:45:23 (DIR) ---- 9 days old -- C:\WINDOWS\system32\xircom 09/08/2007 16:12:20 -- 23/01/2009 00:25:34 (DIR) ---- 18 days old -- C:\WINDOWS\system32\ReinstallBackups 20/10/2007 15:39:59 -- 22/01/2009 19:35:43 (DIR) ---- 18 days old -- C:\WINDOWS\system32\NtmsData 09/08/2007 15:35:42 -- 27/12/2008 16:38:28 (DIR) ---- 45 days old -- C:\WINDOWS\system32\DirectX 18/08/2001 12:00:00 -- 10/02/2009 16:03:55 68476 ---A 0 days old -- C:\WINDOWS\system32\perfc009.dat 18/08/2001 12:00:00 -- 10/02/2009 16:03:55 447650 ---A 0 days old -- C:\WINDOWS\system32\perfh007.dat 18/08/2001 12:00:00 -- 10/02/2009 16:03:55 80460 ---A 0 days old -- C:\WINDOWS\system32\perfc007.dat 18/08/2001 12:00:00 -- 10/02/2009 16:03:55 432742 ---A 0 days old -- C:\WINDOWS\system32\perfh009.dat 09/08/2007 16:28:45 -- 10/02/2009 16:03:55 1043814 ---A 0 days old -- C:\WINDOWS\system32\PerfStringBackup.INI 16/11/2007 17:34:49 -- 10/02/2009 15:59:18 1013938 ---A 0 days old -- C:\WINDOWS\system32\oodbs.lor 09/02/2009 17:27:11 -- 09/02/2009 17:27:06 401920 ---A 0 days old -- C:\WINDOWS\system32\CF1862.exe 09/02/2009 01:07:49 -- 02/09/1998 09:28:18 38160 ---A 1 days old -- C:\WINDOWS\system32\LMRTREND.dll 09/02/2009 01:07:47 -- 20/08/1998 12:02:06 140800 ---A 1 days old -- C:\WINDOWS\system32\tm20dec.ax 09/02/2009 01:07:45 -- 27/08/1998 05:51:44 182032 ---A 1 days old -- C:\WINDOWS\system32\dxtmsft3.dll 09/08/2007 15:36:56 -- 09/02/2009 01:07:39 23392 ---A 1 days old -- C:\WINDOWS\system32\nscompat.tlb 09/08/2007 15:36:56 -- 09/02/2009 01:07:39 16832 ---A 1 days old -- C:\WINDOWS\system32\amcompat.tlb 09/02/2009 01:07:36 -- 02/09/1998 09:28:48 63488 ---A 1 days old -- C:\WINDOWS\system32\unam4ie.exe 09/02/2009 01:07:32 -- 17/08/1998 10:21:56 10240 ---A 1 days old -- C:\WINDOWS\system32\vidx16.dll 09/02/2009 01:07:32 -- 17/08/1998 10:21:54 11776 ---A 1 days old -- C:\WINDOWS\system32\mciqtz.drv 09/02/2009 01:07:32 -- 17/08/1998 10:21:56 5672 ---A 1 days old -- C:\WINDOWS\system32\quartz.vxd 09/02/2009 01:07:31 -- 02/09/1998 09:02:02 194320 ---A 1 days old -- C:\WINDOWS\system32\qcut.dll 13/08/2007 15:53:25 -- 08/02/2009 14:09:03 2828 HS-A 2 days old -- C:\WINDOWS\system32\KGyGaAvL.sys 03/02/2009 14:32:39 -- 03/02/2009 14:40:49 0 ---A 7 days old -- C:\WINDOWS\system32\tmp.txt 18/08/2001 12:00:00 -- 31/01/2009 20:45:43 2228 ---A 9 days old -- C:\WINDOWS\system32\wpa.dbl 26/01/2009 08:35:37 -- 26/01/2009 08:35:37 603904 ---A 15 days old -- C:\WINDOWS\system32\TUProgSt.exe 26/01/2009 08:35:36 -- 26/01/2009 08:35:36 360192 ---A 15 days old -- C:\WINDOWS\system32\TuneUpDefragService.exe 26/01/2009 08:35:36 -- 11/12/2008 13:31:36 27904 ---A 15 days old -- C:\WINDOWS\system32\uxtuneup.dll 22/01/2009 22:19:37 -- 08/10/2006 20:51:14 14640 ---A 18 days old -- C:\WINDOWS\system32\spmsg.dll 27/12/2008 16:38:28 -- 30/05/2008 14:18:52 238088 ---A 45 days old -- C:\WINDOWS\system32\xactengine3_1.dll 27/12/2008 16:38:28 -- 30/05/2008 14:17:30 65032 ---A 45 days old -- C:\WINDOWS\system32\XAPOFX1_0.dll 27/12/2008 16:38:28 -- 30/05/2008 14:17:00 25608 ---A 45 days old -- C:\WINDOWS\system32\X3DAudio1_4.dll 27/12/2008 16:38:28 -- 30/05/2008 14:11:46 3850760 ---A 45 days old -- C:\WINDOWS\system32\D3DX9_38.dll 27/12/2008 16:38:28 -- 30/05/2008 14:11:46 1491992 ---A 45 days old -- C:\WINDOWS\system32\D3DCompiler_38.dll 27/12/2008 16:38:28 -- 30/05/2008 14:19:18 507400 ---A 45 days old -- C:\WINDOWS\system32\XAudio2_1.dll 27/12/2008 16:38:28 -- 30/05/2008 14:11:46 467984 ---A 45 days old -- C:\WINDOWS\system32\d3dx10_38.dll 27/12/2008 16:38:27 -- 22/10/2007 03:39:54 267272 ---A 45 days old -- C:\WINDOWS\system32\xactengine2_10.dll 27/12/2008 16:38:27 -- 05/03/2008 16:03:20 238088 ---A 45 days old -- C:\WINDOWS\system32\xactengine3_0.dll 27/12/2008 16:38:27 -- 05/03/2008 16:00:06 25608 ---A 45 days old -- C:\WINDOWS\system32\X3DAudio1_3.dll 27/12/2008 16:38:27 -- 05/03/2008 16:03:54 479752 ---A 45 days old -- C:\WINDOWS\system32\XAudio2_0.dll 27/12/2008 16:38:27 -- 05/03/2008 15:56:58 3786760 ---A 45 days old -- C:\WINDOWS\system32\D3DX9_37.dll 27/12/2008 16:38:27 -- 05/03/2008 15:56:58 1420824 ---A 45 days old -- C:\WINDOWS\system32\D3DCompiler_37.dll 27/12/2008 16:38:27 -- 05/02/2008 23:07:36 462864 ---A 45 days old -- C:\WINDOWS\system32\d3dx10_37.dll 27/12/2008 16:38:26 -- 12/10/2007 15:14:00 1374232 ---A 45 days old -- C:\WINDOWS\system32\D3DCompiler_36.dll 27/12/2008 16:38:26 -- 02/10/2007 09:56:34 444776 ---A 45 days old -- C:\WINDOWS\system32\d3dx10_36.dll 27/12/2008 16:38:26 -- 12/10/2007 15:14:00 3734536 ---A 45 days old -- C:\WINDOWS\system32\d3dx9_36.dll 27/12/2008 16:38:26 -- 20/07/2007 00:57:12 267112 ---A 45 days old -- C:\WINDOWS\system32\xactengine2_9.dll 27/12/2008 16:38:25 -- 19/07/2007 18:14:42 1358192 ---A 45 days old -- C:\WINDOWS\system32\D3DCompiler_35.dll 27/12/2008 16:38:25 -- 19/07/2007 18:14:42 444776 ---A 45 days old -- C:\WINDOWS\system32\d3dx10_35.dll 27/12/2008 16:38:25 -- 19/07/2007 18:14:42 3727720 ---A 45 days old -- C:\WINDOWS\system32\d3dx9_35.dll 23/12/2008 10:24:20 -- 23/12/2008 10:24:20 665088 ---A 49 days old -- C:\WINDOWS\system32\spsplib1.dll ---- recent files in C:\WINDOWS\system32\drivers\ 09/08/2007 17:19:58 -- 10/02/2009 15:41:02 (DIR) ---- 0 days old -- C:\WINDOWS\system32\drivers\etc 09/08/2007 17:19:58 -- 22/01/2009 13:45:53 (DIR) ---- 19 days old -- C:\WINDOWS\system32\drivers\UMDF 04/02/2009 18:29:09 -- 04/02/2009 18:28:54 102664 ---A 5 days old -- C:\WINDOWS\system32\drivers\tmcomm.sys 03/02/2009 10:43:17 -- 19/06/2008 16:24:30 28544 ---A 7 days old -- C:\WINDOWS\system32\drivers\pavboot.sys 03/02/2009 10:35:18 -- 03/02/2009 10:35:18 33408 ---A 7 days old -- C:\WINDOWS\system32\drivers\fsbts.sys 03/02/2009 10:19:26 -- 14/10/2008 14:01:36 79904 ---A 7 days old -- C:\WINDOWS\system32\drivers\fsdfw.sys 29/01/2009 16:38:33 -- 14/01/2009 16:11:28 15504 ---A 12 days old -- C:\WINDOWS\system32\drivers\mbam.sys 29/01/2009 16:38:31 -- 14/01/2009 16:11:32 38496 ---A 12 days old -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys ---- recent files in C:\WINDOWS\temp\ 09/02/2009 20:06:54 -- 10/02/2009 16:00:12 (DIR) ---- 0 days old -- C:\WINDOWS\temp\fsaua.tmp 10/02/2009 16:39:34 -- 10/02/2009 16:39:34 318 ---A 0 days old -- C:\WINDOWS\temp\libFNP_events.log 10/02/2009 16:00:15 -- 10/02/2009 16:00:15 1031488 ---A 0 days old -- C:\WINDOWS\temp\nvcbin.def.76167175.TMP 10/02/2009 15:59:54 -- 10/02/2009 15:59:54 16384 ---A 0 days old -- C:\WINDOWS\temp\Perflib_Perfdata_b5c.dat ---- recent files in C:\Programme\ 09/08/2007 15:50:32 -- 10/02/2009 16:28:55 (DIR) ---- 0 days old -- C:\Programme\Mozilla Firefox 21/01/2009 22:33:17 -- 10/02/2009 16:28:27 (DIR) ---- 0 days old -- C:\Programme\Spamihilator 05/11/2008 13:28:56 -- 10/02/2009 16:28:24 (DIR) ---- 0 days old -- C:\Programme\Mozilla Thunderbird 03/02/2009 10:18:56 -- 10/02/2009 16:00:35 (DIR) ---- 0 days old -- C:\Programme\F-Secure Internet Security 09/08/2007 16:26:54 -- 09/02/2009 17:21:23 (DIR) ---- 0 days old -- C:\Programme\Gamers.IRC 05/01/2009 10:49:32 -- 09/02/2009 16:42:10 (DIR) ---- 1 days old -- C:\Programme\HijackThis 09/08/2007 16:28:40 -- 09/02/2009 16:01:08 (DIR) ---- 1 days old -- C:\Programme\Gemeinsame Dateien 09/02/2009 01:07:06 -- 09/02/2009 11:40:30 (DIR) ---- 1 days old -- C:\Programme\TELL ME MORE NV 10/09/2007 12:50:37 -- 09/02/2009 11:40:17 (DIR) ---- 1 days old -- C:\Programme\The Rosetta Stone 22/01/2009 22:32:34 -- 09/02/2009 01:07:36 (DIR) ---- 1 days old -- C:\Programme\Windows Media Player 04/02/2009 20:34:22 -- 04/02/2009 20:34:23 (DIR) ---- 5 days old -- C:\Programme\CCleaner 03/02/2009 16:00:51 -- 03/02/2009 17:20:16 (DIR) ---- 6 days old -- C:\Programme\EsetOnlineScanner 03/02/2009 15:38:41 -- 03/02/2009 15:38:43 (DIR) ---- 7 days old -- C:\Programme\SUPERAntiSpyware 03/02/2009 10:42:55 -- 03/02/2009 10:42:55 (DIR) ---- 7 days old -- C:\Programme\Panda Security 01/02/2009 15:45:24 -- 01/02/2009 15:45:24 (DIR) ---- 9 days old -- C:\Programme\xerox 01/02/2009 15:45:23 -- 01/02/2009 15:45:23 (DIR) ---- 9 days old -- C:\Programme\microsoft frontpage 29/01/2009 16:38:30 -- 29/01/2009 16:38:34 (DIR) ---- 12 days old -- C:\Programme\Malwarebytes' Anti-Malware 18/01/2009 15:24:13 -- 28/01/2009 20:34:51 (DIR) ---- 12 days old -- C:\Programme\NewsBin 26/01/2009 08:35:21 -- 26/01/2009 08:35:57 (DIR) ---- 15 days old -- C:\Programme\TuneUp Utilities 2009 25/01/2009 23:23:42 -- 25/01/2009 23:23:44 (DIR) ---- 15 days old -- C:\Programme\JägerprüfungNI 22/01/2009 14:50:10 -- 22/01/2009 22:32:42 (DIR) ---- 18 days old -- C:\Programme\Creative Installation Information 09/08/2007 16:03:47 -- 22/01/2009 14:50:30 (DIR) H--- 19 days old -- C:\Programme\InstallShield Installation Information 17/11/2008 12:37:25 -- 17/01/2009 22:05:56 (DIR) ---- 23 days old -- C:\Programme\JetAudio 21/08/2007 16:21:41 -- 03/01/2009 20:42:12 (DIR) ---- 37 days old -- C:\Programme\Spybot - Search & Destroy 03/01/2009 12:32:56 -- 03/01/2009 12:32:56 (DIR) ---- 38 days old -- C:\Programme\ElsterFormular 09/08/2007 15:54:37 -- 02/01/2009 21:51:30 (DIR) ---- 38 days old -- C:\Programme\Steam 29/12/2008 13:38:18 -- 29/12/2008 13:38:33 (DIR) ---- 43 days old -- C:\Programme\QuickTime 29/12/2008 13:35:36 -- 29/12/2008 13:35:36 (DIR) ---- 43 days old -- C:\Programme\Apple Software Update 27/12/2008 16:31:25 -- 28/12/2008 01:06:55 (DIR) ---- 44 days old -- C:\Programme\Call of Duty - World at War 17/12/2008 10:22:09 -- 17/12/2008 10:22:10 (DIR) ---- 55 days old -- C:\Programme\Tipp10 27/08/2007 12:44:52 -- 16/12/2008 20:39:59 (DIR) ---- 55 days old -- C:\Programme\MediaMonkey 05/02/2008 09:37:43 -- 14/12/2008 21:11:59 (DIR) ---- 57 days old -- C:\Programme\QIP ---- recent files in C:\Programme\Gemeinsame Dateien\ 09/08/2007 15:49:40 -- 03/02/2009 15:38:30 (DIR) ---- 7 days old -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard 29/12/2008 13:38:20 -- 29/12/2008 13:38:20 (DIR) ---- 43 days old -- C:\Programme\Gemeinsame Dateien\Apple ---- recent files in C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\ 22/08/2007 14:39:15 -- 05/02/2009 23:07:27 (DIR) ---- 4 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Adobe 03/02/2009 11:35:03 -- 04/02/2009 20:47:27 (DIR) ---- 5 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\F-Secure 03/02/2009 15:38:41 -- 03/02/2009 15:38:41 (DIR) ---- 7 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\SUPERAntiSpyware.com 18/01/2009 15:24:13 -- 03/02/2009 10:20:32 (DIR) ---- 7 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Newsbin 09/08/2007 15:43:05 -- 01/02/2009 18:58:04 (DIR) -S-- 8 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Microsoft 29/01/2009 18:28:41 -- 29/01/2009 21:07:02 (DIR) ---- 11 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\WebMoney 29/01/2009 16:38:34 -- 29/01/2009 16:38:34 (DIR) ---- 12 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Malwarebytes 25/01/2009 23:49:43 -- 25/01/2009 23:49:43 (DIR) ---- 15 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Mael 22/01/2009 14:52:42 -- 22/01/2009 15:05:31 (DIR) ---- 19 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Creative 03/02/2008 16:33:04 -- 03/01/2009 21:05:47 (DIR) ---- 37 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Skype 03/02/2008 16:37:05 -- 03/01/2009 21:05:12 (DIR) ---- 37 days old -- C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\skypePM ---- recent files in C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\ 04/12/2008 18:41:32 -- 08/02/2009 16:20:15 (DIR) ---- 2 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\MediaMonkey 17/01/2009 19:41:49 -- 28/01/2009 20:34:37 (DIR) ---- 12 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\NewsBin 29/12/2008 14:32:35 -- 29/12/2008 14:38:31 (DIR) ---- 43 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\Deployment 29/12/2008 14:36:21 -- 29/12/2008 14:36:28 (DIR) ---- 43 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\RapidShare 27/12/2008 16:38:37 -- 27/12/2008 16:38:37 (DIR) ---- 45 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\Activision 10/08/2007 17:06:50 -- 09/02/2009 16:26:36 115712 ---A 1 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 02/04/2008 00:46:52 -- 09/02/2009 13:37:43 3709458 H--A 1 days old -- C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\IconCache.db ===================== REGISTRY SCAN ===================== -----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "Launch LCDMon"="\"C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe\"" "Launch LGDCore"="\"C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe\" /SHOWHIDE" "ISUSPM Startup"="\"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe\" -start" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "SoundMAXPnP"="C:\Programme\Analog Devices\Core\smax4pnp.exe" "OODefragTray"="C:\WINDOWS\system32\oodtray.exe" "TkBellExe"="\"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe\" -osboot" "Adobe Photo Downloader"="\"C:\Programme\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe\"" "SunJavaUpdateSched"="\"C:\Programme\Java\jre6\bin\jusched.exe\"" "Spamihilator"="\"C:\Programme\Spamihilator\spamihilator.exe\"" "F-Secure Manager"="\"C:\Programme\F-Secure Internet Security\Common\FSM32.EXE\" /splash" "F-Secure TNB"="\"C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe\" /CHECKALL /WAITFORSW" [Run\OptionalComponents] @="" [Run\OptionalComponents\IMAIL] "Installed"="1" @="" [Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" @="" [Run\OptionalComponents\MSFS] "Installed"="1" @="" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe\"" "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" "TrueCrypt"="\"C:\Programme\TrueCrypt\TrueCrypt.exe\" /q preferences /a favorites" "SpybotSD TeaTimer"="C:\Programme\Spybot - Search & Destroy\TeaTimer.exe" "SUPERAntiSpyware"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe" [Run\AdobeUpdater] @="" -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] "AppInit_DLLs"="" -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"C:\WINDOWS\system32\webcheck.dll" "WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" #### HKCR\CLSID\{AAA288BA-9A4C-45B0-95D7-94D524869DB5}\InprocServer32 @="C:\WINDOWS\system32\wpdshserviceobj.dll" "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="" #### HKCR\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\InprocServer32 @="C:\Programme\SUPERAntiSpyware\SASSEH.DLL" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "Shell"="Explorer.exe" "System"="" "Userinit"="C:\WINDOWS\system32\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "UIHost"=expand:"logonui.exe" "LogonType"=dword:00000001 "WinStationsDisabled"="0" [Winlogon\GPExtensions] [Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] "@="Drahtlos" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}] "@="Folder Redirection" "DllName"=expand:"fdeploy.dll" [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] "@="Microsoft-Datenträgerkontingent" "DllName"=expand:"dskquota.dll" [Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] "@="QoS-Paketplaner" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}] "@="Skripts" "DllName"=expand:"gptext.dll" [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] "@="Internet Explorer Zonemapping" "DllName"=expand:"iedkcs32.dll" [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="Security" [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "@="Internet Explorer Branding" "DllName"="iedkcs32.dll" [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="EFS recovery" [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] "@="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\System32\cscui.dll" [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] "@="Softwareinstallation" "DllName"=expand:"appmgmts.dll" [Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}] "@="IP-Sicherheit" "DllName"=expand:"gptext.dll" [Winlogon\Notify] [Winlogon\Notify\!SASWinLogon] "DllName"="C:\Programme\SUPERAntiSpyware\SASWINLO.dll" [Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" [Winlogon\Notify\crypt32chain] "DllName"=expand:"crypt32.dll" [Winlogon\Notify\cryptnet] "DllName"=expand:"cryptnet.dll" [Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" [Winlogon\Notify\dimsntfy] "DllName"=expand:"%SystemRoot%\System32\dimsntfy.dll" [Winlogon\Notify\LBTWlgn] "DLLName"="c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll" [Winlogon\Notify\LBTWlgn\Event] [Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" [Winlogon\Notify\Schedule] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\sclgntfy] "DllName"=expand:"sclgntfy.dll" [Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" [Winlogon\Notify\termsrv] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" [Winlogon\SCLogon] [Winlogon\SpecialAccounts] [Winlogon\SpecialAccounts\UserList] "Hilfeassistent"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "HelpAssistant"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "ParseAutoexec"="1" "ExcludeProfileDirs"="Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp" "BuildNumber"=dword:00000a28 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options----- [Image File Execution Options\Your Image File Name Here without a path] "Debugger"="ntsd -d" -----HKLM\System\CurrentControlSet\Control\Session Manager\----- [Session Manager] "BootExecute"=multi:"autocheck autochk *\00OODBS\00\00" [Session Manager\SubSystems] "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" -----HKLM\SYSTEM\CurrentControlSet\Control\WOW----- [WOW] "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe" "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- [runonceex] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKLM\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup----- -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run----- -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler----- [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects----- [Browser Helper Objects] [Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] @="" [Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] #### HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\InprocServer32 @="C:\Programme\Java\jre6\bin\ssv.dll" "NoExplorer"=dword:00000001 [Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] @="" [Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] #### HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32 @="C:\Programme\Java\jre6\bin\jp2ssv.dll" "NoExplorer"=dword:00000001 [Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] #### HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\InprocServer32 @="C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" @="JQSIEStartDetectorImpl" "NoExplorer"=dword:00000001 -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks----- [URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="C:\WINDOWS\system32\ieframe.dll" -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig----- [MSConfig] [MSConfig\services] [MSConfig\startupfolder] [MSConfig\startupreg] [MSConfig\state] "system.ini"=dword:00000000 "win.ini"=dword:00000000 "bootini"=dword:00000002 "services"=dword:00000000 "startup"=dword:00000000 -----HKCU\Control Panel\Desktop\----- [Desktop] [Desktop\WindowMetrics] -----HKEY_CLASSES_ROOT\exefile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\comfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\batfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\piffile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\scrFile\shell\open\command----- [command] @="\"%1\" /S" -----HKEY_CLASSES_ROOT\htafile\shell\open\command----- [Command] @="C:\WINDOWS\system32\mshta.exe \"%1\" %*" -----HKEY_CLASSES_ROOT\logfile\shell\open\command----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL----- [URL] [URL\DefaultPrefix] @="http://" [URL\Prefixes] "ftp"="ftp://" "home"="http://" "mosaic"="http://" "www"="http://" "gopher"="gopher://" -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa----- [Lsa] [Lsa\AccessProviders] [Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll" [Lsa\Audit] [Lsa\Audit\PerUserAuditing] [Lsa\Audit\PerUserAuditing\System] [Lsa\Data] [Lsa\SSO] [Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [Lsa\SspiCache] [Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" [Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" [Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----- [SharedAccess] "DependOnGroup"=multi:"\00" "DependOnService"=multi:"Netman\00WinMgmt\00\00" "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 "Group"="" [SharedAccess\Epoch] "Epoch"=dword:00002ce4 [SharedAccess\Parameters] "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll" [SharedAccess\Parameters\FirewallPolicy] [SharedAccess\Parameters\FirewallPolicy\DomainProfile] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:*:Enaxxxxx@xxxxxres.dll,-22004" "445:TCP"="445:TCP:*:Enaxxxxx@xxxxxres.dll,-22005" "137:UDP"="137:UDP:*:Enaxxxxx@xxxxxres.dll,-22001" "138:UDP"="138:UDP:*:Enaxxxxx@xxxxxres.dll,-22002" [SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000000 "DisableNotifications"=dword:00000000 [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "C:\Programme\ICQLite\ICQLite.exe"="C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite" "C:\Programme\Steam\steam.exe"="C:\Programme\Steam\steam.exe:*:Enabled:Steam" "C:\Programme\Bonjour\mDNSResponder.exe"="C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "C:\Programme\Call of Duty - World at War\CoDWaWmp.exe"="C:\Programme\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "C:\Programme\Call of Duty - World at War\CoDWaW.exe"="C:\Programme\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Programme\Spamihilator\cdcc.exe"="C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration" "C:\Programme\Spamihilator\dccproc.exe"="C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter" "C:\Programme\Spamihilator\spamihilator.exe"="C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator" "C:\Programme\NewsBin\nbpro.exe"="C:\Programme\NewsBin\nbpro.exe:*:Enabled:NewsBin Pro" [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP"="139:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22004" "445:TCP"="445:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22005" "137:UDP"="137:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22001" "138:UDP"="138:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22002" "1900:UDP"="1900:UDP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Disaxxxxx@xxxxxres.dll,-22008" [SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2----- -----HKLM\Software\Microsoft\Ole----- [Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ "EnableDCOM"="Y" [Ole\AppCompat] [Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\----- [Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [Security Center\Monitoring] [Security Center\Monitoring\AhnlabAntiVirus] [Security Center\Monitoring\ComputerAssociatesAntiVirus] [Security Center\Monitoring\KasperskyAntiVirus] [Security Center\Monitoring\McAfeeAntiVirus] [Security Center\Monitoring\McAfeeFirewall] [Security Center\Monitoring\PandaAntiVirus] [Security Center\Monitoring\PandaFirewall] [Security Center\Monitoring\SophosAntiVirus] [Security Center\Monitoring\SymantecAntiVirus] [Security Center\Monitoring\SymantecFirewall] [Security Center\Monitoring\TinyFirewall] [Security Center\Monitoring\TrendAntiVirus] [Security Center\Monitoring\TrendFirewall] [Security Center\Monitoring\ZoneLabsFirewall] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\----- [SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001 "DSMin"=dword:000000c8 "DSMax"=dword:00000190 "RPSessionInterval"=dword:00000000 "RPGlobalInterval"=dword:00015180 "RPLifeInterval"=dword:0076a700 "CompressionBurst"=dword:0000003c "TimerInterval"=dword:00000078 "DiskPercent"=dword:0000000c "ThawInterval"=dword:00000384 "RestoreDiskSpaceError"=dword:00000000 "RestoreStatus"=dword:00000000 "RestoreSafeModeStatus"=dword:00000000 [SystemRestore\Cfg] "DiskPercent"=dword:0000000c "MachineGuid"="{B61BD45B-A145-45D2-8A7F-0EDFE999607A}" [SystemRestore\SnapshotCallbacks] @="" -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings----- [VB and VBA Program Settings] [VB and VBA Program Settings\Date Cracker 2000] [VB and VBA Program Settings\Date Cracker 2000\Data] [VB and VBA Program Settings\Date Cracker 2000\Main] [VB and VBA Program Settings\Euro Add-in] [VB and VBA Program Settings\Euro Add-in\Wizard Options] [VB and VBA Program Settings\RSD-Support] [VB and VBA Program Settings\RSD-Support\UserData] [VB and VBA Program Settings\XAC] [VB and VBA Program Settings\XAC\General] -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- [AdvancedOptions] [AdvancedOptions\TABS] "Text"="Tabbed Browsing" [AdvancedOptions\TABS\ENABLE] "Text"="Enable Tabbed Browsing*" [AdvancedOptions\TABS\FOREGROUND] "Text"="Always switch to new tabs when they are created" [AdvancedOptions\TABS\POPUPS] "Text"="Always open pop-ups in a new window" -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- -----HKLM\Software\Microsoft\Active Setup\Installed Components----- [Installed Components] [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] "@="IE7 Uninstall Stub" "ComponentID"="IEUDINIT" "StubPath"="C:\WINDOWS\system32\ieudinit.exe" [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "Stubpath"="C:\WINDOWS\inf\unregmp2.exe /ShowWMP" "ComponentID"="WMPACCESS" "@="Windows Media Player" [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] "@="Internet Explorer" "ComponentID"="IEACCESS" "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] "@="Browseranpassungen" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] "@="Outlook Express" "ComponentID"="OEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE" [Installed Components\Microsoft Base Smart Card Crypto Provider Package] [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] "@="Microsoft VM" "ComponentID"="JAVAVM" "KeyFileName"="C:\WINDOWS\system32\msjava.dll" [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] "@="Vektorgrafik-Rendering (VML)" "ComponentID"="MSVML" [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="NetShow" "StubPath"="" [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="C:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="Windows Media Player" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub" "@="Microsoft Windows Media Player 6.4" [Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}] #### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="C:\WINDOWS\system32\Macromed\Director\SwDir.dll" "ComponentID"="Director" "@="Adobe Shockwave Director 10.2" [Installed Components\{26FE4229-EF08-BC2E-B28D-64A7BA95BC0C}] "@="DirectX" "ComponentID"="" [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] #### HKCR\CLSID\{283807B5-2C60-11D0-A31D-00AA00B92C03}\InprocServer32 @="C:\WINDOWS\system32\danim.dll" "@="DirectAnimation" "ComponentID"="DirectAnimation" [Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}] "ComponentID"="Director" "@="Adobe Shockwave Director 10.2" [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] "@="Themes Setup" "ComponentID"="Theme Component" "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll" [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] "@="Dynamic HTML-Datenbindung für Java" "ComponentID"="TridataJava" [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "@="Offline Browsing Pack" "ComponentID"="MobilePk" [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] "@="Uniscribe" "ComponentID"="USP10" [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] "@="Erweitertes Authoring" "ComponentID"="AdvAuth" [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "@="Microsoft Outlook Express 6" "ComponentID"="MailNews" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] "@="NetMeeting 3.01" "ComponentID"="NetMeeting" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT" [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] "@="DirectShow" "ComponentID"="activemovie" [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] "@="DirectDrawEx" "ComponentID"="DirectDrawEx" [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] "@="Internet Explorer Help" "ComponentID"="HelpCont" [Installed Components\{49E8C96F-4B5B-4E20-B536-5D9C1E57AB0A}] "ComponentID"="KB929300" "@="Hotfix for Microsoft .NET Framework 3.0 (KB929300)" [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] "@="DirectAnimation Java Classes" "ComponentID"="DAJava" [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] "@="Microsoft Windows Script 5.7" "ComponentID"="MSVBScript" [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] "@="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" [Installed Components\{5F6C5EB3-3B25-4134-BA50-AAAAF4FE25B0}] "ComponentID"="KB20060522" "@="Hotfix for Microsoft .NET Framework 2.0 (KB20060522)" [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] "@="Internet Explorer Setup Tools" "ComponentID"="GenSetup" [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "@="Browsing Enhancements" "ComponentID"="ExtraPack" "KeyFileName"="C:\WINDOWS\system32\msieftp.dll" [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="C:\WINDOWS\system32\wmp.dll" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub" "@="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] "@="MSN Site Access" "ComponentID"="MSN_Auth" [Installed Components\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}] "@="Web Folders" "ComponentID"="WebFolders" [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "@="Adressbuch 6" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" [Installed Components\{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "@="Windows Desktop-Update" "ComponentID"="IE4Shell_NT" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "@="Internet Explorer" "ComponentID"="BASEIE40_W2K" "StubPath"="C:\WINDOWS\system32\ie4uinit.exe -BaseSettings" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix] [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "StubPath"="C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install" "ComponentID"="DOTNETFRAMEWORKS" [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] "@="Dynamic HTML Data Binding" "ComponentID"="Tridata" [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] "@="Internet Explorer Core Fonts" "ComponentID"="Fontcore" [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] "@="Taskplaner" "ComponentID"="MSTASK" [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] "@="Macromedia Shockwave Flash" "ComponentID"="Flash" [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] "@="HTML Help" "ComponentID"="HTMLHelp" [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] "@="Active Directory Service Interface" "ComponentID"="ADSI" [Installed Components\{EB14C6E3-7B07-443B-8F52-AB283D87BC53}] "ComponentID"="KB930264" "@="Hotfix for Microsoft .NET Framework 3.0 (KB930264)" [Installed Components\{EF289A85-8E57-408d-BE47-73B55609861A}] "@="RootsUpdate" "ComponentID"="Windows Roots Update" -----Comparing registry keys CCS1 vs CCS2 ----- > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\sptd\Cfg < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a77545\0\0\0\0\0\0\0\0\0\0\0\0 > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a78ce5\0\0\0\0\0\0\0\0\0\0\0\0 Result compared: Different -----Comparing registry keys CCS1 vs CCS3 ----- > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\sptd\Cfg < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a77545\0\0\0\0\0\0\0\0\0\0\0\0 > Value: HKEY_LOCAL_MACHINE\system\controlset003\services\W32Time\TimeProviders\NtpClient SpecialPollTimeRemaining REG_MULTI_SZ time.windows.com,7a78ce5\0\0\0\0\0\0\0\0\0\0\0\0 Result compared: Different ===================== Advanced startup entries analysis ===================== HKLM\SOFTWARE\Microsoft\windows\currentversion\run Launch LCDMon = "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe -- 26/04/2007 15:54:30 -- 26/04/2007 15:54:30 -- 774168 MD5: 43cdd0420944518a7d1f0ecd66fc4bc3 SHA1: 3e8c1bdcbdcc6217e4a50cc39a84ed415737e629 [1] .text [2] .rdata [3] .data [4] .rsrc Launch LGDCore = "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe -- 26/04/2007 16:22:32 -- 26/04/2007 16:22:32 -- 1132056 MD5: 903f75ec9cce000baf427a41c72a5d28 SHA1: 0abb7fe601c48d891468bdd89cae024e6b8ab240 [1] .text [2] .rdata [3] .data [4] .rsrc ISUSPM Startup = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe -- 11/08/2005 15:30:30 -- 11/08/2005 15:30:30 -- 249856 MD5: 1c46fc1ab600766b8554580204806e84 SHA1: 9344b11b8e3b2d9bef7a7bfef3453aaa6576638d [1] .text [2] .rdata [3] .data [4] .rsrc ISUSScheduler = "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe -- 11/08/2005 15:30:30 -- 11/08/2005 15:30:30 -- 81920 MD5: 7d58c9bdf9c0a3955bdcde7387ad12ac SHA1: 8c9e5de7a3353512ac842114b877067280ac7e5a [1] .text [2] .rdata [3] .data [4] .rsrc Kernel and Hardware Abstraction Layer = KHALMNPR.EXE C:\WINDOWS\KHALMNPR.EXE -- 14/08/2007 13:06:08 -- 29/02/2008 02:12:38 -- 76304 MD5: e6a9f68d26a094fb78b98180a40a29fc SHA1: b8c33dc0b550130c15a2787615d10dc0cba3d1ef [1] .text [2] .rdata [3] .data [4] .rsrc SoundMAXPnP = C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Analog Devices\Core\smax4pnp.exe -- 15/08/2007 10:55:45 -- 05/10/2006 13:25:00 -- 868352 MD5: c8d1c0099fe14cfc7465ef72e5d99a3d SHA1: 0cb3de033e67c13086ebd8e80ddeff3f02660301 [1] .text [2] .rdata [3] .data [4] .rsrc OODefragTray = C:\WINDOWS\system32\oodtray.exe C:\WINDOWS\system32\oodtray.exe -- 11/05/2007 02:08:54 -- 11/05/2007 02:08:54 -- 2512392 MD5: 242b7462539a9222a8ae9f068a12698c SHA1: 46d7442a921988d911190663f9fd7c73befb7dcd [1] .text [2] .rdata [3] .data [4] .rsrc TkBellExe = "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe -- 27/01/2008 22:19:40 -- 27/01/2008 22:19:40 -- 185896 MD5: 89d583fc41d48328128a974c25afaeb7 SHA1: c461acc8a13041a87b8fcfd67b8c0bbf8c950cb2 [1] .text [2] .rdata [3] .data [4] .rsrc Adobe Photo Downloader = "C:\Programme\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" C:\Programme\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe -- 30/08/2007 05:32:38 -- 30/08/2007 05:32:38 -- 61440 MD5: e0fc25157263dd6177af313ae35dbfe8 SHA1: fb65ca0f7e8fbe6d011e187ad26e0fbee2263892 [1] .text [2] .rdata [3] .data [4] .rsrc SunJavaUpdateSched = "C:\Programme\Java\jre6\bin\jusched.exe" C:\Programme\Java\jre6\bin\jusched.exe -- 17/11/2008 10:11:26 -- 10/11/2008 05:43:42 -- 136600 MD5: b98ffa8288efaabc436c30d198608345 SHA1: 0a658c634a4e8c49d22ad3673bde63a6a2d74bdd [1] .text [2] .rdata [3] .data [4] .rsrc Spamihilator = "C:\Programme\Spamihilator\spamihilator.exe" C:\Programme\Spamihilator\spamihilator.exe -- 23/12/2008 10:28:26 -- 23/12/2008 10:28:26 -- 1321984 MD5: e68e47184294bac7cfa5e62a64df7698 SHA1: 9f98c8435f81ea20d416646a94f668ac3a7f826d [1] .text [2] .rdata [3] .data [4] .tls [5] .rsrc F-Secure Manager = "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash C:\Programme\F-Secure Internet Security\Common\FSM32.EXE -- 03/02/2009 10:18:56 -- 14/10/2008 14:03:38 -- 182936 MD5: 63a9ac1d459f59f159609da2dbec96cc SHA1: da9ec1ce7f7d329535a916cfb190f7d235649f96 [1] .text [2] .rdata [3] .data [4] .rsrc F-Secure TNB = "C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe -- 03/02/2009 10:19:00 -- 14/10/2008 14:03:04 -- 957024 MD5: ab7ff0fb8ee4c7f54f59d1f84aad1dfd SHA1: f92e3cdd0327125bab45712a788661d882f0863d [1] .text [2] .rdata [3] .data [4] .rsrc HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run HKCU\SOFTWARE\Microsoft\windows\currentversion\run BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe -- 15/01/2007 15:14:54 -- 15/01/2007 15:14:54 -- 147456 MD5: 928130e85250808bdb45694983aedf65 SHA1: 42d8a925a34f0ff828b62332138dcec546a55181 [1] .text [2] .rdata [3] .data [4] .rsrc ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ctfmon.exe -- 03/08/2004 23:57:50 -- 03/08/2004 23:57:50 -- 15360 MD5: 7ce20569925df6789c31799f0c538f29 SHA1: fdf70fcac4bb0c39bc0e2c8faaf81d4742f1fdde [1] .text [2] .data [3] .rsrc TrueCrypt = "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites C:\Programme\TrueCrypt\TrueCrypt.exe -- 22/10/2007 09:52:37 -- 18/02/2008 13:42:18 -- 1065152 MD5: 86203f5057eaa176a2c4e036147188bd SHA1: 78a87d6700249615746ae12770a6bf4092792318 [1] .text [2] .rdata [3] .data [4] .rsrc SpybotSD TeaTimer = C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe -- 21/08/2007 16:21:41 -- 16/09/2008 11:16:08 -- 1833296 MD5: 63b3ff83b87afceba89ced54695da0f6 SHA1: b210f13290fad6d52e4551adb255d659df3054bf [1] .text [2] .itext [3] .data [4] .bss [5] .idata [6] .tls [7] .rdata [8] .reloc [9] .rsrc SUPERAntiSpyware = C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe -- 15/01/2009 16:17:36 -- 15/01/2009 16:17:36 -- 1830128 MD5: c67a5e40b993939cd3697d1a61a63dc0 SHA1: 531ad1d80766630f34809e06098a6fc71086c0f0 [1] .text [2] .rdata [3] .data [4] .rsrc HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run ===================== SCHEDULED JOBS ===================== jobs found in C:\WINDOWS: 18-08-2001 12:00:00 65 byte 2733 days old -- C:\WINDOWS\tasks\desktop.ini 10-02-2009 15:59:37 6 byte 0 days old -- C:\WINDOWS\tasks\SA.DAT 10-02-2009 16:00:02 488 byte 0 days old -- C:\WINDOWS\tasks\1-Klick-Wartung.job ~~~~~~~~~~~~~~~~~~~~~ Active jobs: ~~~~~~~~~~~~~~~~~~~~~ Most recent (50) lines in jobs scheduled log: Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 09.02.2009 22:00:00 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 09.02.2009 22:00:00 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 03:29:07 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 03:29:20 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 04:00:00 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 04:00:00 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 13:33:28 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 13:33:43 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 14:00:00 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 14:00:00 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 15:00:16 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 15:00:35 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 15:23:18 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 15:23:35 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 15:26:59 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 15:27:18 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 15:59:41 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 15:59:58 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "1-Klick-Wartung.job" (OneClickStarter.exe) Start: 10.02.2009 16:00:00 "1-Klick-Wartung.job" (OneClickStarter.exe) Ende: 10.02.2009 16:00:02 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). ===================== LIST OF ALL SERVICES & DRIVERS ===================== -----HKLM\system\currentcontrolset\services----- 000) "a347bus" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\a347bus.sys ---> TYPE = KERNEL_DRIVER 001) "a347scsi" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\a347scsi.sys ---> TYPE = KERNEL_DRIVER 002) "Abiosdsk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 003) "abp480n5" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 004) "ACPI" - Microsoft ACPI-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ACPI.sys ---> TYPE = KERNEL_DRIVER 005) "ACPIEC" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 006) "ADIDTSFiltService" - ADI DTS Filter Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\adidts.sys ---> TYPE = KERNEL_DRIVER 007) "ADIHdAudAddService" - ADI UAA Function Driver for High Definition Audio Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\ADIHdAud.sys ---> TYPE = KERNEL_DRIVER 008) "adpu160m" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 009) "AEAudio" - AE Audio Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\AEAudio.sys ---> TYPE = KERNEL_DRIVER 010) "aec" - Microsoft Kernel-Echounterdrückung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\aec.sys ---> TYPE = KERNEL_DRIVER 011) "AegisP" - AEGIS Protocol (IEEE 802.1x) v3.2.0.3 ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\AegisP.sys ---> TYPE = KERNEL_DRIVER 012) "AFD" - AFD ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\afd.sys ---> TYPE = KERNEL_DRIVER 013) "Aha154x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 014) "aic78u2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 015) "aic78xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 016) "AliIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 017) "amsint" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 018) "AnyDVD" - AnyDVD ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\AnyDVD.sys ---> TYPE = KERNEL_DRIVER 019) "AR5211" - NETGEAR WG311T V1H3 Wireless Adapter Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\WG311T13.sys ---> TYPE = KERNEL_DRIVER 020) "Arp1394" - 1394-ARP-Clientprotokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\arp1394.sys ---> TYPE = KERNEL_DRIVER 021) "asc" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 022) "asc3350p" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 023) "asc3550" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 024) "Aspi32" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 025) "AsyncMac" - Asynchroner RAS -Medientreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\asyncmac.sys ---> TYPE = KERNEL_DRIVER 026) "atapi" - Standard-IDE/ESDI-Festplattencontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\atapi.sys ---> TYPE = KERNEL_DRIVER 027) "Atdisk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 028) "ati2mtag" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ati2mtag.sys ---> TYPE = KERNEL_DRIVER 029) "Atmarpc" - Protokoll für ATM ARP-Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\atmarpc.sys ---> TYPE = KERNEL_DRIVER 030) "audstub" - Audiostubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\audstub.sys ---> TYPE = KERNEL_DRIVER 031) "Beep" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 032) "catchme" ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\DOKUME~1\Joe\LOKALE~1\Temp\catchme.sys ---> TYPE = KERNEL_DRIVER 033) "cbidf2k" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 034) "cd20xrnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 035) "Cdaudio" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 036) "Cdfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 037) "Cdrom" - CD-ROM-Laufwerktreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\cdrom.sys ---> TYPE = KERNEL_DRIVER 038) "Changer" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 039) "CM1083264" - C-Media CM108 Like Sound UDAX Interface ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\CM108.sys ---> TYPE = KERNEL_DRIVER 040) "CmdIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 041) "cmudau" - C-Media USB Sound Interface ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\cmudau.sys ---> TYPE = KERNEL_DRIVER 042) "Cpqarray" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 043) "dac2w2k" ---> STAT = (RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 044) "dac960nt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 045) "Disk" - Laufwerktreiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\disk.sys ---> TYPE = KERNEL_DRIVER 046) "dmboot" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmboot.sys ---> TYPE = KERNEL_DRIVER 047) "dmio" - Treiber für die Verwaltung logischer Datenträger ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\drivers\dmio.sys ---> TYPE = KERNEL_DRIVER 048) "dmload" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\drivers\dmload.sys ---> TYPE = KERNEL_DRIVER 049) "DMusic" - Microsoft Kernel-DLS-Synthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\DMusic.sys ---> TYPE = KERNEL_DRIVER 050) "dpti2o" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 051) "drmkaud" - Microsoft Kernel-DRM-Audioentschlüsselung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\drmkaud.sys ---> TYPE = KERNEL_DRIVER 052) "ElbyCDIO" - ElbyCDIO Driver ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\Drivers\ElbyCDIO.sys ---> TYPE = KERNEL_DRIVER 053) "F-Secure Filter" - F-Secure File System Filter ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys ---> TYPE = KERNEL_DRIVER 054) "F-Secure Gatekeeper" - F-Secure Gatekeeper ---> STAT = (RUNNING) Started manually ---> FILE = C:\Programme\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys ---> TYPE = KERNEL_DRIVER 055) "F-Secure HIPS" - F-Secure HIPS Driver ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\F-Secure Internet Security\HIPS\drivers\fshs.sys ---> TYPE = KERNEL_DRIVER 056) "F-Secure Recognizer" - F-Secure File System Recognizer ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\Programme\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys ---> TYPE = KERNEL_DRIVER 057) "Fastfat" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 058) "Fdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 059) "Fips" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 060) "Flpydisk" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 061) "FltMgr" - FltMgr ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\fltMgr.sys ---> TYPE = FILE_SYSTEM_DRIVER 062) "fsbts" - fsbts ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\Drivers\fsbts.sys ---> TYPE = KERNEL_DRIVER 063) "FSFW" - F-Secure Firewall Driver ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\drivers\fsdfw.sys ---> TYPE = KERNEL_DRIVER 064) "Ftdisk" - Treiber für Volume-Manager ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ftdisk.sys ---> TYPE = KERNEL_DRIVER 065) "Gpc" - Standardpaketklassifizierung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\msgpc.sys ---> TYPE = KERNEL_DRIVER 066) "HDAudBus" - Microsoft UAA-Bustreiber für High Definition Audio ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\HDAudBus.sys ---> TYPE = KERNEL_DRIVER 067) "hidusb" - Microsoft HID Class-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\hidusb.sys ---> TYPE = KERNEL_DRIVER 068) "hpn" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 069) "HTTP" - HTTP ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\HTTP.sys ---> TYPE = KERNEL_DRIVER 070) "i2omgmt" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 071) "i2omp" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 072) "i8042prt" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 073) "iaStor" - Intel RAID Controller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\iaStor.sys ---> TYPE = KERNEL_DRIVER 074) "imagedrv" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\imagedrv.sys ---> TYPE = KERNEL_DRIVER 075) "imagesrv" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\imagesrv.sys ---> TYPE = KERNEL_DRIVER 076) "Imapi" - Filtertreiber für CD-Brennen ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\imapi.sys ---> TYPE = KERNEL_DRIVER 077) "ini910u" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 078) "IntelIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 079) "intelppm" - Intel-Prozessortreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\intelppm.sys ---> TYPE = KERNEL_DRIVER 080) "Ip6Fw" - IPv6-Windows-Firewalltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\Ip6Fw.sys ---> TYPE = KERNEL_DRIVER 081) "IpFilterDriver" - Filtertreiber für IP-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipfltdrv.sys ---> TYPE = KERNEL_DRIVER 082) "IpInIp" - IP/IP-Tunneltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipinip.sys ---> TYPE = KERNEL_DRIVER 083) "IpNat" - Übersetzer für IP-Netzwerkadressen ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ipnat.sys ---> TYPE = KERNEL_DRIVER 084) "IPSec" - IPSEC-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ipsec.sys ---> TYPE = KERNEL_DRIVER 085) "IRENUM" - IR-Enumeratordienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\irenum.sys ---> TYPE = KERNEL_DRIVER 086) "isapnp" - PnP-ISA/EISA-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\isapnp.sys ---> TYPE = KERNEL_DRIVER 087) "Kbdclass" - Tastaturklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdclass.sys ---> TYPE = KERNEL_DRIVER 088) "kbdhid" - Tastatur-HID-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdhid.sys ---> TYPE = KERNEL_DRIVER 089) "kmixer" - Microsoft Kernel-Waveaudiomixer ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\kmixer.sys ---> TYPE = KERNEL_DRIVER 090) "KSecDD" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 091) "lbrtfdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 092) "LHidFilt" - Logitech SetPoint KMDF HID Filter Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\LHidFilt.Sys ---> TYPE = KERNEL_DRIVER 093) "LMouFilt" - Logitech SetPoint KMDF Mouse Filter Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\LMouFilt.Sys ---> TYPE = KERNEL_DRIVER 094) "mnmdd" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 095) "Modem" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 096) "Mouclass" - Mausklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mouclass.sys ---> TYPE = KERNEL_DRIVER 097) "mouhid" - Maus-HID-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mouhid.sys ---> TYPE = KERNEL_DRIVER 098) "MountMgr" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 099) "mraid35x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 100) "MRxDAV" - Redirector für WebDav-Client ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mrxdav.sys ---> TYPE = FILE_SYSTEM_DRIVER 101) "MRxSmb" - MRXSMB ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mrxsmb.sys ---> TYPE = FILE_SYSTEM_DRIVER 102) "Msfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 103) "MSKSSRV" - Microsoft Streaming Service Proxy ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSKSSRV.sys ---> TYPE = KERNEL_DRIVER 104) "MSPCLOCK" - Microsoft Proxy für Streaming Clock ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPCLOCK.sys ---> TYPE = KERNEL_DRIVER 105) "MSPQM" - Microsoft Proxy für Streaming Quality Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPQM.sys ---> TYPE = KERNEL_DRIVER 106) "mssmbios" - Microsoft-Systemverwaltungs-BIOS-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mssmbios.sys ---> TYPE = KERNEL_DRIVER 107) "MTsensor" - ATK0110 ACPI UTILITY ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ASACPI.sys ---> TYPE = KERNEL_DRIVER 108) "Mup" - Mup ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = FILE_SYSTEM_DRIVER 109) "NDIS" - NDIS-Systemtreiber ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 110) "NdisTapi" - RAS-NDIS-TAPI-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndistapi.sys ---> TYPE = KERNEL_DRIVER 111) "Ndisuio" - NDIS-Benutzermodus-E/A-Protokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndisuio.sys ---> TYPE = KERNEL_DRIVER 112) "NdisWan" - RAS-NDIS-WAN-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndiswan.sys ---> TYPE = KERNEL_DRIVER 113) "NDProxy" - multi:NDIS-Proxy\00\00 ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 114) "NetBIOS" - NetBIOS-Schnittstelle ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbios.sys ---> TYPE = FILE_SYSTEM_DRIVER 115) "NetBT" - NetBios über TCP/IP ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbt.sys ---> TYPE = KERNEL_DRIVER 116) "NIC1394" - 1394-Netzwerktreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\nic1394.sys ---> TYPE = KERNEL_DRIVER 117) "Npfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 118) "Ntfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 119) "Null" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 120) "NwlnkFlt" - Filtertreiber für IPX-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkflt.sys ---> TYPE = KERNEL_DRIVER 121) "NwlnkFwd" - Treiber für IPX-Verkehrsweiterleitung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkfwd.sys ---> TYPE = KERNEL_DRIVER 122) "NwlnkIpx" - NWLink IPX/SPX/NetBIOS-kompatibles Transportprotokoll ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\nwlnkipx.sys ---> TYPE = KERNEL_DRIVER 123) "NwlnkNb" - NWLink-NetBIOS ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\nwlnknb.sys ---> TYPE = KERNEL_DRIVER 124) "NwlnkSpx" - NWLink SPX/SPXII-Protokoll ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\nwlnkspx.sys ---> TYPE = KERNEL_DRIVER 125) "ohci1394" - Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ohci1394.sys ---> TYPE = KERNEL_DRIVER 126) "Parport" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 127) "PartMgr" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 128) "ParVdm" ---> STAT = (NOT RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 129) "pavboot" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\drivers\pavboot.sys ---> TYPE = FILE_SYSTEM_DRIVER 130) "PCI" - PCI-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pci.sys ---> TYPE = KERNEL_DRIVER 131) "PCIDump" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 132) "PCIIde" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pciide.sys ---> TYPE = KERNEL_DRIVER 133) "Pcmcia" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 134) "PDCOMP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 135) "PDFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 136) "PDRELI" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 137) "PDRFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 138) "perc2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 139) "perc2hib" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 140) "PptpMiniport" - WAN-Miniport (PPTP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspptp.sys ---> TYPE = KERNEL_DRIVER 141) "PSched" - QoS-Paketplaner ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\psched.sys ---> TYPE = KERNEL_DRIVER 142) "PStrip" ---> STAT = (RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 143) "Ptilink" - Treiber für direkte Parallelverbindung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ptilink.sys ---> TYPE = KERNEL_DRIVER 144) "PxHelp20" - PxHelp20 ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\PxHelp20.sys ---> TYPE = KERNEL_DRIVER 145) "ql1080" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 146) "Ql10wnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 147) "ql12160" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 148) "ql1240" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 149) "ql1280" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 150) "RasAcd" - Treiber für automatische RAS-Verbindung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rasacd.sys ---> TYPE = KERNEL_DRIVER 151) "Rasl2tp" - WAN-Miniport (L2TP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rasl2tp.sys ---> TYPE = KERNEL_DRIVER 152) "RasPppoe" - Remotezugriff-PPPOE-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspppoe.sys ---> TYPE = KERNEL_DRIVER 153) "Raspti" - Parallelanschluss (direkt) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspti.sys ---> TYPE = KERNEL_DRIVER 154) "Rdbss" - Rdbss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rdbss.sys ---> TYPE = FILE_SYSTEM_DRIVER 155) "RDPCDD" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\RDPCDD.sys ---> TYPE = KERNEL_DRIVER 156) "rdpdr" - Treiber für Terminalserver-Geräteumleitung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rdpdr.sys ---> TYPE = KERNEL_DRIVER 157) "RDPWD" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 158) "redbook" - Filtertreiber für digitale CD-Audiowiedergabe ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\redbook.sys ---> TYPE = KERNEL_DRIVER 159) "rspndr" - Antwort für Verbindungsschicht-Topologieerkennung ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\rspndr.sys ---> TYPE = KERNEL_DRIVER 160) "SASDIFSV" - SASDIFSV ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS ---> TYPE = KERNEL_DRIVER 161) "SASENUM" - SASENUM ---> STAT = (RUNNING) Started manually ---> FILE = C:\Programme\SUPERAntiSpyware\SASENUM.SYS ---> TYPE = KERNEL_DRIVER 162) "SASKUTIL" - SASKUTIL ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = C:\Programme\SUPERAntiSpyware\SASKUTIL.sys ---> TYPE = KERNEL_DRIVER 163) "Secdrv" - Secdrv ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\secdrv.sys ---> TYPE = KERNEL_DRIVER 164) "Ser2pl" - Prolific Serial port driver ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ser2pl.sys ---> TYPE = KERNEL_DRIVER 165) "Serenum" - Serenum Filter Driver ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\serenum.sys ---> TYPE = KERNEL_DRIVER 166) "Serial" ---> STAT = (NOT RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 167) "Sfloppy" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 168) "Simbad" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 169) "Sparrow" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 170) "splitter" - Microsoft Kernel-Audiosplitter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\splitter.sys ---> TYPE = KERNEL_DRIVER 171) "sptd" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\sptd.sys ---> TYPE = KERNEL_DRIVER 172) "sr" - Filtertreiber für Systemwiederherstellung ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\sr.sys ---> TYPE = FILE_SYSTEM_DRIVER 173) "Srv" - Srv ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\srv.sys ---> TYPE = FILE_SYSTEM_DRIVER 174) "ssmdrv" - ssmdrv ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ssmdrv.sys ---> TYPE = KERNEL_DRIVER 175) "swenum" - Software-Bus-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\swenum.sys ---> TYPE = KERNEL_DRIVER 176) "swmidi" - Microsoft Kernel GS Wavetablesynthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\swmidi.sys ---> TYPE = KERNEL_DRIVER 177) "symc810" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 178) "symc8xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 179) "sym_hi" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 180) "sym_u3" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 181) "sysaudio" - Microsoft Kernel-Systemaudiogerät ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sysaudio.sys ---> TYPE = KERNEL_DRIVER 182) "tap0801" - TAP-Win32 Adapter V8 ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\tap0801.sys ---> TYPE = KERNEL_DRIVER 183) "tapvpn" - TAP VPN Adapter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\tapvpn.sys ---> TYPE = KERNEL_DRIVER 184) "Tcpip" - TCP/IP-Protokolltreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\tcpip.sys ---> TYPE = KERNEL_DRIVER 185) "TDPIPE" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 186) "TDTCP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 187) "TermDD" - Terminal-Gerätetreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\termdd.sys ---> TYPE = KERNEL_DRIVER 188) "tmcomm" - tmcomm ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\drivers\tmcomm.sys ---> TYPE = KERNEL_DRIVER 189) "TosIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 190) "truecrypt" - truecrypt ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\drivers\truecrypt.sys ---> TYPE = KERNEL_DRIVER 191) "Udfs" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 192) "ultra" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 193) "Update" - Microcode Updatetreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\update.sys ---> TYPE = KERNEL_DRIVER 194) "usbaudio" - USB-Audiotreiber (WDM) ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\usbaudio.sys ---> TYPE = KERNEL_DRIVER 195) "usbccgp" - Microsoft Standard-USB-Haupttreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbccgp.sys ---> TYPE = KERNEL_DRIVER 196) "usbehci" - Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbehci.sys ---> TYPE = KERNEL_DRIVER 197) "usbhub" - Microsoft USB-Standardhubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbhub.sys ---> TYPE = KERNEL_DRIVER 198) "usbscan" - USB-Scannertreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\usbscan.sys ---> TYPE = KERNEL_DRIVER 199) "USBSTOR" - USB-Massenspeichertreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\USBSTOR.SYS ---> TYPE = KERNEL_DRIVER 200) "usbuhci" - Miniporttreiber für universellen Microsoft USB-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbuhci.sys ---> TYPE = KERNEL_DRIVER 201) "VgaSave" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\vga.sys ---> TYPE = KERNEL_DRIVER 202) "ViaIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 203) "VolSnap" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 204) "VPCNetS2" - Virtual Machine Network Services Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\VMNetSrv.sys ---> TYPE = KERNEL_DRIVER 205) "Wanarp" - RAS-IP-ARP-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\wanarp.sys ---> TYPE = KERNEL_DRIVER 206) "Wdf01000" - Wdf01000 ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\Wdf01000.sys ---> TYPE = KERNEL_DRIVER 207) "WDICA" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 208) "wdmaud" - Treiber für Microsoft WINMM-WDM-Audiokompatibilität ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\wdmaud.sys ---> TYPE = KERNEL_DRIVER 209) "WpdUsb" - WpdUsb ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\wpdusb.sys ---> TYPE = KERNEL_DRIVER 210) "WudfPf" - Windows Driver Foundation - User-mode Driver Framework Platform Driver ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\WudfPf.sys ---> TYPE = KERNEL_DRIVER 211) "WudfRd" - Windows Driver Foundation - User-mode Driver Framework Reflector ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\wudfrd.sys ---> TYPE = KERNEL_DRIVER 212) "yukonwxp" - NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\yk51x86.sys ---> TYPE = KERNEL_DRIVER -----HKLM\system\currentcontrolset\services----- 000) "ACS" - Atheros Configuration Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\acs.exe ---> TYPE = OWN_SERVICE 001) "Alerter" - Warndienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 002) "ALG" - Gatewaydienst auf Anwendungsebene ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\alg.exe ---> TYPE = OWN_SERVICE 003) "AppMgmt" - Anwendungsverwaltung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 004) "aspnet_state" - ASP.NET State Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe ---> TYPE = OWN_SERVICE 005) "Ati HotKey Poller" ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\Ati2evxx.exe ---> TYPE = OWN_SERVICE 006) "ATI Smart" - ATI Smart ---> STAT = (NOT RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\ati2sgag.exe ---> TYPE = OWN_SERVICE 007) "AudioSrv" - Windows Audio ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 008) "BITS" - Intelligenter Hintergrundübertragungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 009) "Browser" - Computerbrowser ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 010) "CiSvc" - Indexdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\cisvc.exe ---> TYPE = SHARE_SERVICE 011) "ClipSrv" - Ablagemappe ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\clipsrv.exe ---> TYPE = OWN_SERVICE 012) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ---> TYPE = OWN_SERVICE 013) "COMSysApp" - COM+-Systemanwendung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ---> TYPE = OWN_SERVICE 014) "CryptSvc" - Kryptografiedienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 015) "DcomLaunch" - DCOM-Server-Prozessstart ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k DcomLaunch ---> TYPE = SHARE_SERVICE 016) "Dhcp" - DHCP-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 017) "dmadmin" - Verwaltungsdienst für die Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\dmadmin.exe /com ---> TYPE = SHARE_SERVICE 018) "dmserver" - Verwaltung logischer Datenträger ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 019) "Dnscache" - DNS-Client ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k NetworkService ---> TYPE = SHARE_SERVICE 020) "ERSvc" - Fehlerberichterstattungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 021) "Eventlog" - Ereignisprotokoll ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 022) "EventSystem" - COM+-Ereignissystem ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 023) "F-Secure Gatekeeper Handler Starter" - FSGKHS ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe\ ---> TYPE = OWN_SERVICE 024) "FastUserSwitchingCompatibility" - Kompatibilität für schnelle Benutzerumschaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 025) "FLEXnet Licensing Service" - FLEXnet Licensing Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\ ---> TYPE = OWN_SERVICE 026) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0 ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe ---> TYPE = OWN_SERVICE 027) "FSAUA" - F-Secure Automatic Update Agent ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe\ ---> TYPE = OWN_SERVICE 028) "FSDFWD" - F-Secure Anti-Virus Firewall Daemon ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe\ ---> TYPE = OWN_SERVICE 029) "FSMA" - F-Secure Management Agent ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE\ ---> TYPE = OWN_SERVICE 030) "FSORSPClient" - F-Secure ORSP Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe\ ---> TYPE = OWN_SERVICE 031) "helpsvc" - Hilfe und Support ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 032) "HidServ" - HID Input Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 033) "HTTPFilter" - HTTP-SSL ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k HTTPFilter ---> TYPE = SHARE_SERVICE 034) "idsvc" - Windows CardSpace ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\ ---> TYPE = SHARE_SERVICE 035) "ImapiService" - IMAPI-CD-Brenn-COM-Dienste ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\imapi.exe ---> TYPE = OWN_SERVICE 036) "JavaQuickStarterService" - Java Quick Starter ---> STAT = (RUNNING) Started automatically ---> FILE = \C:\Programme\Java\jre6\bin\jqs.exe\ -service -config \C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf\ ---> TYPE = OWN_SERVICE 037) "lanmanserver" - Server ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 038) "lanmanworkstation" - Arbeitsstationsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 039) "LBTServ" - Logitech Bluetooth Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe ---> TYPE = OWN_SERVICE 040) "LmHosts" - TCP/IP-NetBIOS-Hilfsprogramm ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 041) "Messenger" - Nachrichtendienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 042) "mnmsrvc" - NetMeeting-Remotedesktop-Freigabe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\mnmsrvc.exe ---> TYPE = OWN_SERVICE 043) "MSDTC" - Distributed Transaction Coordinator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msdtc.exe ---> TYPE = OWN_SERVICE 044) "MSIServer" - Windows Installer ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\msiexec.exe /V ---> TYPE = SHARE_SERVICE 045) "NBService" - NBService ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe ---> TYPE = OWN_SERVICE 046) "NetDDE" - Netzwerk-DDE-Dienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 047) "NetDDEdsdm" - Netzwerk-DDE-Serverdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 048) "Netlogon" - Anmeldedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 049) "Netman" - Netzwerkverbindungen ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 050) "NetTcpPortSharing" - Net.Tcp Port Sharing Service ---> STAT = (NOT RUNNING) Disabled ---> FILE = \C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\ ---> TYPE = SHARE_SERVICE 051) "Nla" - NLA (Network Location Awareness) ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 052) "NMIndexingService" - NMIndexingService ---> STAT = (RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe\ ---> TYPE = OWN_SERVICE 053) "NtLmSsp" - NT-LM-Sicherheitsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 054) "NtmsSvc" - Wechselmedien ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 055) "O&O Defrag" - O&O Defrag ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\oodag.exe ---> TYPE = OWN_SERVICE 056) "ose" - Office Source Engine ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE\ ---> TYPE = OWN_SERVICE 057) "PlugPlay" - Plug & Play ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 058) "PolicyAgent" - IPSEC-Dienste ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 059) "ProtectedStorage" - Geschützter Speicher ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 060) "RasAuto" - Verwaltung für automatische RAS-Verbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 061) "RasMan" - RAS-Verbindungsverwaltung ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 062) "RDSessMgr" - Sitzungs-Manager für Remotedesktophilfe ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\sessmgr.exe ---> TYPE = OWN_SERVICE 063) "RemoteAccess" - Routing und RAS ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 064) "RemoteRegistry" - Remote-Registrierung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 065) "RpcLocator" - RPC-Locator ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\locator.exe ---> TYPE = OWN_SERVICE 066) "RpcSs" - Remoteprozeduraufruf (RPC) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost -k rpcss ---> TYPE = SHARE_SERVICE 067) "RSVP" - QoS-RSVP ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\rsvp.exe ---> TYPE = OWN_SERVICE 068) "SamSs" - Sicherheitskontenverwaltung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 069) "SCardSvr" - Smartcard ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\SCardSvr.exe ---> TYPE = SHARE_SERVICE 070) "Schedule" - Taskplaner ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 071) "seclogon" - Sekundäre Anmeldung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 072) "SENS" - Systemereignisbenachrichtigung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 073) "SharedAccess" - Windows-Firewall/Gemeinsame Nutzung der Internetverbindung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 074) "ShellHWDetection" - Shellhardwareerkennung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 075) "Spooler" - Druckwarteschlange ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\spoolsv.exe ---> TYPE = OWN_SERVICE 076) "srservice" - Systemwiederherstellungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 077) "SSDPSRV" - SSDP-Suchdienst ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 078) "stisvc" - Windows-Bilderfassung (WIA) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k imgsvc ---> TYPE = SHARE_SERVICE 079) "SwPrv" - MS Software Shadow Copy Provider ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\dllhost.exe /Processid:{8FF2FC2C-C736-408F-9676-C21C3C8FFD30} ---> TYPE = OWN_SERVICE 080) "SysmonLog" - Leistungsdatenprotokolle und Warnungen ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\smlogsvc.exe ---> TYPE = OWN_SERVICE 081) "TapiSrv" - Telefonie ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 082) "TermService" - Terminaldienste ---> STAT = (RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost -k DComLaunch ---> TYPE = SHARE_SERVICE 083) "Themes" - Designs ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 084) "TlntSvr" - Telnet ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\tlntsvr.exe ---> TYPE = OWN_SERVICE 085) "TrkWks" - Überwachung verteilter Verknüpfungen (Client) ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 086) "TuneUp.Defrag" - TuneUp Drive Defrag-Dienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\TuneUpDefragService.exe ---> TYPE = OWN_SERVICE 087) "TuneUp.ProgramStatisticsSvc" - TuneUp Program Statistics Service ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\TUProgSt.exe ---> TYPE = OWN_SERVICE 088) "UMWdf" - Windows-Benutzermodus-Treiberframework ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\wdfmgr.exe ---> TYPE = OWN_SERVICE 089) "upnphost" - Universeller Plug & Play-Gerätehost ---> STAT = (NOT RUNNING) Disabled ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 090) "UPS" - Unterbrechungsfreie Stromversorgung ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\ups.exe ---> TYPE = OWN_SERVICE 091) "UxTuneUp" - TuneUp Designerweiterung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 092) "VSS" - Volumeschattenkopie ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\vssvc.exe ---> TYPE = OWN_SERVICE 093) "W32Time" - Windows-Zeitgeber ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 094) "WebClient" - Webclient ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 095) "winmgmt" - Windows-Verwaltungsinstrumentation ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 096) "Winsock" ---> STAT = (RUNNING) Started manually ---> TYPE = ADAPTER 097) "WmdmPmSN" - Portable Media Serial Number Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 098) "Wmi" - Treibererweiterungen für Windows-Verwaltungsinstrumentation ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 099) "WmiApSrv" - WMI-Leistungsadapter ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\system32\wbem\wmiapsrv.exe ---> TYPE = OWN_SERVICE 100) "WMPNetworkSvc" - Windows Media Player-Netzwerkfreigabedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = \C:\Programme\Windows Media Player\WMPNetwk.exe\ ---> TYPE = OWN_SERVICE 101) "wscsvc" - Sicherheitscenter ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 102) "wuauserv" - Automatische Updates ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 103) "WudfSvc" - Windows Driver Foundation - User-mode Driver Framework ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup ---> TYPE = SHARE_SERVICE 104) "WZCSVC" - Konfigurationsfreie drahtlose Verbindung ---> STAT = (RUNNING) Started automatically ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 105) "xmlprov" - Netzwerkversorgungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = C:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE ===================== SVCHOST INSTANCES ===================== HTTPFilter +---- HTTPFilter +---- %SystemRoot%\System32\w3ssl.dll LocalService +---- Alerter +---- %SystemRoot%\system32\alrsvc.dll +---- WebClient +---- %SystemRoot%\System32\webclnt.dll +---- LmHosts +---- %SystemRoot%\System32\lmhsvc.dll +---- RemoteRegistry +---- %SystemRoot%\system32\regsvc.dll +---- upnphost +---- %SystemRoot%\System32\upnphost.dll +---- SSDPSRV +---- %SystemRoot%\System32\ssdpsrv.dll NetworkService +---- DnsCache +---- %SystemRoot%\System32\dnsrslvr.dll netsvcs +---- 6to4 +---- AppMgmt +---- %SystemRoot%\System32\appmgmts.dll +---- AudioSrv +---- %SystemRoot%\System32\audiosrv.dll +---- Browser +---- %SystemRoot%\System32\browser.dll +---- CryptSvc +---- %SystemRoot%\System32\cryptsvc.dll +---- DMServer +---- %SystemRoot%\System32\dmserver.dll +---- DHCP +---- %SystemRoot%\System32\dhcpcsvc.dll +---- ERSvc +---- %SystemRoot%\System32\ersvc.dll +---- EventSystem +---- C:\WINDOWS\system32\es.dll +---- FastUserSwitchingCompatibility +---- %SystemRoot%\System32\shsvcs.dll +---- HidServ +---- %SystemRoot%\System32\hidserv.dll +---- Ias +---- Iprip +---- Irmon +---- LanmanServer +---- %SystemRoot%\System32\srvsvc.dll +---- LanmanWorkstation +---- %SystemRoot%\System32\wkssvc.dll +---- Messenger +---- %SystemRoot%\System32\msgsvc.dll +---- Netman +---- %SystemRoot%\System32\netman.dll +---- Nla +---- %SystemRoot%\System32\mswsock.dll +---- Ntmssvc +---- %SystemRoot%\system32\ntmssvc.dll +---- NWCWorkstation +---- Nwsapagent +---- Rasauto +---- %SystemRoot%\System32\rasauto.dll +---- Rasman +---- %SystemRoot%\System32\rasmans.dll +---- Remoteaccess +---- %SystemRoot%\System32\mprdim.dll +---- Schedule +---- %SystemRoot%\system32\schedsvc.dll +---- Seclogon +---- %SystemRoot%\System32\seclogon.dll +---- SENS +---- %SystemRoot%\system32\sens.dll +---- Sharedaccess +---- %SystemRoot%\System32\ipnathlp.dll +---- SRService +---- C:\WINDOWS\system32\srsvc.dll +---- Tapisrv +---- %SystemRoot%\System32\tapisrv.dll +---- Themes +---- %SystemRoot%\System32\shsvcs.dll +---- TrkWks +---- %SystemRoot%\system32\trkwks.dll +---- UxTuneUp +---- %SystemRoot%\System32\uxtuneup.dll +---- W32Time +---- %systemroot%\system32\w32time.dll +---- WZCSVC +---- %SystemRoot%\System32\wzcsvc.dll +---- Wmi +---- %SystemRoot%\System32\advapi32.dll +---- WmdmPmSp +---- winmgmt +---- %SystemRoot%\system32\wbem\WMIsvc.dll +---- wscsvc +---- %SYSTEMROOT%\system32\wscsvc.dll +---- xmlprov +---- %SystemRoot%\System32\xmlprov.dll +---- BITS +---- %systemroot%\system32\qmgr.dll +---- wuauserv +---- C:\WINDOWS\system32\wuauserv.dll +---- ShellHWDetection +---- %SystemRoot%\System32\shsvcs.dll +---- helpsvc +---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll +---- WmdmPmSN +---- C:\WINDOWS\system32\mspmsnsv.dll DcomLaunch +---- DcomLaunch +---- %SystemRoot%\system32\rpcss.dll +---- TermService +---- %SystemRoot%\System32\termsrv.dll rpcss +---- RpcSs +---- %SystemRoot%\System32\rpcss.dll imgsvc +---- StiSvc +---- %SystemRoot%\system32\wiaservc.dll termsvcs +---- TermService +---- %SystemRoot%\System32\termsrv.dll WudfServiceGroup +---- WUDFSvc +---- %SystemRoot%\System32\WUDFSvc.dll ===================== LOADED MODULES ===================== *** NOTE *** Process uuoywfrygn.exe belongs to SystemScan Already known legit dlls are not shown ------------------------------------------------------------------------------ System pid: 4 Command line: ------------------------------------------------------------------------------ smss.exe pid: 1352 Command line: \SystemRoot\System32\smss.exe Base Size Version Path 0x48580000 0xf000 \SystemRoot\System32\smss.exe ------------------------------------------------------------------------------ csrss.exe pid: 1856 Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Base Size Version Path 0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe 0x75ae0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll 0x75af0000 0x10000 5.01.2600.2606 C:\WINDOWS\system32\basesrv.dll 0x75b00000 0x4b000 5.01.2600.3103 C:\WINDOWS\system32\winsrv.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ winlogon.exe pid: 984 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x77690000 0x12000 5.01.2600.2925 C:\WINDOWS\system32\AUTHZ.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10000000 0x9a000 1.00.0000.1052 C:\Programme\SUPERAntiSpyware\SASWINLO.dll 0x01db0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x02330000 0x1f000 6.14.0010.4163 C:\WINDOWS\system32\Ati2evxx.dll 0x47120000 0x8000 5.01.2600.2914 C:\WINDOWS\System32\dimsntfy.dll 0x02470000 0x12000 4.60.0122.0000 c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll 0x02500000 0x24000 4.60.0122.0000 c:\programme\gemeinsame dateien\logitech\bluetooth\LBTServ.dll 0x00cb0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ services.exe pid: 1452 Command line: C:\WINDOWS\system32\services.exe Base Size Version Path 0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe 0x77b40000 0x54000 5.01.2600.2758 C:\WINDOWS\system32\SCESRV.dll 0x77690000 0x12000 5.01.2600.2925 C:\WINDOWS\system32\AUTHZ.dll 0x7dbb0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x47260000 0xf000 5.01.2600.3008 C:\WINDOWS\AppPatch\AcAdProc.dll 0x772d0000 0x11000 5.01.2600.3019 C:\WINDOWS\system32\eventlog.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ lsass.exe pid: 1464 Command line: C:\WINDOWS\system32\lsass.exe Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe 0x753d0000 0xb7000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll 0x76750000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x743c0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll 0x76740000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll 0x71c70000 0x4b000 5.01.2600.3048 C:\WINDOWS\system32\kerberos.dll 0x74430000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll 0x76770000 0x2d000 5.01.2600.2775 C:\WINDOWS\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x767a0000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll 0x742f0000 0xf000 5.01.2600.3027 C:\WINDOWS\system32\wdigest.dll 0x74380000 0x30000 5.01.2600.2661 C:\WINDOWS\system32\scecli.dll 0x74350000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll 0x77690000 0x12000 5.01.2600.2925 C:\WINDOWS\system32\AUTHZ.dll 0x756c0000 0xd0000 5.01.2600.2923 C:\WINDOWS\system32\oakley.DLL 0x742e0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL 0x01190000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x74310000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x74330000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x5bb10000 0x24000 5.01.2600.2645 C:\WINDOWS\system32\dssenh.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ ati2evxx.exe pid: 1688 Command line: C:\WINDOWS\system32\Ati2evxx.exe Base Size Version Path 0x00400000 0x7b000 6.14.0010.4173 C:\WINDOWS\system32\Ati2evxx.exe 0x74a60000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\cfgMgr32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x01060000 0x10000 6.14.0010.2512 C:\WINDOWS\system32\Ati2edxx.dll 0x10000000 0x25000 6.14.0010.2521 C:\WINDOWS\system32\atipdlxx.dll 0x012f0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ svchost.exe pid: 1704 Command line: C:\WINDOWS\system32\svchost -k DcomLaunch Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x77690000 0x12000 5.01.2600.2925 c:\windows\system32\AUTHZ.dll 0x76ad0000 0x11000 3.05.2284.0001 c:\windows\system32\ATL.DLL ------------------------------------------------------------------------------ svchost.exe pid: 1812 Command line: C:\WINDOWS\system32\svchost -k rpcss Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x00ef0000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x71ec0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\wshisn.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll ------------------------------------------------------------------------------ svchost.exe pid: 540 Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x55580000 0xb000 8.00.2000.0035 c:\windows\system32\uxtuneup.dll 0x59dd0000 0xa1000 5.01.2600.2180 c:\windows\system32\dbghelp.dll 0x76ee0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll 0x76ad0000 0x11000 3.05.2284.0001 c:\windows\system32\ATL.DLL 0x01510000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x767a0000 0x27000 5.01.2600.3126 C:\WINDOWS\System32\SCHANNEL.dll 0x76750000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll 0x74f10000 0x9000 2600.2180.0503.0000 c:\windows\system32\dmserver.dll 0x776e0000 0x41000 2001.12.4414.0312 c:\windows\system32\es.dll 0x74ec0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 0x68d80000 0x9000 5.01.2600.2180 c:\windows\system32\hidserv.dll 0x76bc0000 0x2f000 5.01.2600.2586 c:\windows\system32\credui.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\System32\HNETCFG.DLL 0x76770000 0x2d000 5.01.2600.2775 c:\windows\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 c:\windows\system32\MSVCP60.dll 0x4f110000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll 0x02880000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x77690000 0x12000 5.01.2600.2925 c:\windows\system32\AUTHZ.dll 0x50000000 0x6000 5.08.0000.2694 c:\windows\system32\wuauserv.dll 0x50040000 0x14c000 5.08.0000.2694 C:\WINDOWS\system32\wuaueng.dll 0x44490000 0x2e000 7.00.6000.20583 C:\WINDOWS\System32\ADVPACK.dll 0x750d0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll 0x604a0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll 0x742e0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\WINIPSEC.DLL 0x58030000 0x36000 5.01.2600.2679 C:\WINDOWS\System32\unimdm.tsp 0x580b0000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\kmddsp.tsp 0x58090000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\ndptsp.tsp 0x580c0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\ipconf.tsp 0x580e0000 0x46000 5.01.2600.2180 C:\WINDOWS\System32\h323.tsp 0x580d0000 0xa000 5.01.2600.2180 C:\WINDOWS\System32\hidphone.tsp 0x71c70000 0x4b000 5.01.2600.3048 C:\WINDOWS\system32\kerberos.dll 0x76740000 0xc000 5.01.2600.2180 C:\WINDOWS\System32\cryptdll.dll 0x71f00000 0x9000 5.01.2600.0000 C:\WINDOWS\System32\ipxwan.dll 0x71fd0000 0x12000 5.01.2600.0000 C:\WINDOWS\System32\adptif.dll ------------------------------------------------------------------------------ svchost.exe pid: 580 Command line: C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x00a60000 0x10000 6.00.5716.0032 c:\windows\system32\wudfsvc.dll 0x00a70000 0x2c000 6.00.5716.0032 c:\windows\system32\WUDFPlatform.dll ------------------------------------------------------------------------------ ati2evxx.exe pid: 720 Command line: Ati2evxx.exe -Client Base Size Version Path 0x00400000 0x7b000 6.14.0010.4173 C:\WINDOWS\system32\Ati2evxx.exe 0x74a60000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\cfgMgr32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x01060000 0x10000 6.14.0010.2512 C:\WINDOWS\system32\Ati2edxx.dll 0x10000000 0x25000 6.14.0010.2521 C:\WINDOWS\system32\atipdlxx.dll 0x01090000 0x1f000 6.14.0010.4163 C:\WINDOWS\system32\ati2evxx.dll 0x010e0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ svchost.exe pid: 916 Command line: C:\WINDOWS\system32\svchost.exe -k NetworkService Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x76ee0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll 0x00b90000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ svchost.exe pid: 1492 Command line: C:\WINDOWS\system32\svchost.exe -k LocalService Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x00ab0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x76aa0000 0x12000 5.01.2600.2963 c:\windows\system32\regsvc.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x01150000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll ------------------------------------------------------------------------------ explorer.exe pid: 1828 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xff000 6.00.2900.2894 C:\WINDOWS\Explorer.EXE 0x75f20000 0xfd000 6.00.2900.3121 C:\WINDOWS\system32\BROWSEUI.dll 0x7e1e0000 0x171000 6.00.2900.3121 C:\WINDOWS\system32\SHDOCVW.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x5b9b0000 0x72000 6.00.2900.2801 C:\WINDOWS\system32\themeui.dll 0x76320000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x76930000 0x8000 5.01.2600.2839 C:\WINDOWS\system32\LINKINFO.dll 0x444c0000 0x5cb000 7.00.6000.20583 C:\WINDOWS\system32\ieframe.dll 0x76bc0000 0x2f000 5.01.2600.2586 C:\WINDOWS\system32\credui.dll 0x75dc0000 0x91000 6.00.2900.2530 C:\WINDOWS\system32\MLANG.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\wpdshserviceobj.dll 0x765c0000 0x21000 5.01.2600.2180 C:\WINDOWS\system32\stobject.dll 0x74a70000 0xa000 6.00.2900.2180 C:\WINDOWS\system32\BatMeter.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\portabledevicetypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\portabledeviceapi.dll 0x01140000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll 0x75f00000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll 0x71b90000 0xe000 5.01.2600.2686 C:\WINDOWS\System32\ntlanman.dll 0x71c50000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll 0x71c10000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll 0x75f10000 0xa000 5.01.2600.2760 C:\WINDOWS\System32\davclnt.dll 0x01870000 0x14000 1.00.0000.1012 C:\Programme\SUPERAntiSpyware\SASSEH.DLL 0x20000000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll 0x62350000 0x53000 2.00.0500.0000 C:\Programme\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Programme\OpenOffice.org 2.3\program\uwinapi.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Programme\OpenOffice.org 2.3\program\MSVCR71.dll 0x4eba0000 0x1a5000 5.01.3102.2899 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2899_x-ww_55a30c51\gdiplus.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Programme\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Programme\OpenOffice.org 2.3\program\MSVCP71.dll 0x024f0000 0x5b000 8.01.0000.0000 C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll 0x02560000 0x4c000 8.00.0000.0000 C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU 0x025c0000 0x37000 12.02.0000.0004 C:\Programme\dBpoweramp\dBShell.dll 0x6c670000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll 0x02f30000 0x8e000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll 0x60ad0000 0x30000 3.00.0000.0576 C:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CdrIco.DLL 0x63f00000 0x16000 3.00.0000.0576 C:\Programme\Corel\CorelDRAW Graphics Suite 13\PROGRAMS\CrlI18n.dll 0x03a50000 0x104000 7.10.6030.0000 C:\WINDOWS\system32\MFC71U.DLL 0x5d360000 0x10000 7.10.3077.0000 C:\WINDOWS\system32\MFC71DEU.DLL 0x031d0000 0x12000 1.01.0000.0000 C:\Programme\Malwarebytes' Anti-Malware\mbamext.dll 0x03370000 0x14000 2.07.0003.0002 C:\Programme\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x01960000 0xf000 1.00.0000.1004 C:\Programme\SUPERAntiSpyware\SASCTXMN.DLL 0x019f0000 0x9000 7.00.13180.0000 C:\Programme\F-Secure Internet Security\Common\fpshx.dll 0x17000000 0x1d000 7.80.12726.0000 C:\Programme\F-Secure Internet Security\Common\FSMA32.dll 0x18000000 0x12000 7.80.12726.0000 C:\Programme\F-Secure Internet Security\Common\FSPMAPI.dll 0x037f0000 0x38000 7.02.3140.0000 C:\Programme\F-Secure Internet Security\Common\fslapi.dll 0x03390000 0xc000 7.00.12180.0000 C:\Programme\F-Secure Internet Security\Common\fpshx.eng 0x039b0000 0x2b000 C:\Programme\WinRAR\rarext.dll 0x033a0000 0x9000 8.00.2000.0035 C:\Programme\TuneUp Utilities 2009\SDShelEx-win32.dll 0x04160000 0x14000 1.00.0000.0001 C:\Programme\seRapid\seStart.dll 0x04290000 0xf000 20.52.2573.0000 C:\Programme\ICQLite\ICQLiteShell.dll 0x042a0000 0x73000 8.00.0001.0136 C:\PROGRA~1\EAST-T~1\ETCONT~1.DLL 0x04450000 0x1e0000 2.07.0003.0000 C:\Programme\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Programme\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL 0x75ec0000 0x21000 5.01.2600.2524 C:\WINDOWS\system32\MSVFW32.dll 0x69900000 0x16000 5.01.2600.2180 C:\WINDOWS\system32\Faultrep.dll 0x73250000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\RICHED32.DLL 0x74db0000 0x6d000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll 0x04640000 0x3d000 1.05.0000.0000 C:\WINDOWS\system32\BMenuPlg.dll 0x04690000 0xa6000 8.01.0005.0137 C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll 0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL 0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x04760000 0x10000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL 0x04780000 0x54000 8.00.0005.0456 C:\Programme\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.deu 0x04960000 0x32000 5.01.2600.2180 C:\WINDOWS\system32\xpsp1res.dll 0x00d90000 0x10000 8.00.0000.0456 C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x73b10000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\sti.dll 0x74a60000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll 0x050a0000 0x1a000 1.01.0221.0000 C:\WINDOWS\system32\CmdLineExt.dll 0x71cc0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\ACTXPRXY.DLL ------------------------------------------------------------------------------ spoolsv.exe pid: 1976 Command line: C:\WINDOWS\system32\spoolsv.exe Base Size Version Path 0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x50400000 0x9000 8.00.0000.0000 C:\WINDOWS\system32\AdobePDF.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x10000000 0xe1000 8.01.0000.0137 C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdistRes.DEU 0x01150000 0x8000 0.03.2175.0000 C:\WINDOWS\system32\mdimon.dll 0x011a0000 0x8000 0.03.2175.0000 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll 0x011b0000 0xa000 6.00.5824.16384 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll 0x76750000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll 0x01300000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ LCDMon.exe pid: 1184 Command line: "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" Base Size Version Path 0x00400000 0xc1000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe 0x76320000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10000000 0x32000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LCDDevices\LCDExtDevMngrEmulator.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x01650000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll ------------------------------------------------------------------------------ LGDCore.exe pid: 1192 Command line: "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE Base Size Version Path 0x00400000 0x120000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll 0x76320000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll 0x6d2f0000 0x39000 5.03.2600.2180 C:\WINDOWS\system32\DINPUT8.dll 0x10000000 0x20000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDRes.dll 0x72060000 0x11c000 8.80.1114.0000 C:\WINDOWS\system32\msxml3.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x02270000 0x15000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LgLcdApi.dll 0x024a0000 0x89000 5.02.3790.2847 C:\WINDOWS\system32\hhctrl.ocx 0x68da0000 0x18000 4.74.9273.0000 C:\WINDOWS\system32\mui\0007\hhctrlui.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x02680000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll ------------------------------------------------------------------------------ smax4pnp.exe pid: 1280 Command line: "C:\Programme\Analog Devices\Core\smax4pnp.exe" Base Size Version Path 0x00400000 0xd5000 6.00.0000.0078 C:\Programme\Analog Devices\Core\smax4pnp.exe 0x10000000 0x5c000 6.00.4400.0012 C:\Programme\Analog Devices\Core\SMWDMIF.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x73e70000 0x5c000 5.03.2600.2180 C:\WINDOWS\system32\DSound.dll 0x73e40000 0x4000 5.03.2600.2180 C:\WINDOWS\system32\KsUser.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x00dd0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ LCDClock.exe pid: 1248 Command line: "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe" Base Size Version Path 0x00400000 0x37000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10000000 0x15000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LgLcdApi.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x01080000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ LCDPOP3.exe pid: 1304 Command line: "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe" Base Size Version Path 0x00400000 0x51000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10000000 0x15000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LgLcdApi.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x011e0000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x01220000 0x17000 7.70.14204.15921 c:\programme\f-secure internet security\scanner-interface\fsgkiapi.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll 0x01090000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ LCDMedia.exe pid: 1340 Command line: "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe" Base Size Version Path 0x00400000 0x61000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10000000 0x15000 1.04.0153.0000 C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\LgLcdApi.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x01140000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ realsched.exe pid: 1372 Command line: "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot Base Size Version Path 0x00400000 0x2f000 0.01.0001.0045 C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ jusched.exe pid: 1384 Command line: "C:\Programme\Java\jre6\bin\jusched.exe" Base Size Version Path 0x00400000 0x22000 6.00.0110.0003 C:\Programme\Java\jre6\bin\jusched.exe 0x00330000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll 0x72240000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll 0x01380000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x013c0000 0x17000 7.70.14204.15921 c:\programme\f-secure internet security\scanner-interface\fsgkiapi.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ NMBgMonitor.exe pid: 1744 Command line: "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" Base Size Version Path 0x00400000 0x24000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Programme\Gemeinsame Dateien\Ahead\Lib\MSVCR71.dll 0x10000000 0x2ea000 7.07.0000.10200 C:\Programme\Gemeinsame Dateien\Ahead\Lib\AdvrCntr2.dll 0x01410000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x69900000 0x16000 5.01.2600.2180 C:\WINDOWS\system32\Faultrep.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x016e0000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x018b0000 0x8000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvrPS.dll 0x018c0000 0x295000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMDataServices.dll 0x66830000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\IPROP.dll 0x01ef0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ ctfmon.exe pid: 1824 Command line: "C:\WINDOWS\system32\ctfmon.exe" Base Size Version Path 0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x60010000 0x33000 5.01.2600.2699 C:\WINDOWS\system32\MSUTB.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ SetPoint.exe pid: 664 Command line: "C:\Programme\Logitech\SetPoint\SetPoint.exe" Base Size Version Path 0x00400000 0xc4000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\SetPoint.exe 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x10900000 0x13000 4.60.0122.0000 C:\WINDOWS\system32\KemXML.dll 0x10800000 0x2a000 4.60.0122.0000 C:\WINDOWS\system32\kemutb.dll 0x10700000 0x28000 4.60.0122.0000 C:\WINDOWS\system32\KemUtil.dll 0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL 0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x10b00000 0x1b000 4.60.0122.0000 C:\WINDOWS\system32\KemWnd.dll 0x76320000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll 0x4eba0000 0x1a5000 5.01.3102.2899 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2899_x-ww_55a30c51\gdiplus.dll 0x12a00000 0xa000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\SetPointCOM.dll 0x5d360000 0x10000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80DEU.DLL 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x10600000 0x100000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\Macros\MacroCore.dll 0x12300000 0x8000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\IMHook.dll 0x1f900000 0x29000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\WebBrowserSupport.dll 0x7c630000 0x1b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL 0x10000000 0x4e000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KhalApi.dll 0x015f0000 0x24000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logitech\bluetooth\LBTServ.dll 0x10e00000 0x11000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\kgame.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10a00000 0x1f000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\LCabHandler.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x015c0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ NMIndexStoreSvr.exe pid: 736 Command line: "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding Base Size Version Path 0x00400000 0x128000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe 0x10000000 0x4d000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMSQLDB.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Programme\Gemeinsame Dateien\Ahead\Lib\MSVCR71.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x003f0000 0x10000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMLogCxx.dll 0x00fa0000 0xb5000 1.00.0000.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\log4cxx.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x01d00000 0x83000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMCoFoundation.dll 0x02120000 0x2b000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFullTextExtraction.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x7d9b0000 0x167000 5.01.2600.2935 C:\WINDOWS\system32\query.dll 0x021a0000 0x2b000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMSearchPluginSimilarImages.dll 0x021d0000 0x337000 4.06.0015.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroIPP.dll 0x02510000 0x295000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMDataServices.dll 0x66830000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\IPROP.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x606b0000 0x148000 6.00.2900.3138 C:\Programme\Outlook Express\msoe.dll 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x76830000 0x22000 6.00.2900.2180 C:\WINDOWS\system32\MSOERT2.dll 0x60bf0000 0x42000 6.00.2900.2180 C:\WINDOWS\system32\MSOEACCT.dll 0x75c90000 0xab000 6.00.2900.3138 C:\WINDOWS\system32\INETCOMM.dll 0x717d0000 0x13000 6.00.2600.0000 C:\WINDOWS\system32\acctres.dll 0x02ed0000 0xf000 6.00.2900.2180 C:\WINDOWS\system32\inetres.dll 0x02f20000 0x26c000 6.00.2900.2180 C:\Programme\Outlook Express\msoeres.dll 0x7e1e0000 0x171000 6.00.2900.3121 C:\WINDOWS\system32\SHDOCVW.DLL 0x03190000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x444c0000 0x5cb000 7.00.6000.20583 C:\WINDOWS\system32\ieframe.dll 0x60ca0000 0xf000 6.00.2900.2180 C:\WINDOWS\system32\msident.dll 0x60c90000 0x6000 6.00.2600.0000 C:\WINDOWS\system32\msidntld.dll 0x6d2d0000 0x19000 6.00.2900.3138 C:\Programme\Gemeinsame Dateien\System\directdb.dll 0x5e490000 0xd000 5.01.2600.2180 C:\WINDOWS\system32\PSTOREC.DLL 0x03850000 0xc000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingServicePS.dll 0x02c90000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ KHALMNPR.exe pid: 892 Command line: KHALMNPR.EXE /API Base Size Version Path 0x00400000 0x12000 4.60.0042.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE 0x10000000 0x4e000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALAPI.DLL 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x01010000 0x24000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logitech\bluetooth\LBTServ.dll 0x74a60000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\cfgmgr32.dll 0x01060000 0x29000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALITCH.DLL 0x010d0000 0x2c000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMW.DLL 0x01130000 0x4b000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALHPP.DLL 0x01230000 0x2f000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMOU.DLL 0x01290000 0x30000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALHID.DLL 0x012f0000 0x28000 4.60.0122.0000 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALUSB.DLL 0x02760000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ acs.exe pid: 2720 Command line: C:\WINDOWS\system32\acs.exe Base Size Version Path 0x00400000 0x9000 C:\WINDOWS\system32\acs.exe 0x10000000 0x5c000 4.01.0000.0161 C:\WINDOWS\system32\athcfg11.dll 0x00340000 0x13000 4.01.0000.0161 C:\WINDOWS\system32\athcfg11Res.dll 0x74a60000 0x7000 5.01.2600.2180 C:\WINDOWS\system32\CFGMGR32.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x00360000 0x11000 7.00.2600.2534 C:\WINDOWS\system32\MSVCIRT.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\Comctl32.dll 0x01310000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ fsgk32st.exe pid: 2796 Command line: "C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe" Base Size Version Path 0x00400000 0x37000 7.60.13450.0000 C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe ------------------------------------------------------------------------------ FSMA32.EXE pid: 2876 Command line: "C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE" Base Size Version Path 0x00400000 0x1e000 7.80.12726.0000 C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE 0x18000000 0x12000 7.80.12726.0000 C:\Programme\F-Secure Internet Security\Common\FSPMAPI.dll 0x17000000 0x1d000 7.80.12726.0000 C:\Programme\F-Secure Internet Security\Common\FSMA32.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ------------------------------------------------------------------------------ fsgk32.exe pid: 2900 Command line: "C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE" /service /stopevent=104 /ipcexch=84 Base Size Version Path 0x01000000 0x6e000 8.00.14320.26237 C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE 0x18000000 0x12000 7.80.12726.0000 c:\programme\f-secure internet security\common\fspmapi.dll 0x17000000 0x1d000 7.80.12726.0000 c:\programme\f-secure internet security\common\fsma32s.dll 0x00a60000 0xf000 7.70.14161.20075 C:\Programme\F-Secure Internet Security\Anti-Virus\avperf.dll 0x00a90000 0x17000 7.70.14204.15921 C:\Programme\F-Secure Internet Security\Scanner-Interface\fsgkiapi.dll 0x5e160000 0x8000 5.01.2600.2978 C:\WINDOWS\system32\FLTLIB.DLL 0x10000000 0x51000 2.00.0009.0129 C:\Programme\F-Secure Internet Security\HIPS\fships.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x012b0000 0x1d000 7.80.12726.0000 c:\programme\f-secure internet security\common\fsma32.dll 0x016e0000 0x4a000 2.02.0011.0000 c:\programme\f-secure internet security\daas2\fsclm.dll 0x016d0000 0x10000 1.00.0003.0208 c:\programme\f-secure internet security\orsp client\orspapi.dll 0x01950000 0x1c000 1.00.0000.0001 c:\programme\f-secure internet security\orsp client\json_c.dll ------------------------------------------------------------------------------ jqs.exe pid: 2908 Command line: "C:\Programme\Java\jre6\bin\jqs.exe" -service -config "C:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" Base Size Version Path 0x00400000 0x24000 6.00.0110.0003 C:\Programme\Java\jre6\bin\jqs.exe 0x7c340000 0x56000 7.10.3052.0004 C:\Programme\Java\jre6\bin\MSVCR71.dll 0x66b40000 0x6000 2000.85.1125.0000 C:\WINDOWS\system32\odbcbcp.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x00e20000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x79fd0000 0x8000 1.01.4322.0573 C:\WINDOWS\system32\netfxperf.dll 0x79000000 0x45000 2.00.50727.1302 C:\WINDOWS\system32\mscoree.dll 0x640d0000 0x16000 2.00.50727.1302 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x012e0000 0x56e000 2.00.50727.1302 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 0x60310000 0x19000 2.00.50727.1302 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll 0x60080000 0x9000 2.00.50727.1302 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll 0x7d9b0000 0x167000 5.01.2600.2935 C:\WINDOWS\System32\query.dll 0x01c00000 0xf000 7.70.14161.20075 C:\Programme\F-Secure Internet Security\Anti-Virus\avperf.dll 0x10000000 0x13000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsfwperf.dll 0x01c50000 0x13000 2.00.0397.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsesperf.dll 0x61070000 0x2b000 2001.12.4414.0312 C:\WINDOWS\system32\msdtcuiu.DLL 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x5f800000 0xf2000 6.02.8071.0000 C:\WINDOWS\system32\MFC42u.DLL 0x6da00000 0x6c000 2001.12.4414.0312 C:\WINDOWS\system32\MSDTCPRX.dll 0x76020000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x5eb70000 0xd000 5.01.2600.2180 C:\WINDOWS\system32\perfctrs.dll 0x5eb60000 0x9000 5.01.2600.2180 C:\WINDOWS\system32\perfdisk.dll 0x5eb50000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\perfnet.dll 0x5eb30000 0xa000 5.01.2600.2508 C:\WINDOWS\system32\perfos.dll 0x5eb20000 0xd000 5.01.2600.2180 C:\WINDOWS\system32\perfproc.dll 0x5e5b0000 0x6000 5.01.2600.0000 C:\WINDOWS\system32\pschdprf.dll 0x5d7c0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\rsvpperf.dll 0x5bb60000 0x5000 5.01.2600.0000 C:\WINDOWS\system32\tapiperf.dll 0x5eb10000 0x6000 5.01.2600.0000 C:\WINDOWS\system32\perfts.dll 0x5b130000 0xa000 5.01.2600.0000 C:\WINDOWS\system32\UTILDLL.dll 0x59d20000 0x19000 5.01.2600.2180 C:\WINDOWS\system32\wbem\wmiaprpl.dll 0x72ed0000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\loadperf.dll 0x026e0000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll 0x5dfe0000 0x6000 5.01.2600.0000 C:\WINDOWS\System32\rasctrs.dll ------------------------------------------------------------------------------ oodag.exe pid: 3016 Command line: C:\WINDOWS\system32\oodag.exe Base Size Version Path 0x00400000 0x109000 10.00.1634.0000 C:\WINDOWS\system32\oodag.exe 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x10000000 0x5000 10.00.0001.1617 C:\WINDOWS\system32\OODAGRS.DLL 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x016c0000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll 0x01770000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ svchost.exe pid: 1532 Command line: C:\WINDOWS\system32\svchost.exe -k imgsvc Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x75b50000 0x55000 5.01.2600.3051 c:\windows\system32\wiaservc.dll 0x74a60000 0x7000 5.01.2600.2180 c:\windows\system32\CFGMGR32.dll 0x73aa0000 0x15000 5.01.2600.2709 c:\windows\system32\mscms.dll 0x71cc0000 0x1c000 6.00.2900.2180 C:\WINDOWS\system32\ACTXPRXY.DLL 0x73b10000 0x14000 5.01.2600.2180 C:\WINDOWS\system32\sti.dll ------------------------------------------------------------------------------ TUProgSt.exe pid: 1052 Command line: C:\WINDOWS\System32\TUProgSt.exe Base Size Version Path 0x00400000 0x97000 8.00.2000.0035 C:\WINDOWS\System32\TUProgSt.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ wdfmgr.exe pid: 1124 Command line: C:\WINDOWS\system32\wdfmgr.exe Base Size Version Path 0x01000000 0xc000 5.02.3790.1230 C:\WINDOWS\system32\wdfmgr.exe 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ fssm32.exe pid: 3660 Command line: "C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe" 3 1604 1600 1596 Base Size Version Path 0x01000000 0x83000 8.00.14320.26237 C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe 0x00400000 0x84000 2.00.14341.3108 C:\Programme\F-Secure Internet Security\Anti-Virus\FM4AV.dll 0x00880000 0xf000 7.70.14161.20075 C:\Programme\F-Secure Internet Security\Anti-Virus\avperf.dll 0x5e160000 0x8000 5.01.2600.2978 C:\WINDOWS\system32\FLTLIB.DLL 0x10000000 0x15000 1.02.12160.0000 C:\Programme\F-Secure Internet Security\Anti-Virus\avpproxy.dll 0x01310000 0x25000 7.00.0171.8410 C:\Programme\F-Secure Internet Security\Anti-Virus\avpfpi0.dll 0x00fe0000 0xc000 5.00.0000.0000 C:\Programme\F-Secure Internet Security\Anti-Virus\avp_iont.dll 0x098d0000 0x13000 2.00.0000.0200 C:\Programme\F-Secure Internet Security\Gemini\fsgem.dll 0x09910000 0xb5000 2.00.0000.0460 C:\Programme\F-Secure Internet Security\Gemini\fsgeme.dll 0x09af0000 0x1b000 1.00.0000.0016 C:\Programme\F-Secure Internet Security\Anti-Virus\fsepx32.dll 0x09cb0000 0x4a000 2.02.0011.0000 c:\programme\f-secure internet security\daas2\fsclm.dll 0x09c50000 0x20000 1.20.13100.0000 C:\Programme\F-Secure Internet Security\Pegasus\fpinor.dll 0x0a930000 0x1b000 2.20.14061.0000 C:\Programme\F-Secure Internet Security\Anti-Virus\fsuss.dll 0x59000000 0x91000 5.93.0001.0000 C:\Programme\F-Secure Internet Security\Pegasus\NSE_W32.DLL 0x28000000 0xc3000 5.08.0007.0003 C:\Programme\F-Secure Internet Security\Spam Control\fspl58.dll 0x0b560000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x72ff0000 0x1c000 5.01.2600.0000 C:\WINDOWS\system32\rsvpsp.dll 0x0b810000 0xe3000 3.00.15023.0000 C:\Programme\F-Secure Internet Security\Anti-Virus\fsusscr.dll 0x09b20000 0x108000 3.06.8511.0000 C:\Programme\F-Secure Internet Security\Anti-Virus\fsecr32.dll 0x006a0000 0x25000 7.00.0171.8410 C:\Programme\F-Secure Internet Security\Anti-Virus\avpfpi1.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x0c3b0000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll 0x0a900000 0x21000 1.23.5120.0000 C:\Programme\F-Secure Internet Security\Spam Control\fsas.dll ------------------------------------------------------------------------------ alg.exe pid: 1180 Command line: C:\WINDOWS\System32\alg.exe Base Size Version Path 0x01000000 0xd000 5.01.2600.2811 C:\WINDOWS\System32\alg.exe 0x76ad0000 0x11000 3.05.2284.0001 C:\WINDOWS\System32\ATL.DLL 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.dll 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x00ef0000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll 0x10000000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ NMIndexingService.exe pid: 2652 Command line: "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe" Base Size Version Path 0x00400000 0x41000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\MSVCP71.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Programme\Gemeinsame Dateien\Ahead\Lib\MSVCR71.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x10000000 0xc000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingServicePS.dll 0x006d0000 0x10000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMLogCxx.dll 0x014d0000 0xb5000 1.00.0000.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\log4cxx.dll 0x016d0000 0x295000 1.07.0011.0000 C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMDataServices.dll 0x66830000 0x4000 5.01.2600.0000 C:\WINDOWS\system32\IPROP.dll 0x01c00000 0x2e000 6.20.0134.0000 C:\Programme\F-Secure Internet Security\FWES\Program\fsdc32.dll ------------------------------------------------------------------------------ wscntfy.exe pid: 3284 Command line: C:\WINDOWS\system32\wscntfy.exe Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\wscntfy.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime ------------------------------------------------------------------------------ FSLAUNCH.EXE pid: 1064 Command line: FSLAUNCH.EXE /we"Global\FSMA GUI running" /la"C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /wu"&Erneut laden " /ci"" /ct"Nicht geladen" Base Size Version Path 0x00400000 0xd000 7.80.12726.0000 C:\Programme\F-Secure Internet Security\Common\FSLAUNCH.EXE 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime ------------------------------------------------------------------------------ sys76501.exe pid: 564 Command line: "C:\Dokumente und Einstellungen\Joe\Desktop\sys76501.exe" Base Size Version Path 0x00400000 0x39000 C:\Dokumente und Einstellungen\Joe\Desktop\sys76501.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll ------------------------------------------------------------------------------ runme.exe pid: 412 Command line: runme.exe Base Size Version Path 0x00400000 0x62000 3.06.0000.0002 C:\DOKUME~1\Joe\LOKALE~1\Temp\nsz55.tmp\runme.exe 0x6a9d0000 0x154000 6.00.0096.0090 C:\WINDOWS\system32\MSVBVM60.DLL 0x66630000 0x22000 6.00.0089.0088 C:\WINDOWS\system32\VB6DE.DLL 0x746a0000 0x4c000 5.01.2600.3085 C:\WINDOWS\system32\MSCTF.dll 0x10d00000 0xf000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\GameHook.dll 0x10100000 0xe000 4.60.0122.0000 C:\Programme\Logitech\SetPoint\lgscroll.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x75250000 0x2e000 5.01.2600.2657 C:\WINDOWS\system32\msctfime.ime 0x736f0000 0x25000 5.06.0000.8825 C:\WINDOWS\system32\scrrun.dll 0x01820000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43f60000 0x45000 7.00.6000.20583 C:\WINDOWS\system32\iertutil.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll 0x72240000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll 0x719b0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll 0x76ee0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x16080000 0x19000 1.00.0003.0001 C:\Programme\Bonjour\mdnsNSP.dll 0x02370000 0x30000 2.01.0580.0000 C:\Programme\F-Secure Internet Security\FSPS\program\FSLSP.DLL 0x023b0000 0x17000 7.70.14204.15921 c:\programme\f-secure internet security\scanner-interface\fsgkiapi.dll 0x66710000 0x59000 5.01.2600.3051 C:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ cmd.exe pid: 2424 Command line: cmd /c uuoywfrygn.exe > tempd.txt Base Size Version Path 0x4ad00000 0x64000 5.01.2600.2539 C:\WINDOWS\system32\cmd.exe 0x5cf00000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ------------------------------------------------------------------------------ uuoywfrygn.exe pid: 3252 Command line: uuoywfrygn.exe Base Size Version Path 0x00400000 0x14000 2.25.0000.0000 C:\DOKUME~1\Joe\LOKALE~1\Temp\nsz55.tmp\uuoywfrygn.exe 0x773a0000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll ===================== MASTER BOOT RECORD ===================== device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK ===================== SUSPICIOUS FILES ===================== EXE and DLL files packed with runtime packers, found in: C:\; C:\WINDOWS\; C:\WINDOWS\system32\ ===================== UNINSTALL LIST ===================== -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\ActiveScan 2.0] "DisplayName"="Panda ActiveScan 2.0" "UninstallString"="C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe" "DisplayIcon"="C:\Programme\Panda Security\ActiveScan 2.0\as2uninst.exe" [Uninstall\Adobe Flash Player Plugin] "DisplayName"="Adobe Flash Player 10 Plugin" "DisplayIcon"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe" "UninstallString"="C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe" [Uninstall\Adobe Shockwave Player] "DisplayName"="Adobe Shockwave Player" "UninstallString"="C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log" [Uninstall\Adobe_67a7fb1e97aa14ee9ef0950eb6fd757] "DisplayName"="Adobe Creative Suite 3 Master Collection hinzufügen oder entfernen" "DisplayIcon"="C:\Programme\Gemeinsame Dateien\Adobe\\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe,0" "UninstallString"="C:\Programme\Gemeinsame Dateien\Adobe\Installers\67a7fb1e97aa14ee9ef0950eb6fd757\Setup.exe" [Uninstall\AFPL Ghostscript 8.54] "DisplayName"="AFPL Ghostscript 8.54" "UninstallString"="C:\Programme\Ghostscript\uninstgs.exe \"C:\Programme\Ghostscript\gs8.54\uninstal.txt\"" [Uninstall\AFPL Ghostscript Fonts] "DisplayName"="AFPL Ghostscript Fonts" "UninstallString"="C:\Programme\Ghostscript\uninstgs.exe \"C:\Programme\Ghostscript\fonts\uninstal.txt\"" [Uninstall\AnyDVD] "DisplayName"="AnyDVD" "UninstallString"="\"C:\Programme\SlySoft\AnyDVD\AnyDVD-uninst.exe\" /D=\"C:\Programme\SlySoft\AnyDVD\"" [Uninstall\ATI Display Driver] "DisplayName"="ATI Display Driver" "UninstallString"="rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean" [Uninstall\Branding] [Uninstall\C-Media USB Sound] "DisplayName"="Icemat Siberia USB Soundcard" "UninstallString"="C:\WINDOWS\CmiUSB2Uninstall.exe C:\Programme\Icemat Siberia USB Soundcard#C-Media USB Sound#Icemat Siberia USB Soundcard#" [Uninstall\C-Media USB Sound Driver] "DisplayName"="C-Media USB Sound Driver" "UninstallString"="C:\WINDOWS\system32\cmdrvrmu.exe" [Uninstall\CCleaner] "DisplayName"="CCleaner (remove only)" "UninstallString"="\"C:\Programme\CCleaner\uninst.exe\"" [Uninstall\Connection Manager] [Uninstall\CopyTo2_is1] "DisplayName"="CopyTo Synchronizer v3" "DisplayIcon"="C:\Programme\CopyTo\CopyTo.exe" "UninstallString"="\"C:\Programme\CopyTo\unins000.exe\"" [Uninstall\dBpoweramp DSP Effects] "DisplayName"="dBpoweramp DSP Effects" "UninstallString"="\"C:\WINDOWS\system32\SpoonUninstall.exe\" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp DSP Effects.dat" [Uninstall\dBpoweramp FLAC Codec] "DisplayName"="dBpoweramp FLAC Codec" "UninstallString"="\"C:\WINDOWS\system32\SpoonUninstall.exe\" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat" [Uninstall\dBpoweramp m4a Codec] "DisplayName"="dBpoweramp m4a Codec" "UninstallString"="\"C:\WINDOWS\system32\SpoonUninstall.exe\" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp m4a Codec.dat" [Uninstall\dBpoweramp Music Converter] "DisplayName"="dBpoweramp Music Converter" "UninstallString"="\"C:\WINDOWS\system32\SpoonUninstall.exe\" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat" [Uninstall\dBpoweramp Ogg Vorbis Codec] "DisplayName"="dBpoweramp Ogg Vorbis Codec" "UninstallString"="\"C:\WINDOWS\system32\SpoonUninstall.exe\" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat" [Uninstall\dBpoweramp Windows Media Audio 10 Codec] "DisplayName"="dBpoweramp Windows Media Audio 10 Codec" "UninstallString"="\"C:\WINDOWS\system32\SpoonUninstall.exe\" C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat" [Uninstall\East-Tec Eraser 2008_is1] "DisplayName"="East-Tec Eraser 2008 Version 8.8" "DisplayIcon"="C:\Programme\East-Tec Eraser 2008\eteraser.exe" "UninstallString"="\"C:\Programme\East-Tec Eraser 2008\unins000.exe\"" [Uninstall\EsetOnlineScanner] "DisplayName"=expand:"ESET Online Scanner" "UninstallString"=expand:"C:\WINDOWS\system32\OnlineScannerUninstaller.exe" "DisplayIcon"=expand:"C:\WINDOWS\system32\OnlineScannerUninstaller.exe" [Uninstall\F-Secure Anti-Spyware] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Spyware\"" [Uninstall\F-Secure Anti-Spyware Scanner] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Spyware Scanner\"" [Uninstall\F-Secure Anti-Virus] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Virus\"" [Uninstall\F-Secure Anti-Virus Client Security Installer] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Anti-Virus Client Security Installer\"" [Uninstall\F-Secure Automatic Update Agent] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Automatic Update Agent\"" [Uninstall\F-Secure DAAS] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure DAAS\"" [Uninstall\F-Secure DAAS2] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure DAAS2\"" [Uninstall\F-Secure Diagnostics] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Diagnostics\"" [Uninstall\F-Secure E-mail Scanning] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure E-mail Scanning\"" [Uninstall\F-Secure FWES] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure FWES\"" [Uninstall\F-Secure GateKeeper Interface] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure GateKeeper Interface\"" [Uninstall\F-Secure Gemini] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Gemini\"" [Uninstall\F-Secure GUI] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure GUI\"" [Uninstall\F-Secure Help] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Help\"" [Uninstall\F-Secure HIPS] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure HIPS\"" [Uninstall\F-Secure Internet Shield] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Internet Shield\"" [Uninstall\F-Secure ISP News] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure ISP News\"" [Uninstall\F-Secure Localization API] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Localization API\"" [Uninstall\F-Secure Management Agent] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Management Agent\"" [Uninstall\F-Secure ORSP Client] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure ORSP Client\"" [Uninstall\F-Secure Pegasus Engine] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Pegasus Engine\"" [Uninstall\F-Secure Product 444] "DisplayName"="F-Secure Internet Security 2009" "UninstallString"="\"C:\Programme\F-Secure Internet Security\FSGUI\PostInstall.exe\" /tUnInstall" "DisplayIcon"="C:\Programme\F-Secure Internet Security\FSGUI\ico_setup.ico" [Uninstall\F-Secure Protocol Scanner] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Protocol Scanner\"" [Uninstall\F-Secure Spam Control] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Spam Control\"" [Uninstall\F-Secure Spam Scanner] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Spam Scanner\"" [Uninstall\F-Secure TNB] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure TNB\"" [Uninstall\F-Secure Uninstall] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Uninstall\"" [Uninstall\F-Secure Web Filter] "UninstallString"="\"C:\Programme\F-Secure Internet Security\Uninstall\fsuninst.exe\" /UninstRegKey:\"F-Secure Web Filter\"" [Uninstall\FDRTools 2.0beta7] "DisplayName"="FDRTools 2.0beta7" "UninstallString"="C:\Programme\FDRTools\2.0beta7\uninst.exe" "DisplayIcon"="C:\Programme\FDRTools\2.0beta7\FDRGui.exe" [Uninstall\FLVPlayer] "DisplayName"="FLV Player 1.3.3" "UninstallString"="\"C:\Programme\FLVPlayer\uninstall.exe\"" [Uninstall\Foxit PDF Editor] "UninstallString"="C:\Program Files\Foxit Software\PDF Editor\uninstall.exe\00\00\00\00\00\00\00\00\00\00\00\004È’\00\08\00\00\00@\00\00\00&CustomU" "DisplayName"="Foxit PDF Editor\00\00\00\00SHGetPathFro" "DisplayIcon"="C:\Program Files\Foxit Software\PDF Editor\uninstall.exe\00\00\00\00\00\00\00\00\00\00\00\004È’\00\08\00\00\00@\00\00\00&CustomU" [Uninstall\Foxit Reader] "DisplayName"="Foxit Reader\00\00\00\00\Microso" "UninstallString"="C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe\00gsdaten\Microsoft\Internet Explorer\Quick Launch\\Fox" "DisplayIcon"="C:\Programme\Foxit Software\Foxit Reader\Foxit Reader.exe\00aten\Microsoft\Internet Explorer\Quick Launch\" [Uninstall\G-Force] "DisplayName"="G-Force" "UninstallString"="C:\Programme\SoundSpectrum\G-Force\Uninstall.exe" [Uninstall\GSview 4.8] "DisplayName"="GSview 4.8" "UninstallString"="C:\Programme\Ghostgum\gsview\uninstgs.exe \"C:\Programme\Ghostgum\gsview\uninstal.txt\"" [Uninstall\Guitar Pro 5_is1] "DisplayName"="Guitar Pro 5.0" "UninstallString"="\"C:\Programme\Guitar Pro 5\unins000.exe\"" [Uninstall\Half-Life Dedicated Server Update Tool] "DisplayName"="Half-Life Dedicated Server Update Tool" "UninstallString"="C:\PROGRA~1\Valve\HLServer\UNWISE.EXE C:\PROGRA~1\Valve\HLServer\INSTALL.LOG" [Uninstall\HijackThis] "DisplayName"="HijackThis 2.0.2" "UninstallString"="\"C:\Programme\HijackThis\HijackThis.exe\" /uninstall" "DisplayIcon"="C:\Programme\HijackThis\HijackThis.exe" [Uninstall\HLSW_is1] "DisplayName"="HLSW v1.1.6" "UninstallString"="\"C:\Programme\HLSW\unins000.exe\"" [Uninstall\ICQLite] "DisplayName"="ICQ 5.1" "UninstallString"="C:\Programme\ICQLite\ICQLiteUninstall.EXE" "DisplayIcon"="C:\Programme\ICQLite\ICQLiteUninstall.EXE" [Uninstall\IE7] "DisplayName"="Internet Explorer 7" "DisplayIcon"="C:\Programme\Internet Explorer\iexplore.exe" "UninstallString"="C:\Programme\Internet Explorer\iexplore.exe" [Uninstall\InfoRapid Suchen & Ersetzen] "DisplayName"="InfoRapid Suchen & Ersetzen" "UninstallString"="C:\PROGRA~1\seRapid\UNWISE.EXE C:\PROGRA~1\seRapid\INSTALL.LOG" "DisplayIcon"="C:\PROGRA~1\seRapid\shRapid.exe,-0" [Uninstall\INsanes Small HUD] "DisplayName"="INsanes Small HUD 7 Standard" "UninstallString"="C:\Programme\Steam\steamapps\lenfordlennyleonard\day of defeat source\dod\uninst INsanes Small HUD 7 Standard.exe" [Uninstall\InstallShield Uninstall Information] [Uninstall\InstallShield Uninstall Information\{0A146245-DB79-4197-BF5D-FE1A699A2CC7}] [Uninstall\InstallShield Uninstall Information\{17BF3045-AB1D-4048-8356-6C584B83565E}] [Uninstall\InstallShield Uninstall Information\{33711828-7194-4446-8C05-0DC0E59A0C1B}] [Uninstall\InstallShield Uninstall Information\{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}] [Uninstall\InstallShield Uninstall Information\{36C65B50-37BA-4467-AAD5-0523EFDF6F62}] [Uninstall\InstallShield Uninstall Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}] [Uninstall\InstallShield Uninstall Information\{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}] [Uninstall\InstallShield Uninstall Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}] [Uninstall\InstallShield Uninstall Information\{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}] [Uninstall\InstallShield Uninstall Information\{A1D0D14A-B776-4907-BC00-5149F2298086}] [Uninstall\InstallShield Uninstall Information\{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}] [Uninstall\InstallShield Uninstall Information\{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}] [Uninstall\InstallShield Uninstall Information\{D0E8C34D-19D2-49FD-A900-88DEB788FF86}] [Uninstall\InstallShield Uninstall Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}] [Uninstall\InstallShield Uninstall Information\{FC321AD2-48B4-4013-B997-A65D5FBBD006}] [Uninstall\InstallShield_{0A146245-DB79-4197-BF5D-FE1A699A2CC7}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7} " "DisplayName"="Canon Camera Window DSLR 5 for ZoomBrowser EX" "InstallSource"="D:\SOFTWARE\CWDS\ENGLISH\" "DisplayIcon"="C:\WINDOWS\Installer\{0A146245-DB79-4197-BF5D-FE1A699A2CC7}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{17BF3045-AB1D-4048-8356-6C584B83565E}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{17BF3045-AB1D-4048-8356-6C584B83565E} /l1033 " "DisplayName"="Canon Utilities Digital Photo Professional 2.0" "InstallSource"="D:\SOFTWARE\DPP\" "DisplayIcon"="C:\WINDOWS\Installer\{17BF3045-AB1D-4048-8356-6C584B83565E}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{33711828-7194-4446-8C05-0DC0E59A0C1B}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33711828-7194-4446-8C05-0DC0E59A0C1B} " "DisplayName"="CANON iMAGE GATEWAY Task for ZoomBrowser EX" "InstallSource"="D:\SOFTWARE\CIGTASK\ENGLISH\" "DisplayIcon"="" [Uninstall\InstallShield_{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033 " "DisplayName"="Canon EOS Kiss_N REBEL_XT 350D WIA Driver" "InstallSource"="D:\SOFTWARE\WIA\E3KR2_R\" "DisplayIcon"="C:\WINDOWS\Installer\{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{36C65B50-37BA-4467-AAD5-0523EFDF6F62}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{36C65B50-37BA-4467-AAD5-0523EFDF6F62} " "DisplayName"="Canon Camera Window MC 5 for ZoomBrowser EX" "InstallSource"="D:\SOFTWARE\CWMC\ENGLISH\" "DisplayIcon"="C:\WINDOWS\Installer\{36C65B50-37BA-4467-AAD5-0523EFDF6F62}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}] "UninstallString"="C:\Programme\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409" "DisplayName"="Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch" [Uninstall\InstallShield_{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{589D17BB-C997-48C0-BCD2-CC8DC3375FE8} " "DisplayName"="Canon Utilities EOS Capture 1.5" "InstallSource"="D:\SOFTWARE\EC\English\" "DisplayIcon"="C:\WINDOWS\Installer\{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}] "UninstallString"="C:\Programme\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409" "DisplayName"="Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch" [Uninstall\InstallShield_{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6} " "DisplayName"="Canon Utilities PhotoStitch 3.1" "InstallSource"="D:\SOFTWARE\PSTITCH\ENGLISH\" "DisplayIcon"="" [Uninstall\InstallShield_{A1D0D14A-B776-4907-BC00-5149F2298086}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033 " "DisplayName"="Canon Camera Support Core Library" "InstallSource"="D:\SOFTWARE\CSCLIB\" "DisplayIcon"="C:\WINDOWS\Installer\{A1D0D14A-B776-4907-BC00-5149F2298086}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F} " "DisplayName"="Canon Camera Window DC_DV 5 for ZoomBrowser EX" "InstallSource"="D:\SOFTWARE\CWDVC\ENGLISH\" "DisplayIcon"="C:\WINDOWS\Installer\{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4} " "DisplayName"="Canon RAW Image Task for ZoomBrowser EX" "InstallSource"="D:\SOFTWARE\RAWTASK\ENGLISH\" "DisplayIcon"="C:\WINDOWS\Installer\{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{D0E8C34D-19D2-49FD-A900-88DEB788FF86}] "UninstallString"="C:\Programme\Gemeinsame Dateien\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D0E8C34D-19D2-49FD-A900-88DEB788FF86} " "DisplayName"="Canon Internet Library for ZoomBrowser EX" "InstallSource"="D:\SOFTWARE\CIG\ENGLISH\" "DisplayIcon"="C:\WINDOWS\Installer\{D0E8C34D-19D2-49FD-A900-88DEB788FF86}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}] "UninstallString"="C:\Programme\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409" "DisplayName"="Call of Duty(R) - World at War(TM)" "InstallSource"="E:\" "DisplayIcon"=expand:"C:\WINDOWS\Installer\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\ARPPRODUCTICON.exe" [Uninstall\InstallShield_{FC321AD2-48B4-4013-B997-A65D5FBBD006}] "UninstallString"="C:\Programme\InstallShield Installation Information\{FC321AD2-48B4-4013-B997-A65D5FBBD006}\setup.exe -runfromtemp -l0x0407" "DisplayName"="NETGEAR WG311T Wireless Adapter" "InstallSource"="C:\WINDOWS\Downloaded Installations\{A7588CD9-9ECC-4194-AAB5-A4DC68314746}\" "DisplayIcon"=expand:"C:\WINDOWS\Installer\{FC321AD2-48B4-4013-B997-A65D5FBBD006}\ARPPRODUCTICON.exe" [Uninstall\jv16 PowerTools_is1] "DisplayName"="jv16 PowerTools 2007" "DisplayIcon"="C:\Programme\jv16 PowerTools 2007\jv16pt.exe" "UninstallString"="\"C:\Programme\jv16 PowerTools 2007\unins000.exe\"" [Uninstall\Jägerprüfung-NI 2.0_is1] "DisplayName"="manfrin it Jägerprüfung-NI 2.0" "UninstallString"="\"C:\Programme\JägerprüfungNI\unins000.exe\"" [Uninstall\Kalenderchen_is1] "DisplayName"="Kalenderchen 4" "DisplayIcon"="C:\Programme\Kalenderchen\icon.ico" "UninstallString"="C:\Programme\Kalenderchen\unins000.exe" [Uninstall\Kaspersky Online Scanner] "DisplayName"="Kaspersky Online Scanner" "DisplayIcon"="C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe" "UninstallString"="C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe" [Uninstall\KB884016] [Uninstall\KB893803] [Uninstall\KB893803v2] "DisplayName"="Windows Installer 3.1 (KB893803)" "UninstallString"="\"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe\"" [Uninstall\Machinist2DLL] "DisplayName"="Machinist2DLL" "UninstallString"="C:\Programme\Machinist2DLL\uninstall.exe" [Uninstall\Malwarebytes' Anti-Malware_is1] "DisplayName"="Malwarebytes' Anti-Malware" "DisplayIcon"="C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" "UninstallString"="\"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe\"" [Uninstall\MediaMonkey_is1] "DisplayName"="MediaMonkey 3.0" "DisplayIcon"="C:\Programme\MediaMonkey\MediaMonkey.exe" "UninstallString"="\"C:\Programme\MediaMonkey\unins000.exe\"" [Uninstall\Microsoft .NET Framework 2.0] "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 2.0" "UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe" [Uninstall\Microsoft .NET Framework 2.0 Language Pack - DEU] "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 2.0 Language Pack - DEU" "UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe" [Uninstall\Microsoft .NET Framework 3.0] "DisplayIcon"="C:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 3.0" "UninstallString"="C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe" [Uninstall\MiKTeX 2.5] "DisplayName"="MiKTeX 2.5" "UninstallString"="\"C:\Programme\MiKTeX 2.5\miktex\bin\copystart.exe\" \"C:\Programme\MiKTeX 2.5\miktex\config\uninstall.dat\"" [Uninstall\Mozilla Firefox (3.0.6)] "DisplayIcon"="C:\Programme\Mozilla Firefox\firefox.exe,0" "DisplayName"="Mozilla Firefox (3.0.6)" "UninstallString"="C:\Programme\Mozilla Firefox\uninstall\helper.exe" [Uninstall\Mozilla Thunderbird (2.0.0.19)] "DisplayIcon"="C:\Programme\Mozilla Thunderbird\thunderbird.exe,0" "DisplayName"="Mozilla Thunderbird (2.0.0.19)" "UninstallString"="C:\Programme\Mozilla Thunderbird\uninstall\helper.exe" [Uninstall\MPlayer2] [Uninstall\MSI30-Beta1] [Uninstall\MSI30-Beta2] [Uninstall\MSI30-KB884016] [Uninstall\MSI30-RC1] [Uninstall\MSI30-RC2] [Uninstall\MSI30a-KB884016] [Uninstall\MSI31-Beta] [Uninstall\MSI31-RC1] [Uninstall\Nero - Burning Rom!UninstallKey] "UninstallString"="C:\Programme\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL" [Uninstall\NeroBackItUp!UninstallKey] "UninstallString"="C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL" [Uninstall\NewsBin5] "DisplayName"="NewsBin Pro" "UninstallString"="C:\Programme\NewsBin\uninst.exe" "DisplayIcon"="C:\Programme\NewsBin\nbpro.exe" [Uninstall\PCHealth] "UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf" [Uninstall\PowerStrip 3 (remove only)] "DisplayName"="PowerStrip 3 (remove only)" "UninstallString"="C:\Programme\PowerStrip\uninstal.exe" [Uninstall\PRE-XP-SP3] "DisplayName"="Sereby's Updatepack Version 1.7.3" "UninstallString"="msiexec.exe" [Uninstall\QIP 2005_is1] "DisplayName"="QIP 2005 8080" "UninstallString"="\"C:\Programme\QIP\unins000.exe\"" [Uninstall\QIP 8040 Jeak Edition] "UninstallString"="C:\Programme\QIP\uninstall.exe" "DisplayName"="QIP 8040 Jeak Edition" [Uninstall\QIP2005] "DisplayName"="QIP 2005 Uninstall" "UninstallString"="\"C:\Programme\QIP\unqip.exe\"" [Uninstall\RealJukebox 1.0] "UninstallString"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0" [Uninstall\RealPlayer 6.0] "UninstallString"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0" "DisplayName"="RealPlayer" "DisplayIcon"="C:\Program Files\Real\RealPlayer\realplay.exe" [Uninstall\Saal Digital] "DisplayName"="Saal Digital " "UninstallString"="C:\Programme\Saal Digital\uninst.exe" "DisplayIcon"="C:\Programme\Saal Digital\1139482806.ico" [Uninstall\Sam And Max Season One Collection Pack1.0.TBGT] "DisplayName"="Sam And Max Season One Collection Pack" "UninstallString"="\"C:\Program Files\Sam And Max Season One Collection Pack\Uninstall\uninstall.exe\" \"/U:C:\Programme\Sam And Max Season One Collection Pack\Uninstall\uninstall.xml\"" "DisplayIcon"="\"C:\Programme\Sam And Max Season One Collection Pack\Uninstall\SM S1.ico\",0" [Uninstall\Spamihilator] "DisplayName"="Spamihilator" "DisplayIcon"="\"C:\Programme\Spamihilator\spamihilator.exe\"" "UninstallString"="\"C:\Programme\Spamihilator\uninstall.exe\"" [Uninstall\Spybot - Search & Destroy_is1] "DisplayName"="Spybot - Search & Destroy 1.5.2.20" "UninstallString"="\"C:\WINDOWS\unins000.exe\"" [Uninstall\Steam] "DisplayName"="Steam" "UninstallString"="C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG" "DisplayIcon"="C:\Programme\Steam\Public\steam_tray.ico,-0" [Uninstall\Steam App 215] "DisplayIcon"="" "DisplayName"="Source SDK Base" "UninstallString"="\"C:\Programme\Steam\steam.exe\" steam://uninstall/215" [Uninstall\Steam App 218] "DisplayIcon"="" "DisplayName"="Source SDK Base - Orange Box" "UninstallString"="\"C:\Programme\Steam\steam.exe\" steam://uninstall/218" [Uninstall\Steam App 302] "DisplayIcon"="" "DisplayName"="Day of Defeat: Source Beta" "UninstallString"="\"C:\Programme\Steam\steam.exe\" steam://uninstall/302" [Uninstall\Steam App 320] "DisplayIcon"="c:\programme\steam\Steam\Games\Half-Life 2 Deathmatch.ico" "DisplayName"="Half-Life 2: Deathmatch" "UninstallString"="\"C:\Programme\Steam\steam.exe\" steam://uninstall/320" [Uninstall\Synchronizer_is1] "DisplayName"="Synchronizer - Deinstallation" "UninstallString"="\"C:\Programme\Synchronizer\unins000.exe\"" [Uninstall\TeXnicCenter_is1] "DisplayName"="TeXnicCenter Version 1 Beta 7.01 (Greengrass)" "DisplayIcon"="C:\Programme\TeXnicCenter\TEXCNTR.EXE" "UninstallString"="\"C:\Programme\TeXnicCenter\unins000.exe\"" [Uninstall\TIPP10_is1] "DisplayName"="TIPP10 Version 2.0.3" "UninstallString"="\"C:\Programme\Tipp10\unins000.exe\"" [Uninstall\TippKönigin Demo_is1] "DisplayName"="TippKönigin Demo 5.5" "UninstallString"="\"C:\Programme\TippKönigin Demo\unins000.exe\"" [Uninstall\TrueCrypt] "UninstallString"="\"C:\Programme\TrueCrypt\TrueCrypt Setup.exe\" /u" "DisplayIcon"="\"C:\Programme\TrueCrypt\TrueCrypt Setup.exe\"" "DisplayName"="TrueCrypt" [Uninstall\USB Scanner] "DisplayName"="USB Scanner" "UninstallString"="C:\WINDOWS\RunUnDrv.exe C:\WINDOWS\Twain_32\FlatBed\PmxScan.INF DefaultUnInstall.USB.NTX86" [Uninstall\VentriloMIX] "DisplayName"="VentriloMIX" "UninstallString"="C:\Programme\VentriloMIX\Uninstal.exe" [Uninstall\VLC media player] "DisplayName"="VideoLAN VLC media player 0.8.6i" "UninstallString"="C:\Programme\VideoLAN\VLC\uninstall.exe" "DisplayIcon"="C:\Programme\VideoLAN\VLC\vlc.exe" [Uninstall\Vokabel_Master_8.0] "DisplayName"="Vokabel Master PC-Software 1.64" "UninstallString"="C:\WINDOWS\iun6002.exe \"C:\Programme\Vokabel Master\irunin.ini\"" [Uninstall\Wdf01000] [Uninstall\Wdf01001] [Uninstall\Wdf01005] "DisplayName"="Microsoft Kernel-Mode Driver Framework Feature Pack 1.5" "UninstallString"="\"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe\"" [Uninstall\Windows Presentation Foundation Language Pack (DEU)] "DisplayIcon"="C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\de\wpfArp.ico" "DisplayName"="Windows Presentation Foundation Language Pack (DEU)" "UninstallString"="msiexec.exe /I C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\de\wpflangpack.msi" [Uninstall\Windows Workflow Foundation DE Language Pack] "DisplayName"="Windows Workflow Foundation DE Language Pack" "UninstallString"="MsiExec.exe /x{7228FD8C-3B9E-4204-AE36-8A466107685B}" [Uninstall\WinRAR archiver] "DisplayName"="WinRAR archiver" "UninstallString"="C:\Programme\WinRAR\uninstall.exe" "DisplayIcon"="C:\Programme\WinRAR\WinRAR.exe" [Uninstall\XP Codec Pack] "DisplayName"="XP Codec Pack" "UninstallString"="C:\Programme\XP Codec Pack\Uninstall.exe" "DisplayIcon"="C:\Programme\XP Codec Pack\Uninstall.exe" [Uninstall\xp-AntiSpy] "DisplayName"="xp-AntiSpy 3.96-2" "UninstallString"="C:\Programme\xp-AntiSpy\Uninstall.exe" "DisplayIcon"="C:\Programme\xp-AntiSpy\xp-AntiSpy.exe,0" [Uninstall\XpsEPSC] "DisplayName"="XML Paper Specification Shared Components Pack 1.0" "UninstallString"="" [Uninstall\XPSEPSCLP] "DisplayName"="XML Paper Specification Shared Components Language Pack 1.0" "UninstallString"="\"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe\"" [Uninstall\{0224CACC-994D-45F8-B973-D65056EA9C2F}] "InstallSource"="F:\Adobe CS3\payloads\AdobeXMPPanelsDVAAll\" "UninstallString"=expand:"MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}" "DisplayName"="Adobe XMP DVA Panels CS3" [Uninstall\{07103840-959A-4B0D-8825-2C533F0DDB19}] "InstallSource"="E:\ENCCALC\" "UninstallString"=expand:"MsiExec.exe /I{07103840-959A-4B0D-8825-2C533F0DDB19}" "DisplayName"="Microsoft Mathe" [Uninstall\{08101881-FCA5-44A7-B863-D66037A16AAF}] "InstallSource"="E:\" "UninstallString"=expand:"MsiExec.exe /I{08101881-FCA5-44A7-B863-D66037A16AAF}" "DisplayName"="Microsoft Encarta 2008 – Lernen und Wissen" [Uninstall\{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}] "InstallSource"="C:\WINDOWS\system32\" "DisplayName"="Softwareupdate für Webordner" [Uninstall\{08B32819-6EEF-4057-AEDA-5AB681A36A23}] "InstallSource"="F:\Adobe CS3\payloads\BridgeStartMeeting\" "UninstallString"=expand:"MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}" "DisplayName"="Adobe Bridge Start Meeting" [Uninstall\{0A146245-DB79-4197-BF5D-FE1A699A2CC7}] "InstallSource"="D:\SOFTWARE\CWDS\ENGLISH\" "DisplayName"="Camera Window DS" [Uninstall\{0C826C5B-B131-423A-A229-C71B3CACCD6A}] "UninstallString"=expand:"MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}" "DisplayName"="CDDRV_Installer" [Uninstall\{0F122737-72B2-4095-8B3E-7AAE753DFD3D}] "InstallSource"="E:\LRNGESSL\" "UninstallString"=expand:"MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}" [Uninstall\{15095BF3-A3D7-4DDF-B193-3A496881E003}] "UninstallString"=expand:"MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}" "DisplayName"="Microsoft .NET Framework 3.0" [Uninstall\{16D2E10E-DE43-4F6C-AC76-3AA4FCD9D50C}] "UninstallString"=expand:"MsiExec.exe /I{16D2E10E-DE43-4F6C-AC76-3AA4FCD9D50C}" "DisplayName"="MSXML 6.0 Parser (KB927977)" [Uninstall\{17BF3045-AB1D-4048-8356-6C584B83565E}] "InstallSource"="D:\SOFTWARE\DPP\" "DisplayName"="Canon Utilities Digital Photo Professional 2.0" [Uninstall\{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}] "InstallSource"="F:\Adobe CS3\payloads\AdobeWinSoftLinguisticsPluginAll\" "UninstallString"=expand:"MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" "DisplayName"="Adobe WinSoft Linguistics Plugin" [Uninstall\{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}] "InstallSource"="F:\Adobe CS3\payloads\AdobeAfterEffects8PresetsAll\" "UninstallString"=expand:"MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" "DisplayName"="Adobe After Effects CS3 Presets" [Uninstall\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}] "UninstallString"=expand:"MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" "DisplayName"="Google Earth" [Uninstall\{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}] "UninstallString"=expand:"MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" "DisplayName"="Rhapsody Player Engine" [Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216010FF}] "DisplayIcon"="C:\Programme\Java\jre6\\bin\javaws.exe" "InstallSource"="C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Sun\Java\jre1.6.0_10\" "UninstallString"=expand:"MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}" "DisplayName"="Java(TM) 6 Update 11" [Uninstall\{29E5EA97-5F74-4A57-B8B2-D4F169117183}] "InstallSource"="F:\Adobe CS3\payloads\AdobeStockPhotos1.5All\" "UninstallString"=expand:"MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}" "DisplayName"="Adobe Stock Photos CS3" [Uninstall\{3101CB58-3482-4D21-AF1A-7057FC935355}] "UninstallString"=expand:"MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}" "DisplayName"="KhalInstallWrapper" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}] "DisplayIcon"="C:\Programme\Java\jre1.5.0_06\\bin\javaws.exe" "InstallSource"="C:\Dokumente und Einstellungen\Joe\Lokale Einstellungen\Anwendungsdaten\{3248F0A6-6813-11D6-A77B-00B0D0150060}\" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}" "DisplayName"="J2SE Runtime Environment 5.0 Update 6" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_02\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_02-b06/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}" "DisplayName"="Java(TM) 6 Update 2" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_03\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_03-b05/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}" "DisplayName"="Java(TM) 6 Update 3" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_05\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_05-b13/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}" "DisplayName"="Java(TM) 6 Update 5" [Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}] "DisplayIcon"="C:\Programme\Java\jre1.6.0_07\\bin\javaws.exe" "InstallSource"="http://javadl.sun.com/webapps/download/GetFile/1.6.0_07-b06/windows-i586/" "UninstallString"=expand:"MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}" "DisplayName"="Java(TM) 6 Update 7" [Uninstall\{33711828-7194-4446-8C05-0DC0E59A0C1B}] "InstallSource"="D:\SOFTWARE\CIGTASK\ENGLISH\" "DisplayName"="CANON iMAGE GATEWAY Task" [Uninstall\{33CF7CDF-9805-4500-9CC7-D19D52AD63C4}] "InstallSource"="D:\SOFTWARE\WIA\E3KR2_R\" "DisplayName"="Canon Camera WIA Driver" [Uninstall\{359D2A79-64C6-4824-83CE-B053297DED6A}] "UninstallString"=expand:"MsiExec.exe /I{359D2A79-64C6-4824-83CE-B053297DED6A}" "DisplayName"="Adobe Photoshop Lightroom" [Uninstall\{36C65B50-37BA-4467-AAD5-0523EFDF6F62}] "InstallSource"="D:\SOFTWARE\CWMC\ENGLISH\" "DisplayName"="Camera Window MC" [Uninstall\{3E354FBA-C7CE-402A-BB0D-225230BB1918}] "UninstallString"=expand:"MsiExec.exe /X{3E354FBA-C7CE-402A-BB0D-225230BB1918}" "DisplayName"="Logitech G15 Keyboard Software 1.04" [Uninstall\{42F7C377-2A1F-44FB-A17F-053C29E81031}] "UninstallString"=expand:"MsiExec.exe /I{42F7C377-2A1F-44FB-A17F-053C29E81031}" "DisplayName"="Nero 7 Premium" [Uninstall\{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}] "InstallSource"="C:\DOKUME~1\Joe\LOKALE~1\Temp\" "UninstallString"=expand:"MsiExec.exe /I{4448ABF6-786D-4C3D-A49D-7BB237E6DD17}" "DisplayName"="Foxit PDF IFilter" [Uninstall\{491DD792-AD81-429C-9EB4-86DD3D22E333}] "UninstallString"=expand:"MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}" "DisplayName"="Windows Communication Foundation" [Uninstall\{498A4E3D-562E-4129-8722-6DCAB12384AE}] "InstallSource"="C:\Dokumente und Einstellungen\Default User\7zSEB1.tmp\framework3\Langpacks\WCF\" "DisplayName"="Windows Communication Foundation Language Pack - DEU" [Uninstall\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}] "InstallSource"="J:\Tools\CorelDRAW.Graphics.Suite.X3.v13.0.German.Incl.Keygen\CGS13\" "UninstallString"=expand:"MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" "DisplayName"="FontNav" [Uninstall\{53480330-E1D1-41CA-B8F8-7F78644F7F50}] "UninstallString"=expand:"MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}" "DisplayName"="O&O Defrag Professional Edition" [Uninstall\{54793AA1-5001-42F4-ABB6-C364617C6078}] "InstallSource"="F:\Adobe CS3\payloads\AdobeLinguisticsAll\" "UninstallString"=expand:"MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}" "DisplayName"="Adobe Linguistics CS3" [Uninstall\{55A29068-F2CE-456C-9148-C869879E2357}] "InstallSource"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}\" "UninstallString"=expand:"MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}" "DisplayName"="TuneUp Utilities 2009" [Uninstall\{589D17BB-C997-48C0-BCD2-CC8DC3375FE8}] "InstallSource"="D:\SOFTWARE\EC\English\" "DisplayName"="EOS Capture 1.5" [Uninstall\{5BC50E26-439A-45C1-9E76-7FA841A64EA4}] "UninstallString"=expand:"MsiExec.exe /X{5BC50E26-439A-45C1-9E76-7FA841A64EA4}" "DisplayName"="SmartCode VNC Manager (Enterprise Edition) 3.6" [Uninstall\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}] "DisplayIcon"="C:\Programme\Skype\Phone\Skype.exe" "InstallSource"="C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\" "UninstallString"=expand:"MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" "DisplayName"="Skype™ 3.8" [Uninstall\{63218538-4A69-497F-8455-904261B0E9E4}] "InstallSource"="J:\Tools\CorelDRAW.Graphics.Suite.X3.v13.0.German.Incl.Keygen\CGS13\" "UninstallString"=expand:"MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}" "DisplayName"="CorelDRAW Graphics Suite X3" [Uninstall\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}] "InstallSource"="C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple\Apple Software Update\" "UninstallString"=expand:"MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" "DisplayName"="Apple Software Update" [Uninstall\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}] "UninstallString"=expand:"MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" "DisplayName"="Windows Media Player Firefox Plugin" [Uninstall\{6ABE0BEE-D572-4FE8-B434-9E72A289431B}] "InstallSource"="F:\Adobe CS3\payloads\AdobeFontsAll\" "UninstallString"=expand:"MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" "DisplayName"="Adobe Fonts All" [Uninstall\{6B708481-748A-4EB4-97C1-CD386244FF77}] "InstallSource"="F:\Adobe CS3\payloads\AdobeMotionPictureAll\" "UninstallString"=expand:"MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}" "DisplayName"="Adobe MotionPicture Color Files" [Uninstall\{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}] "InstallSource"="F:\Adobe CS3\payloads\AHVSTIAll\" "UninstallString"=expand:"MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" "DisplayName"="AHV content for Acrobat and Flash" [Uninstall\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}] "InstallSource"="F:\Adobe CS3\payloads\AdobeAssetServices3All\" "UninstallString"=expand:"MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" "DisplayName"="Adobe Asset Services CS3" [Uninstall\{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}] "DisplayIcon"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ndpsetup.ico" "InstallSource"="C:\Dokumente und Einstellungen\Default User\7zSEB1.tmp\framework2\" "DisplayName"="Microsoft .NET Framework 2.0" [Uninstall\{7228FD8C-3B9E-4204-AE36-8A466107685B}] "UninstallString"=expand:"MsiExec.exe /I{7228FD8C-3B9E-4204-AE36-8A466107685B}" "DisplayName"="Windows Workflow Foundation DE Language Pack" [Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] "UninstallString"=expand:"MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}" "DisplayName"="Microsoft Visual C++ 2005 Redistributable" [Uninstall\{73B5D990-04EA-4751-B10F-5534770B91F2}] "InstallSource"="F:\Adobe CS3\payloads\AdobeColorEU_RecommendedAll\" "UninstallString"=expand:"MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}" "DisplayName"="Adobe Color EU Recommended Settings" [Uninstall\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}] "InstallSource"="E:\LRNGESSL\" "UninstallString"=expand:"MsiExec.exe /X{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" "DisplayName"="Werkzeuge und Vorlagen für Microsoft Office" [Uninstall\{789289CA-F73A-4A16-A331-54D498CE069F}] "InstallSource"="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\" "UninstallString"=expand:"MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}" "DisplayName"="Ventrilo Client" [Uninstall\{7ACFB90E-8FD0-4397-AD3A-5195412623A3}] "InstallSource"="F:\Adobe CS3\payloads\AdobeHelpViewerAll\" "UninstallString"=expand:"MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" "DisplayName"="Adobe Help Viewer CS3" [Uninstall\{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}] "UninstallString"=expand:"MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" "DisplayName"="Windows Workflow Foundation" [Uninstall\{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}] "InstallSource"="F:\Adobe CS3\payloads\AdobeVideoProfilesAll\" "UninstallString"=expand:"MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" "DisplayName"="Adobe Video Profiles" [Uninstall\{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}] "InstallSource"="D:\SOFTWARE\PSTITCH\ENGLISH\" "DisplayName"="PhotoStitch" [Uninstall\{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}] "InstallSource"="C:\Dokumente und Einstellungen\Default User\7zSEB1.tmp\framework2\langpack\" "DisplayName"="Microsoft .NET Framework 2.0 Language Pack - DEU" [Uninstall\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}] "InstallSource"="F:\Adobe CS3\payloads\AdobeDeviceCentralAll\" "UninstallString"=expand:"MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" "DisplayName"="Adobe Device Central CS3" [Uninstall\{8DC42D05-680B-41B0-8878-6C14D24602DB}] "InstallSource"="C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple\Apple Software Update\" "UninstallString"=expand:"MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}" "DisplayName"="QuickTime" [Uninstall\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}] "InstallSource"="F:\Adobe CS3\payloads\AdobeTypeSupportAll\" "UninstallString"=expand:"MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" "DisplayName"="Adobe Type Support" [Uninstall\{90110407-6000-11D3-8CFE-0150048383C9}] "UninstallString"=expand:"MsiExec.exe /I{90110407-6000-11D3-8CFE-0150048383C9}" "DisplayName"="Microsoft Office Professional Edition 2003" [Uninstall\{90120000-0020-0407-0000-0000000FF1CE}] "InstallSource"="C:\Programme\MSECache\O2007Cnv\1031\" "UninstallString"=expand:"MsiExec.exe /X{90120000-0020-0407-0000-0000000FF1CE}" "DisplayName"="Compatibility Pack für 2007 Office System" [Uninstall\{90176341-0A8B-4CCC-A78D-F862228A6B95}] "InstallSource"="F:\Adobe CS3\payloads\AdobeALMAnchorServiceAll\" "UninstallString"=expand:"MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}" "DisplayName"="Adobe Anchor Service CS3" [Uninstall\{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}] "UninstallString"=expand:"MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" "DisplayName"="Windows Presentation Foundation Language Pack (DEU)" [Uninstall\{9C9824D9-9000-4373-A6A5-D0E5D4831394}] "InstallSource"="F:\Adobe CS3\payloads\AdobeBridge2All\" "UninstallString"=expand:"MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}" "DisplayName"="Adobe Bridge CS3" [Uninstall\{A1795AC0-9B6A-40D9-8E07-A82662268D9F}] "InstallSource"="C:\Dokumente und Einstellungen\Joe\Anwendungsdaten\Steganos VPN\" "UninstallString"=expand:"MsiExec.exe /I{A1795AC0-9B6A-40D9-8E07-A82662268D9F}" "DisplayName"="Virtual Machine Network Services Driver" [Uninstall\{A1D0D14A-B776-4907-BC00-5149F2298086}] "InstallSource"="D:\SOFTWARE\CSCLIB\" "DisplayName"="Camera Support Core Library" [Uninstall\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}] "InstallSource"="F:\Adobe CS3\payloads\AdobeCMapsAll\" "UninstallString"=expand:"MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" "DisplayName"="Adobe CMaps" [Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}] "InstallSource"="F:\Adobe CS3\payloads\AdobeColorPhotoshopAll\" "UninstallString"=expand:"MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}" "DisplayName"="Adobe Color - Photoshop Specific" [Uninstall\{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}] "InstallSource"="D:\SOFTWARE\CWDVC\ENGLISH\" "DisplayName"="Camera Window DVC" [Uninstall\{A625D45F-1DC4-47FB-ABCF-6B27684AA717}] "UninstallString"=expand:"MsiExec.exe /I{A625D45F-1DC4-47FB-ABCF-6B27684AA717}" "DisplayName"="OpenOffice.org 2.3" [Uninstall\{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}] "InstallSource"="F:\Adobe CS3\payloads\AdobePDFSettingsAll\" "UninstallString"=expand:"MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" "DisplayName"="PDF Settings" [Uninstall\{AC76BA86-1033-F400-7760-000000000003}] "InstallSource"="F:\Adobe CS3\payloads\AdobeAcrobat8.1de_DE\" "DisplayName"="Adobe Acrobat 8 Professional - English, Français, Deutsch" [Uninstall\{AC76BA86-7AD7-1031-7B44-A81000000003}] "UninstallString"=expand:"MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81000000003}" "DisplayName"="Adobe Reader 8.1.0 - Deutsch" [Uninstall\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}] "InstallSource"="F:\Adobe CS3\payloads\AdobeCameraRaw4.0All\" "UninstallString"=expand:"MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" "DisplayName"="Adobe Camera Raw 4.0" [Uninstall\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1] "DisplayName"="Spybot - Search & Destroy" "DisplayIcon"="C:\Programme\Spybot - Search & Destroy\SpybotSD.exe" "UninstallString"="\"C:\Programme\Spybot - Search & Destroy\unins001.exe\"" [Uninstall\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}\setup.exe\" -l0x7 -removeonly" "DisplayName"="ElsterFormular 2007/2008" "DisplayIcon"="\setup files\compressed files\language independent\os independent\Elfo.ico" [Uninstall\{B5347403-63C2-4B7A-AF63-AB3FE4F907B7}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{B5347403-63C2-4B7A-AF63-AB3FE4F907B7}\Setup.exe\" -l0x9 " "DisplayName"="COWON D2 User's Guide" [Uninstall\{B671CBFD-4109-4D35-9252-3062D3CCB7B2}] "InstallSource"="F:\Adobe CS3\payloads\AdobeSINGAll\" "UninstallString"=expand:"MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" "DisplayName"="Adobe SING CS3" [Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}] "DisplayName"="DivX Web Player" "DisplayIcon"="C:\Programme\DivX\DivX Web Player\npdivx32.dll,0" "UninstallString"="C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN" [Uninstall\{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}] "InstallSource"="F:\Adobe CS3\payloads\AdobeBridgeTalkPluginAll\" "UninstallString"=expand:"MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" "DisplayName"="Adobe BridgeTalk Plugin CS3" [Uninstall\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}] "InstallSource"="F:\Adobe CS3\payloads\AdobeDefaultLanguageCS3All\" "UninstallString"=expand:"MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" "DisplayName"="Adobe Default Language CS3" [Uninstall\{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}] "InstallSource"="D:\SOFTWARE\RAWTASK\ENGLISH\" "DisplayName"="RAW Image Task 2.2" [Uninstall\{BAF78226-3200-4DB4-BE33-4D922A799840}] "UninstallString"=expand:"MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}" "DisplayName"="Windows Presentation Foundation" [Uninstall\{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}] "InstallSource"="D:\SOFTWARE\PR2\" "UninstallString"=expand:"MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}" "DisplayName"="Canon PhotoRecord" [Uninstall\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}] "InstallSource"="F:\Adobe CS3\payloads\AdobeFlashPlayer9_axDbg_mul\" "UninstallString"=expand:"MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" "DisplayName"="Adobe Flash Player 9 ActiveX" [Uninstall\{BD6FFB19-9DFB-4F49-9A1D-90E374DC0DBD}] "InstallSource"="C:\DOKUME~1\Joe\LOKALE~1\Temp\mia1\" "DisplayName"="ShrinkTo5" [Uninstall\{BE5F3842-8309-4754-92D5-83E02E6077A3}] "InstallSource"="F:\Adobe CS3\payloads\AdobeExtensionManager1.8All\" "UninstallString"=expand:"MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}" "DisplayName"="Adobe Extension Manager CS3" [Uninstall\{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}] "InstallSource"="D:\SOFTWARE\ZOOMBRSR\" "UninstallString"=expand:"MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" "DisplayName"="Canon ZoomBrowser EX (E)" [Uninstall\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}] "InstallSource"="F:\Adobe CS3\payloads\AdobeExtendScriptToolKitAll\" "UninstallString"=expand:"MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" "DisplayName"="Adobe ExtendScript Toolkit 2" [Uninstall\{C5BD220A-EFE8-48A5-B70E-9503D535FACE}] "InstallSource"="F:\Adobe CS3\payloads\AdobeWASAll\" "UninstallString"=expand:"MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" "DisplayName"="Adobe WAS CS3" [Uninstall\{C8D7A672-F697-4572-AC62-C856053A8DBC}] "InstallSource"="F:\Adobe CS3\payloads\AdobeIllustrator13de_DE\" "UninstallString"=expand:"MsiExec.exe /I{C8D7A672-F697-4572-AC62-C856053A8DBC}" "DisplayName"="Adobe Illustrator CS3" [Uninstall\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}] "InstallSource"="J:\Tools\CorelDRAW.Graphics.Suite.X3.v13.0.German.Incl.Keygen\CGS13\" "UninstallString"=expand:"MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" "DisplayName"="VBA" [Uninstall\{C950420B-4182-49EA-850A-A6A2ABF06C6B}] "UninstallString"=expand:"MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}" "DisplayName"="Marvell Miniport Driver" [Uninstall\{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}] "InstallSource"="J:\Tools\CorelDRAW.Graphics.Suite.X3.v13.0.German.Incl.Keygen\CGS13\" "UninstallString"=expand:"MsiExec.exe /I{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" "DisplayName"="DE" [Uninstall\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}] "DisplayIcon"="C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe,0" "InstallSource"="C:\Programme\Gemeinsame Dateien\Wise Installation Wizard\" "UninstallString"=expand:"MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" "DisplayName"="SUPERAntiSpyware Free Edition" [Uninstall\{D050D7362D214723AD585B541FFB6C11}] "DisplayName"="DivX Content Uploader" "DisplayIcon"="C:\Programme\DivX\DivXContentUploaderUninstall.exe\someicon.ico,0" "UninstallString"="C:\Programme\DivX\DivXContentUploaderUninstall.exe /CUPLOADER" [Uninstall\{D0DFF92A-492E-4C40-B862-A74A173C25C5}] "InstallSource"="F:\Adobe CS3\payloads\AdobeVersionCueClient3All\" "UninstallString"=expand:"MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}" "DisplayName"="Adobe Version Cue CS3 Client" [Uninstall\{D0E8C34D-19D2-49FD-A900-88DEB788FF86}] "InstallSource"="D:\SOFTWARE\CIG\ENGLISH\" "DisplayName"="Internet Library" [Uninstall\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}] "InstallSource"="F:\Adobe CS3\payloads\AdobePDFL8All\" "UninstallString"=expand:"MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" "DisplayName"="Adobe PDF Library Files" [Uninstall\{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}] "InstallSource"="F:\Adobe CS3\payloads\AdobePhotoshop10de_DE\" "UninstallString"=expand:"MsiExec.exe /I{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" "DisplayName"="Adobe Photoshop CS3" [Uninstall\{D5A31AB1-345D-47C7-A87B-036A669F6DF1}] "InstallSource"="F:\Adobe CS3\payloads\AdobeXMPPanelsAll\" "UninstallString"=expand:"MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" "DisplayName"="Adobe XMP Panels CS3" [Uninstall\{D80A6A73-E58A-4673-AFF5-F12D7110661F}] "InstallSource"="E:\" "DisplayName"="Call of Duty(R) - World at War(TM)" [Uninstall\{DA896917-C1DA-45B2-B4D2-68162F16C0DD}] "InstallSource"="F:\Adobe CS3\payloads\AdobeMasterCollectionSuitede_DE\" "UninstallString"=expand:"MsiExec.exe /I{DA896917-C1DA-45B2-B4D2-68162F16C0DD}" "DisplayName"="Adobe Creative Suite 3 Master Collection" [Uninstall\{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}] "InstallSource"="F:\Adobe CS3\payloads\AdobeColorCommonSetAll\" "UninstallString"=expand:"MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" "DisplayName"="Adobe Color Common Settings" [Uninstall\{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}] "InstallSource"="F:\Adobe CS3\payloads\AdobeColorJA_ExtraSettingsAll\" "UninstallString"=expand:"MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" "DisplayName"="Adobe Color JA Extra Settings" [Uninstall\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe\" -l0x7 -removeonly" "DisplayName"="jetAudio Basic VX" [Uninstall\{DFFDDCF5-CB32-4354-8823-1B9E68025953}] "InstallSource"="F:\Adobe CS3\" "UninstallString"=expand:"MsiExec.exe /I{DFFDDCF5-CB32-4354-8823-1B9E68025953}" "DisplayName"="Adobe Setup" [Uninstall\{E69AE897-9E0B-485C-8552-7841F48D42D8}] "InstallSource"="F:\Adobe CS3\payloads\AdobeAUM5.1All\" "UninstallString"=expand:"MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}" "DisplayName"="Adobe Update Manager CS3" [Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}] "UninstallString"=expand:"MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" "DisplayName"="Alcohol 120%" [Uninstall\{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}] "InstallSource"="F:\Adobe CS3\payloads\AdobeInDesignCS3IconHandler\" "UninstallString"=expand:"MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" "DisplayName"="Adobe InDesign CS3 Icon Handler" [Uninstall\{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}] "UninstallString"=expand:"MsiExec.exe /I{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" "DisplayName"="Visual C++ CRT 9.0 SP1" [Uninstall\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe\" -l0x9 Installed" "DisplayName"="PL-2303 USB-to-Serial" [Uninstall\{F0A37341-D692-11D4-A984-009027EC0A9C}] "UninstallString"="RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup \"C:\Programme\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe\" -l0x7 -removeonly" "InstallSource"="D:\Drivers\Audio\AD1988DTS\32bit\2K_XP\" "DisplayName"="SoundMAX" [Uninstall\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}] "UninstallString"="C:\Programme\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0007 -removeonly" "DisplayName"="Logitech SetPoint" "DisplayIcon"="C:\Programme\Logitech\SetPoint\SetPoint.exe,7" [Uninstall\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}] "InstallSource"="J:\Tools\CorelDRAW.Graphics.Suite.X3.v13.0.German.Incl.Keygen\CGS13\" "UninstallString"=expand:"MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" "DisplayName"="Update Manager" [Uninstall\{FC321AD2-48B4-4013-B997-A65D5FBBD006}] "InstallSource"="C:\WINDOWS\Downloaded Installations\{A7588CD9-9ECC-4194-AAB5-A4DC68314746}\" "DisplayName"="NETGEAR WG311T Wireless Adapter" [Uninstall\{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}] "InstallSource"="F:\Adobe CS3\payloads\AdobeColorNA_ExtraSettingsAll\" "UninstallString"=expand:"MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" "DisplayName"="Adobe Color NA Extra Settings" -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\Steam App 30] "DisplayIcon"="c:\programme\steam\Steam\Games\Day of Defeat.ico" "DisplayName"="Day of Defeat" "UninstallString"="\"C:\programme\steam\steam.exe\" steam://uninstall/30" [Uninstall\Steam App 300] "DisplayIcon"="c:\programme\steam\Steam\Games\Day of Defeat Source.ico" "DisplayName"="Day of Defeat: Source" "UninstallString"="\"C:\Programme\Steam\steam.exe\" steam://uninstall/300" ===================== HIJACKTHIS LOG ===================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:56:51, on 2009-02-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20583) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe C:\Programme\Analog Devices\Core\smax4pnp.exe C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDClock.exe C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDPOP3.exe C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\Applets\LCDMedia.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\Java\jre6\bin\jusched.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\WINDOWS\system32\acs.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE C:\Programme\F-Secure Internet Security\Anti-Virus\FSGK32.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Programme\F-Secure Internet Security\Anti-Virus\fssm32.exe C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\wscntfy.exe C:\Programme\F-Secure Internet Security\Common\FSLAUNCH.EXE C:\Dokumente und Einstellungen\Joe\Desktop\sys76501.exe C:\DOKUME~1\Joe\LOKALE~1\Temp\nsz55.tmp\runme.exe C:\Programme\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.serienjunkies.org/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 131.188.44.100:3127 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Launch LCDMon] "C:\Programme\Gemeinsame Dateien\Logitech\LCD Manager\lcdmon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Gemeinsame Dateien\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Adobe Photoshop Lightroom 1.2\apdproxy.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure Internet Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TrueCrypt] "C:\Programme\TrueCrypt\TrueCrypt.exe" /q preferences /a favorites O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra 'Tools' menuitem: Erwachsene... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Programme\F-Secure Internet Security\FSPC\fspcmsie.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab O16 - DPF: {463ED66E-431B-11D2-ADB0-0080C83DA4EB} (AcceptWM Class) - https://w3s.webmoney.ru/WMAcceptor.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{EB946169-16F8-4678-8017-1EF514BB6665}: NameServer = 192.168.2.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Anti-Virus\fsgk32st.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Programme\F-Secure Internet Security\ORSP Client\fsorsp.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe O23 - Service: NBService - Nero AG - C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 11233 bytes ========================================== Scan completed in 1.6 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work