Home » Viren, Trojaner & Malware Forum » Pc schaltet sich aus sobald ich svchost.exe schließe(Nt-Autorität/System) » Themenansicht
Pc schaltet sich aus sobald ich svchost.exe schließe(Nt-Autorität/System) |
||
|---|---|---|
| #0
| ||
|
01.11.2009, 20:37
Member
Themenstarter Beiträge: 69 |
#61
ok...aber ich hab trotzdem nochmal beide mitgeschick^^
|
|
 
|
|
|
|
01.11.2009, 21:12
Member
Beiträge: 3716 |
#62
ok, downloade Systemscan:
http://virus-protect.org/artikel/tools/systemscan.html hake an: Showing files newer than 60 days REGISTRY SCAN [Windows\AppInit_DLLs] [ShellExecuteHooks] [Winlogon] [RunOnce] [SharedTaskScheduler] [Browser Helper Objects] [MSConfig] [Desktop] [SharedAccess] [WinSock2] [Security Center] SUSPICIOUS FILES UNINSTALL LIST antwort evtl. auf mehrere beiträge aufteilen. |
|
|
|
|
|
|
02.11.2009, 14:24
Member
Themenstarter Beiträge: 69 |
#63
SystemScan - www.suspectfile.com - ver. 3.6.2 (code: holifay & bReAkdOWn)
Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1) System directory: D:\WINDOWS SystemScan file: D:\Dokumente und Einstellungen\Dani\Desktop\sys22905.exe Running in: User mode Date: 02.11.2009 Time: 14:10:45 Output limited to: -PC accounts -Recent files -Duplicates in BAK folders -Registry Run Keys -Autoplay settings (autorun.inf) -Scheduled jobs -Services and Drivers (all) -Svchost.exe instances -Loaded Dlls -Alternate Data Sreams -Encrypted Files -Hidden objects -Master Boot Record -Network settings -Include HOSTS file -Suspicious Files -Installed Applications -Include HIJACKTHIS.log ===================== ACCOUNTS ON THIS PC ===================== Users on this computer: Is Admin? | Username ------------------ Yes | Administrator | ASPNET Yes | Dani | Gast (Disabled) | Hilfeassistent (Disabled) | SUPPORT_388945a0 (Disabled) ### users folders ### startup files in users folders ===================== RECENT FILES ===================== Listing files newer than 60 days ---- recent files in D:\ 28/08/2008 14:34:35 -- 01/11/2009 20:19:26 (DIR) --R- 0 days old -- D:\Programme 28/08/2008 15:27:42 -- 01/11/2009 20:15:54 (DIR) ---- 0 days old -- D:\WINDOWS 01/11/2009 19:33:34 -- 01/11/2009 19:45:06 (DIR) ---- 0 days old -- D:\Avenger 01/11/2009 14:34:14 -- 01/11/2009 14:53:33 (DIR) ---- 0 days old -- D:\SDFix 31/10/2009 22:02:03 -- 01/11/2009 11:08:44 (DIR) ---- 1 days old -- D:\Qoobox 29/08/2008 15:09:12 -- 31/10/2009 22:09:59 (DIR) HS-- 1 days old -- D:\RECYCLER 29/10/2008 20:53:15 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\DVDVideoSoft 11/10/2009 12:42:36 -- 23/10/2009 19:22:05 (DIR) ---- 9 days old -- D:\Download 16/10/2009 19:30:19 -- 16/10/2009 19:30:19 (DIR) ---- 16 days old -- D:\Program Files 02/10/2009 18:01:58 -- 02/10/2009 18:01:58 (DIR) ---- 30 days old -- D:\Spyrax's Config 17/09/2009 16:29:06 -- 17/09/2009 16:29:06 (DIR) ---- 45 days old -- D:\Nexon 01/11/2009 14:41:05 -- 02/11/2009 14:07:031610612736 HS-A 0 days old -- D:\pagefile.sys 01/11/2009 19:44:37 -- 01/11/2009 19:44:37 1074 ---A 0 days old -- D:\avenger.txt 31/10/2009 22:12:30 -- 01/11/2009 11:08:41 22689 ---A 1 days old -- D:\log.txt 01/11/2009 11:08:41 -- 01/11/2009 11:08:41 22689 ---A 1 days old -- D:\ComboFix.txt 31/10/2009 22:17:26 -- 31/10/2009 22:17:26 21449 ---A 1 days old -- D:\ComboFix1.txt 29/09/2009 18:55:06 -- 29/09/2009 18:55:06 100 ---A 33 days old -- D:\start ---- recent files in D:\DOKUME~1\Dani\LOKALE~1\Temp\ 02/11/2009 14:08:46 -- 02/11/2009 14:10:45 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\nsvC.tmp 02/11/2009 14:07:49 -- 02/11/2009 14:07:50 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\plugtmp-1 01/11/2009 20:15:50 -- 01/11/2009 20:17:50 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\WuaDiagnostics 01/11/2009 20:15:22 -- 01/11/2009 20:15:38 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\IXP000.TMP 01/11/2009 15:14:10 -- 01/11/2009 19:18:17 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\plugtmp 01/11/2009 15:16:01 -- 01/11/2009 15:17:47 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\audacity_1_2_temp 01/11/2009 13:46:50 -- 01/11/2009 14:11:09 (DIR) ---- 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\hsperfdata_Dani 01/11/2009 11:14:49 -- 01/11/2009 11:14:49 (DIR) ---- 1 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\Low 02/11/2009 14:07:51 -- 02/11/2009 14:10:09 0 H--A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\etilqs_hICnNRob6wJuaAExJK9f 02/11/2009 14:08:46 -- 02/11/2009 14:08:46 16384 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\~DF5A6D.tmp 02/11/2009 14:08:46 -- 02/11/2009 14:08:46 56 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\systemscan.ini 02/11/2009 14:07:13 -- 02/11/2009 14:07:15 49152 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\~DFA059.tmp 01/11/2009 21:26:55 -- 01/11/2009 21:26:56 49152 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\~DFA52F.tmp 01/11/2009 17:20:12 -- 01/11/2009 21:00:28 8996 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\v3init2.log 01/11/2009 20:40:32 -- 01/11/2009 20:40:32 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON62.tmp 01/11/2009 20:40:32 -- 01/11/2009 20:40:32 129676 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON60.tmp 01/11/2009 20:40:32 -- 01/11/2009 20:40:32 72680 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON5E.tmp 01/11/2009 20:40:32 -- 01/11/2009 20:40:32 55400 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON61.tmp 01/11/2009 20:40:32 -- 01/11/2009 20:40:32 2978176 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON5F.tmp 01/11/2009 20:40:32 -- 01/11/2009 20:40:32 46900 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON5D.tmp 01/11/2009 20:28:33 -- 01/11/2009 20:28:33 1323528 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\clipboardcache-1 01/11/2009 20:27:57 -- 01/11/2009 20:27:57 1323528 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\clipboardcache 01/11/2009 20:15:45 -- 01/11/2009 20:18:00 29160 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\WuaDiagnostics.log 01/11/2009 20:15:59 -- 01/11/2009 20:15:59 111 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\HAVTool.log 01/11/2009 19:45:06 -- 01/11/2009 19:45:10 49152 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\~DFCA05.tmp 01/11/2009 19:34:10 -- 01/11/2009 19:34:19 49152 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\~DFFA6D.tmp 01/11/2009 19:14:03 -- 01/11/2009 19:14:03 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FONA4.tmp 01/11/2009 19:13:23 -- 01/11/2009 19:13:23 2978176 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FONA0.tmp 01/11/2009 19:13:23 -- 01/11/2009 19:13:23 129676 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FONA1.tmp 01/11/2009 19:13:23 -- 01/11/2009 19:13:23 46900 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON9E.tmp 01/11/2009 19:13:23 -- 01/11/2009 19:13:23 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FONA3.tmp 01/11/2009 19:13:23 -- 01/11/2009 19:13:23 55400 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FONA2.tmp 01/11/2009 19:13:23 -- 01/11/2009 19:13:23 72680 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON9F.tmp 01/11/2009 18:42:40 -- 01/11/2009 18:42:40 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON92.tmp 01/11/2009 18:41:34 -- 01/11/2009 18:41:34 55400 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON90.tmp 01/11/2009 18:41:34 -- 01/11/2009 18:41:34 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON91.tmp 01/11/2009 18:41:34 -- 01/11/2009 18:41:34 129676 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON8F.tmp 01/11/2009 18:41:33 -- 01/11/2009 18:41:33 72680 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON8D.tmp 01/11/2009 18:41:33 -- 01/11/2009 18:41:33 46900 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON8C.tmp 01/11/2009 18:41:33 -- 01/11/2009 18:41:33 2978176 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON8E.tmp 01/11/2009 17:21:18 -- 01/11/2009 17:21:18 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON73.tmp 01/11/2009 17:20:33 -- 01/11/2009 17:20:33 72680 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON6E.tmp 01/11/2009 17:20:33 -- 01/11/2009 17:20:33 2978176 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON6F.tmp 01/11/2009 17:20:33 -- 01/11/2009 17:20:33 46900 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON6D.tmp 01/11/2009 17:20:33 -- 01/11/2009 17:20:33 0 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON72.tmp 01/11/2009 17:20:33 -- 01/11/2009 17:20:33 129676 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON70.tmp 01/11/2009 17:20:33 -- 01/11/2009 17:20:33 55400 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\FON71.tmp 01/11/2009 14:53:47 -- 01/11/2009 14:53:47 49152 ---A 0 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\~DFAA95.tmp 29/10/2009 20:44:46 -- 29/10/2009 20:44:46 163 ---A 3 days old -- D:\DOKUME~1\Dani\LOKALE~1\Temp\05EE1EEF.TMP ---- recent files in D:\WINDOWS\ 01/11/2009 11:08:43 -- 02/11/2009 14:07:28 (DIR) ---- 0 days old -- D:\WINDOWS\temp 28/08/2008 15:27:42 -- 01/11/2009 21:00:31 (DIR) ---- 0 days old -- D:\WINDOWS\system32 28/08/2008 14:34:38 -- 01/11/2009 20:19:26 (DIR) HS-- 0 days old -- D:\WINDOWS\Installer 28/08/2008 15:27:42 -- 01/11/2009 20:15:56 (DIR) H--- 0 days old -- D:\WINDOWS\inf 01/11/2009 20:15:54 -- 01/11/2009 20:15:54 (DIR) ---- 0 days old -- D:\WINDOWS\Performance 01/11/2009 14:44:42 -- 01/11/2009 14:44:53 (DIR) ---- 0 days old -- D:\WINDOWS\ERUNT 28/08/2008 13:42:31 -- 01/11/2009 11:25:25 (DIR) -S-- 1 days old -- D:\WINDOWS\Tasks 28/08/2008 15:27:42 -- 01/11/2009 11:05:02 (DIR) ---- 1 days old -- D:\WINDOWS\AppPatch 28/08/2008 13:43:20 -- 01/11/2009 10:32:39 (DIR) -S-- 1 days old -- D:\WINDOWS\Downloaded Program Files 28/08/2008 15:27:42 -- 31/10/2009 23:39:11 (DIR) ---- 1 days old -- D:\WINDOWS\WinSxS 28/08/2008 15:27:42 -- 31/10/2009 23:38:47 (DIR) -SR- 1 days old -- D:\WINDOWS\Fonts 31/10/2009 22:02:44 -- 31/10/2009 22:10:42 (DIR) ---- 1 days old -- D:\WINDOWS\ERDNT 29/10/2009 10:44:49 -- 30/10/2009 23:41:19 (DIR) ---- 2 days old -- D:\WINDOWS\ie7updates 28/08/2008 13:44:33 -- 30/10/2009 23:41:18 (DIR) H--- 2 days old -- D:\WINDOWS\$hf_mig$ 28/08/2008 13:49:03 -- 29/10/2009 16:06:25 (DIR) ---- 3 days old -- D:\WINDOWS\Prefetch 28/08/2008 15:27:42 -- 29/10/2009 13:23:42 (DIR) ---- 4 days old -- D:\WINDOWS\Help 29/10/2009 10:44:31 -- 29/10/2009 10:44:31 (DIR) ---- 4 days old -- D:\WINDOWS\WBEM 28/08/2008 15:27:42 -- 29/10/2009 10:44:27 (DIR) ---- 4 days old -- D:\WINDOWS\Media 29/10/2009 10:43:38 -- 29/10/2009 10:44:21 (DIR) H--- 4 days old -- D:\WINDOWS\ie7 29/10/2009 10:43:26 -- 29/10/2009 10:43:26 (DIR) H--- 4 days old -- D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$ 29/10/2009 10:43:07 -- 29/10/2009 10:43:07 (DIR) H--- 4 days old -- D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$ 29/10/2009 10:42:45 -- 29/10/2009 10:42:45 (DIR) H--- 4 days old -- D:\WINDOWS\$NtUninstallKB915865$ 29/10/2009 10:40:59 -- 29/10/2009 10:40:59 (DIR) ---- 4 days old -- D:\WINDOWS\network diagnostic 29/10/2009 10:40:57 -- 29/10/2009 10:40:58 (DIR) H--- 4 days old -- D:\WINDOWS\$NtUninstallKB914440$ 25/10/2009 21:34:50 -- 25/10/2009 21:34:51 (DIR) H--- 7 days old -- D:\WINDOWS\$NtUninstallKB932823-v3$ 28/08/2008 15:27:42 -- 24/10/2009 20:16:00 (DIR) ---- 8 days old -- D:\WINDOWS\Debug 08/11/2008 15:47:01 -- 24/10/2009 15:46:15 (DIR) -SR- 8 days old -- D:\WINDOWS\assembly 08/11/2008 15:46:43 -- 24/10/2009 15:46:01 (DIR) ---- 8 days old -- D:\WINDOWS\Microsoft.NET 24/10/2009 15:41:35 -- 24/10/2009 15:45:43 (DIR) H--- 8 days old -- D:\WINDOWS\msdownld.tmp 24/10/2009 15:41:30 -- 24/10/2009 15:41:30 (DIR) ---- 8 days old -- D:\WINDOWS\Logs 28/08/2008 15:27:42 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\WINDOWS\repair 07/10/2008 22:55:35 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\WINDOWS\Minidump 15/10/2009 20:48:16 -- 15/10/2009 20:48:19 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB974455$ 15/10/2009 20:48:03 -- 15/10/2009 20:48:03 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB958869$ 15/10/2009 20:47:55 -- 15/10/2009 20:47:56 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB954155_WM9$ 15/10/2009 20:47:48 -- 15/10/2009 20:47:49 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB969059$ 15/10/2009 20:47:40 -- 15/10/2009 20:47:41 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB974112$ 15/10/2009 20:47:31 -- 15/10/2009 20:47:33 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB975025$ 15/10/2009 20:47:23 -- 15/10/2009 20:47:24 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB974571$ 15/10/2009 20:46:40 -- 15/10/2009 20:46:41 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB971486$ 15/10/2009 20:46:32 -- 15/10/2009 20:46:33 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB973525$ 15/10/2009 20:46:24 -- 15/10/2009 20:46:25 (DIR) H--- 17 days old -- D:\WINDOWS\$NtUninstallKB975467$ 12/10/2009 21:09:49 -- 12/10/2009 21:09:50 (DIR) H--- 20 days old -- D:\WINDOWS\$NtUninstallKB968389$ 19/09/2009 16:13:25 -- 19/09/2009 16:13:37 (DIR) ---- 43 days old -- D:\WINDOWS\pss 28/08/2008 15:27:42 -- 11/09/2009 09:36:06 (DIR) ---- 52 days old -- D:\WINDOWS\system 10/09/2009 08:40:20 -- 10/09/2009 08:40:21 (DIR) H--- 53 days old -- D:\WINDOWS\$NtUninstallKB956844$ 10/09/2009 08:40:15 -- 10/09/2009 08:40:16 (DIR) H--- 53 days old -- D:\WINDOWS\$NtUninstallKB968816_WM9$ 10/09/2009 08:40:09 -- 10/09/2009 08:40:10 (DIR) H--- 53 days old -- D:\WINDOWS\$NtUninstallKB971961$ 30/10/2009 23:14:10 -- 02/11/2009 14:07:28 0 ---A 0 days old -- D:\WINDOWS\0.log 10/11/2008 10:30:48 -- 02/11/2009 14:07:06 2048 -S-A 0 days old -- D:\WINDOWS\bootstat.dat 10/11/2008 10:32:18 -- 01/11/2009 21:35:01 32478 ---A 0 days old -- D:\WINDOWS\SchedLgU.Txt 10/11/2008 10:27:20 -- 01/11/2009 21:35:00 1559785 ---A 0 days old -- D:\WINDOWS\WindowsUpdate.log 30/10/2009 23:39:09 -- 01/11/2009 20:15:58 4205 ---A 0 days old -- D:\WINDOWS\setupapi.log 30/10/2009 23:11:29 -- 01/11/2009 19:32:42 50 ---A 0 days old -- D:\WINDOWS\wiaservc.log 30/10/2009 23:11:29 -- 01/11/2009 19:32:41 216 ---A 0 days old -- D:\WINDOWS\wiadebug.log 01/11/2009 17:19:08 -- 01/11/2009 17:19:08 55 ---A 0 days old -- D:\WINDOWS\cryavitompeg.ini 24/02/2009 11:35:51 -- 01/11/2009 14:46:24 546038 ---A 0 days old -- D:\WINDOWS\ntbtlog.txt 28/02/2006 13:00:00 -- 01/11/2009 11:06:35 227 ---A 1 days old -- D:\WINDOWS\system.ini 28/02/2006 13:00:00 -- 01/11/2009 10:54:16 477 ---A 1 days old -- D:\WINDOWS\win.ini 31/10/2009 22:02:48 -- 31/08/2000 08:00:00 98816 ---A 1 days old -- D:\WINDOWS\sed.exe 31/10/2009 22:02:48 -- 11/10/2009 08:10:09 236544 ---A 1 days old -- D:\WINDOWS\PEV.exe 31/10/2009 22:02:48 -- 31/08/2000 08:00:00 212480 ---A 1 days old -- D:\WINDOWS\SWXCACLS.exe 31/10/2009 22:02:48 -- 20/04/2009 12:56:28 31232 ---A 1 days old -- D:\WINDOWS\NIRCMD.exe 31/10/2009 22:02:48 -- 31/08/2000 08:00:00 161792 ---A 1 days old -- D:\WINDOWS\SWREG.exe 31/10/2009 22:02:48 -- 31/08/2000 08:00:00 136704 ---A 1 days old -- D:\WINDOWS\SWSC.exe 31/10/2009 22:02:48 -- 25/10/2009 06:11:34 77312 ---A 1 days old -- D:\WINDOWS\MBR.exe 31/10/2009 22:02:48 -- 31/08/2000 08:00:00 80412 ---A 1 days old -- D:\WINDOWS\grep.exe 31/10/2009 22:02:48 -- 31/08/2000 08:00:00 68096 ---A 1 days old -- D:\WINDOWS\zip.exe 30/10/2009 23:39:07 -- 31/10/2009 15:41:10 60 ---A 1 days old -- D:\WINDOWS\setupact.log 30/10/2009 23:39:08 -- 30/10/2009 23:41:26 1393 ---A 2 days old -- D:\WINDOWS\imsins.log 30/10/2009 23:39:07 -- 30/10/2009 23:41:26 1998 ---A 2 days old -- D:\WINDOWS\iis6.log 30/10/2009 23:39:07 -- 30/10/2009 23:41:26 4150 ---A 2 days old -- D:\WINDOWS\comsetup.log 30/10/2009 23:39:08 -- 30/10/2009 23:41:26 4718 ---A 2 days old -- D:\WINDOWS\tsoc.log 30/10/2009 23:39:07 -- 30/10/2009 23:41:26 2515 ---A 2 days old -- D:\WINDOWS\ntdtcsetup.log 30/10/2009 23:41:18 -- 30/10/2009 23:41:26 11529 ---A 2 days old -- D:\WINDOWS\KB938127-v2-IE7.log 30/10/2009 23:39:08 -- 30/10/2009 23:41:26 684 ---A 2 days old -- D:\WINDOWS\ocmsn.log 30/10/2009 23:39:06 -- 30/10/2009 23:41:25 12366 ---A 2 days old -- D:\WINDOWS\FaxSetup.log 30/10/2009 23:39:06 -- 30/10/2009 23:41:25 5832 ---A 2 days old -- D:\WINDOWS\ocgen.log 30/10/2009 23:39:08 -- 30/10/2009 23:41:25 618 ---A 2 days old -- D:\WINDOWS\msgsocm.log 30/10/2009 23:41:13 -- 30/10/2009 23:41:14 509 ---A 2 days old -- D:\WINDOWS\updspapi.log 30/10/2009 23:40:50 -- 30/10/2009 23:41:14 11638 ---A 2 days old -- D:\WINDOWS\KB971961.log 10/11/2008 10:14:25 -- 30/10/2009 23:39:22 1393 ---A 2 days old -- D:\WINDOWS\imsins.BAK 30/10/2009 23:39:02 -- 30/10/2009 23:39:22 2881 ---A 2 days old -- D:\WINDOWS\KB888111Uninst.log 30/10/2009 23:39:07 -- 30/10/2009 23:39:07 0 ---A 2 days old -- D:\WINDOWS\setuperr.log 30/10/2009 23:11:29 -- 30/10/2009 23:11:29 0 ---A 2 days old -- D:\WINDOWS\Sti_Trace.log 10/11/2008 10:28:40 -- 23/10/2009 22:17:18 316640 ---A 9 days old -- D:\WINDOWS\WMSysPr9.prx 17/09/2009 16:29:05 -- 11/10/2009 12:42:40 421888 ---A 22 days old -- D:\WINDOWS\NEXON_EU_DownloaderUpdater.exe 15/09/2009 19:55:17 -- 15/09/2009 19:55:17 33061 ---A 47 days old -- D:\WINDOWS\king-uninstall.exe ---- recent files in D:\WINDOWS\system\ 11/09/2009 09:36:06 -- 20/09/1994 23:00:00 6736 ---- 52 days old -- D:\WINDOWS\system\WingDib.drv 11/09/2009 09:36:06 -- 23/08/1994 23:00:00 188960 ---- 52 days old -- D:\WINDOWS\system\WingDe.dll 11/09/2009 09:36:06 -- 20/09/1994 23:00:00 5024 ---- 52 days old -- D:\WINDOWS\system\WingPal.wnd 11/09/2009 09:36:06 -- 20/09/1994 23:00:00 92208 ---- 52 days old -- D:\WINDOWS\system\Wing.dll 11/09/2009 09:36:06 -- 28/07/1995 13:00:18 9785 ---- 52 days old -- D:\WINDOWS\system\DVA.386 11/09/2009 09:36:06 -- 20/09/1994 23:00:00 12800 ---- 52 days old -- D:\WINDOWS\system\Wing32.dll ---- recent files in D:\WINDOWS\system32\ 28/08/2008 14:34:02 -- 02/11/2009 14:07:33 (DIR) ---- 0 days old -- D:\WINDOWS\system32\CatRoot2 28/08/2008 15:27:42 -- 01/11/2009 20:40:11 (DIR) ---- 0 days old -- D:\WINDOWS\system32\drivers 28/08/2008 15:27:42 -- 31/10/2009 15:46:10 (DIR) HSR- 1 days old -- D:\WINDOWS\system32\dllcache 28/08/2008 13:42:13 -- 31/10/2009 15:42:38 (DIR) ---- 1 days old -- D:\WINDOWS\system32\Restore 28/08/2008 14:34:02 -- 30/10/2009 23:42:51 (DIR) ---- 2 days old -- D:\WINDOWS\system32\CatRoot 13/11/2008 12:18:13 -- 29/10/2009 10:44:58 (DIR) ---- 4 days old -- D:\WINDOWS\system32\de-DE 28/08/2008 15:27:42 -- 29/10/2009 10:44:37 (DIR) ---- 4 days old -- D:\WINDOWS\system32\config 28/08/2008 13:42:57 -- 24/10/2009 15:46:50 (DIR) ---- 8 days old -- D:\WINDOWS\system32\DirectX 28/08/2008 13:40:45 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\WINDOWS\system32\MsDtc 22/09/2009 17:57:29 -- 19/10/2009 15:50:48 (DIR) ---- 13 days old -- D:\WINDOWS\system32\Samsung_USB_Drivers 28/08/2008 13:42:26 -- 15/09/2009 20:24:40 (DIR) ---- 47 days old -- D:\WINDOWS\system32\Macromed 24/12/2008 14:59:54 -- 02/09/2009 14:20:44 (DIR) ---- 60 days old -- D:\WINDOWS\system32\CatRoot_bak 01/11/2009 17:17:15 -- 01/11/2009 17:19:08 5 ---A 0 days old -- D:\WINDOWS\system32\SySavitompeg.dat 01/11/2009 10:50:53 -- 30/10/2009 14:34:10 29512 ---A 1 days old -- D:\WINDOWS\system32\TURegOpt.exe 01/11/2009 10:50:52 -- 30/10/2009 14:27:34 30024 ---A 1 days old -- D:\WINDOWS\system32\uxtuneup.dll 10/11/2008 10:13:15 -- 01/11/2009 09:33:13 135664 ---A 1 days old -- D:\WINDOWS\system32\FNTCACHE.DAT 28/02/2006 13:00:00 -- 30/10/2009 13:49:40 13646 ---A 3 days old -- D:\WINDOWS\system32\wpa.dbl 29/10/2009 10:42:42 -- 14/07/2006 16:51:51 121856 ---- 4 days old -- D:\WINDOWS\system32\xmllite.dll 28/02/2006 13:00:00 -- 25/10/2009 10:18:35 84524 ---A 8 days old -- D:\WINDOWS\system32\perfc007.dat 28/02/2006 13:00:00 -- 25/10/2009 10:18:35 71196 ---A 8 days old -- D:\WINDOWS\system32\perfc009.dat 28/02/2006 13:00:00 -- 25/10/2009 10:18:35 441260 ---A 8 days old -- D:\WINDOWS\system32\perfh009.dat 10/11/2008 10:14:23 -- 25/10/2009 10:18:35 1070144 ---A 8 days old -- D:\WINDOWS\system32\PerfStringBackup.INI 28/02/2006 13:00:00 -- 25/10/2009 10:18:35 459152 ---A 8 days old -- D:\WINDOWS\system32\perfh007.dat 24/10/2009 20:15:59 -- 02/10/2009 10:01:58 25198016 ---A 8 days old -- D:\WINDOWS\system32\MRT.exe 24/10/2009 15:46:48 -- 04/09/2009 16:44:40 515416 ---A 8 days old -- D:\WINDOWS\system32\XAudio2_5.dll 24/10/2009 15:46:47 -- 04/09/2009 16:29:32 1974616 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_42.dll 24/10/2009 15:46:47 -- 04/09/2009 16:44:40 238936 ---A 8 days old -- D:\WINDOWS\system32\xactengine3_5.dll 24/10/2009 15:46:46 -- 04/09/2009 16:29:32 5501792 ---A 8 days old -- D:\WINDOWS\system32\d3dcsx_42.dll 24/10/2009 15:46:45 -- 04/09/2009 16:29:34 453456 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_42.dll 24/10/2009 15:46:45 -- 04/09/2009 16:29:34 235344 ---A 8 days old -- D:\WINDOWS\system32\d3dx11_42.dll 24/10/2009 15:46:44 -- 09/03/2009 14:27:22 453456 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_41.dll 24/10/2009 15:46:44 -- 09/03/2009 14:27:22 1846632 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_41.dll 24/10/2009 15:46:44 -- 04/09/2009 16:29:30 1892184 ---A 8 days old -- D:\WINDOWS\system32\D3DX9_42.dll 24/10/2009 15:46:43 -- 09/03/2009 14:27:22 4178264 ---A 8 days old -- D:\WINDOWS\system32\D3DX9_41.dll 24/10/2009 15:46:42 -- 16/03/2009 13:18:32 517448 ---A 8 days old -- D:\WINDOWS\system32\XAudio2_4.dll 24/10/2009 15:46:42 -- 16/03/2009 13:18:32 22360 ---A 8 days old -- D:\WINDOWS\system32\X3DAudio1_6.dll 24/10/2009 15:46:42 -- 16/03/2009 13:18:32 235352 ---A 8 days old -- D:\WINDOWS\system32\xactengine3_4.dll 24/10/2009 15:46:42 -- 04/09/2009 16:44:40 69464 ---A 8 days old -- D:\WINDOWS\system32\XAPOFX1_3.dll 24/10/2009 15:46:41 -- 10/10/2008 03:52:38 452440 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_40.dll 24/10/2009 15:46:41 -- 10/10/2008 03:52:38 2036576 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_40.dll 24/10/2009 15:46:40 -- 10/10/2008 03:52:38 4379984 ---A 8 days old -- D:\WINDOWS\system32\D3DX9_40.dll 24/10/2009 15:46:39 -- 27/10/2008 09:04:16 235856 ---A 8 days old -- D:\WINDOWS\system32\xactengine3_3.dll 24/10/2009 15:46:39 -- 27/10/2008 09:04:18 514384 ---A 8 days old -- D:\WINDOWS\system32\XAudio2_3.dll 24/10/2009 15:46:39 -- 27/10/2008 09:04:14 70992 ---A 8 days old -- D:\WINDOWS\system32\XAPOFX1_2.dll 24/10/2009 15:46:38 -- 31/07/2008 09:41:52 68616 ---A 8 days old -- D:\WINDOWS\system32\XAPOFX1_1.dll 24/10/2009 15:46:38 -- 27/10/2008 09:04:16 23376 ---A 8 days old -- D:\WINDOWS\system32\X3DAudio1_5.dll 24/10/2009 15:46:38 -- 31/07/2008 09:40:32 509448 ---A 8 days old -- D:\WINDOWS\system32\XAudio2_2.dll 24/10/2009 15:46:37 -- 10/07/2008 10:00:58 1493528 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_39.dll 24/10/2009 15:46:37 -- 31/07/2008 09:41:54 238088 ---A 8 days old -- D:\WINDOWS\system32\xactengine3_2.dll 24/10/2009 15:46:37 -- 10/07/2008 10:01:00 467984 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_39.dll 24/10/2009 15:46:36 -- 10/07/2008 10:00:58 3851784 ---A 8 days old -- D:\WINDOWS\system32\D3DX9_39.dll 24/10/2009 15:46:35 -- 30/05/2008 13:17:30 65032 ---A 8 days old -- D:\WINDOWS\system32\XAPOFX1_0.dll 24/10/2009 15:46:35 -- 30/05/2008 13:19:18 507400 ---A 8 days old -- D:\WINDOWS\system32\XAudio2_1.dll 24/10/2009 15:46:35 -- 30/05/2008 13:18:52 238088 ---A 8 days old -- D:\WINDOWS\system32\xactengine3_1.dll 24/10/2009 15:46:34 -- 30/05/2008 13:17:00 25608 ---A 8 days old -- D:\WINDOWS\system32\X3DAudio1_4.dll 24/10/2009 15:46:34 -- 30/05/2008 13:11:46 1491992 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_38.dll 24/10/2009 15:46:34 -- 30/05/2008 13:11:46 467984 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_38.dll 24/10/2009 15:46:33 -- 05/03/2008 15:03:54 479752 ---A 8 days old -- D:\WINDOWS\system32\XAudio2_0.dll 24/10/2009 15:46:33 -- 30/05/2008 13:11:46 3850760 ---A 8 days old -- D:\WINDOWS\system32\D3DX9_38.dll 24/10/2009 15:46:33 -- 05/03/2008 15:03:20 238088 ---A 8 days old -- D:\WINDOWS\system32\xactengine3_0.dll 24/10/2009 15:46:32 -- 05/03/2008 15:00:06 25608 ---A 8 days old -- D:\WINDOWS\system32\X3DAudio1_3.dll 24/10/2009 15:46:31 -- 05/02/2008 22:07:36 462864 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_37.dll 24/10/2009 15:46:31 -- 05/03/2008 14:56:58 3786760 ---A 8 days old -- D:\WINDOWS\system32\D3DX9_37.dll 24/10/2009 15:46:31 -- 05/03/2008 14:56:58 1420824 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_37.dll 24/10/2009 15:46:30 -- 22/10/2007 02:39:54 267272 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_10.dll 24/10/2009 15:46:29 -- 12/10/2007 14:14:00 1374232 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_36.dll 24/10/2009 15:46:29 -- 02/10/2007 08:56:34 444776 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_36.dll 24/10/2009 15:46:28 -- 12/10/2007 14:14:00 3734536 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_36.dll 24/10/2009 15:46:27 -- 19/07/2007 23:57:12 267112 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_9.dll 24/10/2009 15:46:26 -- 19/07/2007 17:14:42 1358192 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_35.dll 24/10/2009 15:46:26 -- 19/07/2007 17:14:42 3727720 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_35.dll 24/10/2009 15:46:26 -- 19/07/2007 17:14:42 444776 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_35.dll 24/10/2009 15:46:25 -- 22/10/2007 02:37:16 17928 ---A 8 days old -- D:\WINDOWS\system32\X3DAudio1_2.dll 24/10/2009 15:46:25 -- 20/06/2007 19:46:04 266088 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_8.dll 24/10/2009 15:46:24 -- 16/05/2007 15:45:16 443752 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_34.dll 24/10/2009 15:46:24 -- 16/05/2007 15:45:16 1124720 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_34.dll 24/10/2009 15:46:23 -- 16/05/2007 15:45:16 3497832 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_34.dll 24/10/2009 15:46:23 -- 04/04/2007 17:53:42 81768 ---A 8 days old -- D:\WINDOWS\system32\xinput1_3.dll 24/10/2009 15:46:22 -- 12/03/2007 15:42:30 1123696 ---A 8 days old -- D:\WINDOWS\system32\D3DCompiler_33.dll 24/10/2009 15:46:22 -- 04/04/2007 17:55:00 261480 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_7.dll 24/10/2009 15:46:22 -- 15/03/2007 15:57:58 443752 ---A 8 days old -- D:\WINDOWS\system32\d3dx10_33.dll 24/10/2009 15:46:21 -- 12/03/2007 15:42:30 3495784 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_33.dll 24/10/2009 15:46:20 -- 24/01/2007 14:27:30 255848 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_6.dll 24/10/2009 15:46:19 -- 29/11/2006 12:06:18 3426072 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_32.dll 24/10/2009 15:46:19 -- 08/12/2006 11:02:00 251672 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_5.dll 24/10/2009 15:46:18 -- 05/03/2007 11:42:18 15128 ---A 8 days old -- D:\WINDOWS\system32\x3daudio1_1.dll 24/10/2009 15:46:18 -- 28/09/2006 15:05:56 237848 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_4.dll 24/10/2009 15:46:17 -- 28/09/2006 15:05:20 2414360 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_31.dll 24/10/2009 15:46:17 -- 28/07/2006 08:30:32 236824 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_3.dll 24/10/2009 15:46:16 -- 31/05/2006 06:24:16 230168 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_2.dll 24/10/2009 15:46:16 -- 28/07/2006 08:30:14 62744 ---A 8 days old -- D:\WINDOWS\system32\xinput1_2.dll 24/10/2009 15:46:15 -- 31/03/2006 11:39:24 62672 ---A 8 days old -- D:\WINDOWS\system32\xinput1_1.dll 24/10/2009 15:46:15 -- 31/03/2006 11:39:48 229584 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_1.dll 24/10/2009 15:46:11 -- 31/03/2006 11:40:58 2388176 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_30.dll 24/10/2009 15:46:10 -- 03/02/2006 07:41:26 14032 ---A 8 days old -- D:\WINDOWS\system32\x3daudio1_0.dll 24/10/2009 15:46:10 -- 03/02/2006 07:42:06 230096 ---A 8 days old -- D:\WINDOWS\system32\xactengine2_0.dll 24/10/2009 15:46:10 -- 03/02/2006 07:43:16 2332368 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_29.dll 24/10/2009 15:46:09 -- 05/12/2005 17:09:18 2323664 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_28.dll 24/10/2009 15:46:09 -- 05/12/2005 17:07:30 61136 ---A 8 days old -- D:\WINDOWS\system32\xinput9_1_0.dll 24/10/2009 15:46:08 -- 22/07/2005 18:59:04 2319568 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_27.dll 24/10/2009 15:46:07 -- 26/05/2005 14:34:52 2297552 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_26.dll 24/10/2009 15:46:07 -- 18/03/2005 16:19:58 2337488 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_25.dll 24/10/2009 15:46:05 -- 05/02/2005 18:45:26 2222800 ---A 8 days old -- D:\WINDOWS\system32\d3dx9_24.dll 19/10/2009 19:41:28 -- 28/02/2006 13:00:00 221184 ---A 13 days old -- D:\WINDOWS\system32\wmpns.dll 19/10/2009 15:51:12 -- 03/05/2006 21:53:54 174592 ---A 13 days old -- D:\WINDOWS\system32\framedyn.dll 16/10/2009 19:31:32 -- 07/06/2009 20:53:00 2837852 ---A 16 days old -- D:\WINDOWS\system32\GameMon.des 16/10/2009 19:30:31 -- 02/01/2005 04:43:08 4682 ---A 16 days old -- D:\WINDOWS\system32\npptNT2.sys 16/10/2009 17:41:56 -- 28/02/2006 13:00:00 82944 H--- 16 days old -- D:\WINDOWS\system32\2d7eea0f.dll 16/10/2009 17:41:56 -- 28/02/2006 13:00:00 82944 H--- 16 days old -- D:\WINDOWS\system32\25160e5c.dll 16/10/2009 16:08:59 -- 28/02/2006 13:00:00 82944 H--- 16 days old -- D:\WINDOWS\system32\dd78ac0.dll 16/10/2009 13:19:50 -- 16/10/2009 13:19:50 86016 ---A 17 days old -- D:\WINDOWS\system32\frapsvid.dll 06/10/2009 14:10:28 -- 06/10/2009 14:10:19 411368 ---A 27 days old -- D:\WINDOWS\system32\deploytk.dll 06/10/2009 14:10:28 -- 06/10/2009 14:10:19 149280 ---A 27 days old -- D:\WINDOWS\system32\javaws.exe 06/10/2009 14:10:28 -- 06/10/2009 14:10:19 145184 ---A 27 days old -- D:\WINDOWS\system32\java.exe 06/10/2009 14:10:28 -- 06/10/2009 14:10:19 145184 ---A 27 days old -- D:\WINDOWS\system32\javaw.exe 06/10/2009 14:10:28 -- 06/10/2009 14:10:19 73728 ---A 27 days old -- D:\WINDOWS\system32\javacpl.cpl 29/09/2009 18:41:20 -- 02/10/2009 18:24:56 34208 ---A 30 days old -- D:\WINDOWS\system32\logon 28/02/2006 13:00:00 -- 25/09/2009 06:55:12 1506304 ---A 38 days old -- D:\WINDOWS\system32\shdocvw.dll 28/02/2006 13:00:00 -- 25/09/2009 06:55:12 474112 ---A 38 days old -- D:\WINDOWS\system32\shlwapi.dll 28/02/2006 13:00:00 -- 25/09/2009 06:55:08 1056256 ---A 38 days old -- D:\WINDOWS\system32\danim.dll 28/02/2006 13:00:00 -- 25/09/2009 06:55:08 1023488 ---A 38 days old -- D:\WINDOWS\system32\browseui.dll 28/02/2006 13:00:00 -- 25/09/2009 06:55:08 152064 ---A 38 days old -- D:\WINDOWS\system32\cdfview.dll 22/09/2009 17:57:28 -- 28/08/2005 19:51:42 766 ---A 40 days old -- D:\WINDOWS\system32\Uninstall.ico 20/09/2009 12:02:32 -- 20/09/2009 12:02:32 45568 ---A 43 days old -- D:\WINDOWS\system32\lZZWDI68.mph 20/09/2009 11:57:53 -- 20/09/2009 11:57:53 45568 ---A 43 days old -- D:\WINDOWS\system32\SlNZqr98i.mph 31/01/2006 16:45:02 -- 18/09/2009 11:05:01 375808 ---A 45 days old -- D:\WINDOWS\system32\xpsp3res.dll 17/09/2009 17:08:37 -- 17/09/2009 17:08:37 56 H--A 45 days old -- D:\WINDOWS\system32\ezsidmv.dat 28/02/2006 13:00:00 -- 11/09/2009 15:31:11 133632 ---A 51 days old -- D:\WINDOWS\system32\msv1_0.dll 28/02/2006 13:00:00 -- 04/09/2009 21:45:26 58880 ---A 58 days old -- D:\WINDOWS\system32\msasn1.dll ---- recent files in D:\WINDOWS\system32\drivers\ 28/08/2008 15:27:42 -- 01/11/2009 14:47:15 (DIR) ---- 0 days old -- D:\WINDOWS\system32\drivers\etc 31/10/2009 15:49:20 -- 10/09/2009 14:54:06 38224 ---A 1 days old -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys 31/10/2009 15:49:18 -- 10/09/2009 14:53:50 19160 ---A 1 days old -- D:\WINDOWS\system32\drivers\mbam.sys 19/10/2009 15:50:24 -- 23/10/2009 22:26:50 5632 ---A 9 days old -- D:\WINDOWS\system32\drivers\StarOpen.sys 02/10/2009 18:25:06 -- 28/07/2009 15:33:52 55656 ---A 30 days old -- D:\WINDOWS\system32\drivers\avgntflt.sys 02/10/2009 18:25:06 -- 13/02/2009 11:29:07 22360 ---A 30 days old -- D:\WINDOWS\system32\drivers\avgntmgr.sys 02/10/2009 18:25:06 -- 13/02/2009 11:17:49 45416 ---A 30 days old -- D:\WINDOWS\system32\drivers\avgntdd.sys 02/10/2009 18:25:06 -- 30/03/2009 09:33:03 96104 ---A 30 days old -- D:\WINDOWS\system32\drivers\avipbb.sys 02/10/2009 18:25:05 -- 11/05/2009 09:12:20 28520 ---A 30 days old -- D:\WINDOWS\system32\drivers\ssmdrv.sys 22/09/2009 17:57:37 -- 03/07/2007 16:00:16 9256 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdwh.sys 22/09/2009 17:57:37 -- 03/07/2007 15:58:20 106792 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdmdm.sys 22/09/2009 17:57:37 -- 03/07/2007 16:00:16 9256 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdwhnt.sys 22/09/2009 17:57:37 -- 03/07/2007 15:54:24 80552 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdbus.sys 22/09/2009 17:57:37 -- 03/07/2007 15:56:00 9256 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdcm.sys 22/09/2009 17:57:37 -- 03/07/2007 15:57:24 11944 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdmdfl.sys 22/09/2009 17:57:37 -- 03/07/2007 15:56:00 9256 ---A 40 days old -- D:\WINDOWS\system32\drivers\sscdcmnt.sys ---- recent files in D:\WINDOWS\temp\ 02/11/2009 14:07:25 -- 02/11/2009 14:07:25 16384 ---A 0 days old -- D:\WINDOWS\temp\Perflib_Perfdata_1dc.dat ---- recent files in D:\Programme\ 29/08/2008 13:58:58 -- 02/11/2009 14:07:41 (DIR) ---- 0 days old -- D:\Programme\Mozilla Firefox 01/11/2009 17:17:06 -- 01/11/2009 17:17:06 (DIR) ---- 0 days old -- D:\Programme\Crystal Software 28/08/2008 14:34:35 -- 01/11/2009 11:05:00 (DIR) ---- 1 days old -- D:\Programme\Gemeinsame Dateien 01/11/2009 10:50:30 -- 01/11/2009 10:50:51 (DIR) ---- 1 days old -- D:\Programme\TuneUp Utilities 2010 28/10/2009 13:13:07 -- 01/11/2009 10:44:13 (DIR) ---- 1 days old -- D:\Programme\ICQ Away Reader2 28/08/2008 13:51:07 -- 01/11/2009 10:32:41 (DIR) H--- 1 days old -- D:\Programme\InstallShield Installation Information 31/10/2009 23:38:05 -- 31/10/2009 23:38:05 (DIR) ---- 1 days old -- D:\Programme\Pinnacle 31/10/2009 16:51:18 -- 31/10/2009 16:51:18 (DIR) ---- 1 days old -- D:\Programme\Trend Micro 31/10/2009 15:49:18 -- 31/10/2009 15:49:23 (DIR) ---- 1 days old -- D:\Programme\Malwarebytes' Anti-Malware 28/08/2008 13:42:02 -- 29/10/2009 13:23:42 (DIR) ---- 4 days old -- D:\Programme\Internet Explorer 03/09/2009 08:24:45 -- 28/10/2009 13:12:04 (DIR) ---- 5 days old -- D:\Programme\ICQ Away Reader 18/10/2009 21:55:24 -- 25/10/2009 18:37:54 (DIR) ---- 7 days old -- D:\Programme\PokerStars 28/08/2008 13:55:24 -- 24/10/2009 10:16:23 (DIR) ---- 9 days old -- D:\Programme\Teamspeak2_RC2 13/11/2008 12:04:42 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\Programme\PKR 05/01/2004 01:25:13 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\Programme\PokerStars.NET 10/10/2008 09:51:33 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\Programme\RadioXpi 22/09/2009 17:57:25 -- 23/10/2009 22:27:36 (DIR) ---- 9 days old -- D:\Programme\Samsung 20/10/2009 20:51:30 -- 20/10/2009 20:51:30 (DIR) ---- 12 days old -- D:\Programme\MSXML 4.0 02/11/2008 19:18:07 -- 08/10/2009 15:16:24 (DIR) ---- 24 days old -- D:\Programme\Silkroad 06/10/2009 14:11:03 -- 06/10/2009 14:11:03 (DIR) ---- 26 days old -- D:\Programme\JRE 06/10/2009 14:10:47 -- 06/10/2009 14:11:02 (DIR) ---- 26 days old -- D:\Programme\OpenOffice.org 3 29/08/2008 15:24:33 -- 06/10/2009 14:10:16 (DIR) ---- 27 days old -- D:\Programme\Java 12/11/2008 14:36:43 -- 02/10/2009 19:29:30 (DIR) ---- 30 days old -- D:\Programme\PE 02/10/2009 18:25:04 -- 02/10/2009 18:25:04 (DIR) ---- 30 days old -- D:\Programme\Avira 17/09/2009 17:00:13 -- 17/09/2009 17:01:08 (DIR) --R- 45 days old -- D:\Programme\Skype 29/08/2008 15:07:33 -- 15/09/2009 14:45:05 (DIR) ---- 47 days old -- D:\Programme\DivX 11/09/2009 10:09:05 -- 11/09/2009 10:09:05 (DIR) ---- 52 days old -- D:\Programme\BRAINGAME 03/09/2009 08:24:47 -- 03/09/2009 08:24:47 (DIR) ---- 60 days old -- D:\Programme\kikin ---- recent files in D:\Programme\Gemeinsame Dateien\ 09/10/2008 20:03:44 -- 01/11/2009 10:43:30 (DIR) ---- 1 days old -- D:\Programme\Gemeinsame Dateien\Wise Installation Wizard 31/10/2009 23:38:06 -- 31/10/2009 23:38:06 (DIR) ---- 1 days old -- D:\Programme\Gemeinsame Dateien\Yahoo! 17/09/2009 17:00:15 -- 17/09/2009 17:00:15 (DIR) ---- 45 days old -- D:\Programme\Gemeinsame Dateien\Skype 08/09/2009 19:10:25 -- 08/09/2009 19:10:25 (DIR) ---- 54 days old -- D:\Programme\Gemeinsame Dateien\DivX Shared ---- recent files in D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\ 17/09/2009 17:04:20 -- 01/11/2009 16:02:29 (DIR) ---- 0 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Skype 17/09/2009 17:08:37 -- 01/11/2009 16:01:55 (DIR) ---- 0 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\skypePM 01/11/2009 14:52:08 -- 01/11/2009 14:52:08 (DIR) ---- 0 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\WinRAR 12/11/2008 21:41:35 -- 01/11/2009 10:35:03 (DIR) ---- 1 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\McLoad 31/10/2009 23:27:32 -- 31/10/2009 23:27:32 (DIR) ---- 1 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\TuneUp Software 12/11/2008 17:37:34 -- 31/10/2009 22:19:11 (DIR) ---- 1 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\teamspeak2 31/10/2009 15:49:24 -- 31/10/2009 15:49:24 (DIR) ---- 1 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Malwarebytes 10/11/2008 10:33:24 -- 31/10/2009 15:46:09 (DIR) -S-- 1 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Microsoft 28/10/2009 13:13:37 -- 28/10/2009 13:13:37 (DIR) ---- 5 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\soul.im 28/10/2009 13:13:16 -- 28/10/2009 13:13:16 (DIR) ---- 5 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Opera 28/10/2009 13:13:11 -- 28/10/2009 13:13:11 (DIR) ---- 5 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\OCS 04/09/2009 11:45:59 -- 24/10/2009 09:51:02 (DIR) ---- 9 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\HLSW 24/10/2009 08:35:20 -- 24/10/2009 09:49:04 (DIR) ---- 9 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\IObit 19/10/2009 16:05:33 -- 22/10/2009 12:20:18 (DIR) ---- 11 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Samsung 16/10/2009 15:47:07 -- 16/10/2009 15:47:07 (DIR) ---- 16 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\ijjigame 06/10/2009 14:12:33 -- 06/10/2009 14:12:33 (DIR) ---- 26 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\OpenOffice.org 06/10/2009 14:10:07 -- 06/10/2009 14:10:07 (DIR) ---- 27 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Sun 11/11/2008 22:06:32 -- 25/09/2009 18:48:47 (DIR) ---- 37 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Sonic Focus 10/11/2008 11:12:11 -- 15/09/2009 20:05:57 (DIR) ---- 47 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Macromedia 10/11/2008 11:12:09 -- 05/09/2009 22:55:28 (DIR) ---- 57 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\ICQ 03/09/2009 08:24:47 -- 03/09/2009 08:24:47 (DIR) ---- 60 days old -- D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\kikin ---- recent files in D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\ 01/11/2009 20:15:46 -- 01/11/2009 20:15:46 (DIR) ---- 0 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation 10/11/2008 10:33:23 -- 01/11/2009 10:35:51 (DIR) ---- 1 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Microsoft 02/12/2008 13:23:12 -- 31/10/2009 23:36:47 (DIR) ---- 1 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations 12/11/2008 14:37:03 -- 25/10/2009 08:54:56 (DIR) ---- 8 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory 17/10/2009 09:11:02 -- 17/10/2009 09:11:02 (DIR) ---- 16 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Ex0Tech 04/10/2009 13:05:46 -- 04/10/2009 13:05:46 (DIR) ---- 29 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Made_by_Iamazn 15/09/2009 19:55:10 -- 15/09/2009 21:08:38 (DIR) ---- 47 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\king.com 10/11/2008 10:39:24 -- 01/11/2009 21:34:52 10677826 H--A 0 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\IconCache.db 12/11/2008 10:02:44 -- 01/11/2009 16:55:38 35328 ---A 0 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 10/11/2008 10:38:15 -- 31/10/2009 23:47:52 26728 ---A 1 days old -- D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT ===================== DUPLICATE FILES IN BAK FOLDERS ===================== No BAK folders found |
|
|
|
|
|
|
02.11.2009, 14:25
Member
Themenstarter Beiträge: 69 |
#64
===================== REGISTRY SCAN =====================
-----HKLM\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "Malwarebytes Anti-Malware (reboot)"="\"D:\Programme\Malwarebytes' Anti-Malware\mbam.exe\" /runcleanupscript" "IntelAudioStudio"="\"D:\Programme\Intel Audio Studio\IntelAudioStudio.exe\" TRAY" "avgnt"="\"D:\Programme\Avira\AntiVir Desktop\avgnt.exe\" /min" -----HKCU\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "ICQ"="\"D:\Programme\ICQ6.5\ICQ.exe\" silent" "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" -----HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run----- [Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" -----HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows----- [Windows] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad----- [ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" #### HKCR\CLSID\{7849596a-48ea-486e-8937-a2a3009f31a9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" #### HKCR\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 @=expand:"%SystemRoot%\system32\SHELL32.dll" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" #### HKCR\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\InprocServer32 @=expand:"%Systemroot%\system32\webcheck.dll" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" #### HKCR\CLSID\{35CEC8A3-2BE6-11D2-8773-92E220524153}\InprocServer32 @=expand:"%systemroot%\system32\stobject.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks----- [ShellExecuteHooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" #### HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\InprocServer32 @="shell32.dll" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "System"="" "Userinit"="D:\WINDOWS\system32\userinit.exe," "VmApplet"="rundll32 shell32,Control_RunDLL \"sysdm.cpl\"" "UIHost"=expand:"logonui.exe" "LogonType"=dword:00000001 "WinStationsDisabled"="0" "Shell"="Explorer.exe" [Winlogon\GPExtensions] [Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}] "@="Microsoft-Datenträgerkontingent" "DllName"=expand:"dskquota.dll" [Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}] "@="Internet Explorer Zonemapping" "DllName"=expand:"iedkcs32.dll" [Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="Security" [Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}] "DllName"="iedkcs32.dll" "@="Internet Explorer Branding" [Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}] "DllName"=expand:"scecli.dll" "@="EFS recovery" [Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}] "@="Microsoft Offline Files" "DllName"=expand:"%SystemRoot%\System32\cscui.dll" [Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}] "@="Softwareinstallation" "DllName"=expand:"appmgmts.dll" [Winlogon\Notify] [Winlogon\Notify\AtiExtEvent] "DLLName"="Ati2evxx.dll" [Winlogon\Notify\crypt32chain] "DllName"=expand:"crypt32.dll" [Winlogon\Notify\cryptnet] "DllName"=expand:"cryptnet.dll" [Winlogon\Notify\cscdll] "DLLName"="cscdll.dll" [Winlogon\Notify\ScCertProp] "DLLName"="wlnotify.dll" [Winlogon\Notify\Schedule] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\sclgntfy] "DllName"=expand:"sclgntfy.dll" [Winlogon\Notify\SensLogn] "DLLName"="WlNotify.dll" [Winlogon\Notify\termsrv] "DllName"=expand:"wlnotify.dll" [Winlogon\Notify\wlballoon] "DLLName"="wlnotify.dll" [Winlogon\SpecialAccounts] [Winlogon\SpecialAccounts\UserList] "Hilfeassistent"=dword:00000000 "TsInternetUser"=dword:00000000 "SQLAgentCmdExec"=dword:00000000 "NetShowServices"=dword:00000000 "HelpAssistant"=dword:00000000 "IWAM_"=dword:00010000 "IUSR_"=dword:00010000 "VUSR_"=dword:00010000 "ASPNET"=dword:00000000 -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon----- [Winlogon] "ParseAutoexec"="1" "ExcludeProfileDirs"="Lokale Einstellungen;Temporary Internet Files;Verlauf;Temp" "BuildNumber"=dword:00000a28 -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options----- [Image File Execution Options\Your Image File Name Here without a path] "Debugger"="ntsd -d" -----HKLM\System\CurrentControlSet\Control\Session Manager\----- [Session Manager] "BootExecute"=multi:"autocheck autochk *\00\00" [Session Manager\SubSystems] "Windows"=expand:"%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16" -----HKLM\SYSTEM\CurrentControlSet\Control\WOW----- [WOW] "cmdline"=expand:"%SystemRoot%\system32\ntvdm.exe" "wowcmdline"=expand:"%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386" -----HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- [runonceex] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce----- [RunOnce] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx----- [RunOnceEx] -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices----- [RunServices] -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run----- -----HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce----- [RunServicesOnce] -----HKLM\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Command Processor\Autorun----- -----HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load----- [Load] -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Startup----- -----HKCU\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\Software\Policies\Microsoft\Windows\System\Scripts\Logon----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Run----- -----HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms----- -----HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\TerminalServer\Install\Software\Microsoft\Windows\CurrentVersion\Runonce----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler----- [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" #### HKCR\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" #### HKCR\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InprocServer32 @=expand:"%SystemRoot%\system32\browseui.dll" -----HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects----- [Browser Helper Objects] [Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] #### HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\InprocServer32 @="D:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll" [Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] #### HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\InprocServer32 @="D:\Programme\Java\jre6\bin\jp2ssv.dll" "NoExplorer"=dword:00000001 [Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}] #### HKCR\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\InprocServer32 @="D:\Programme\kikin\ie_kikin.dll" "NoExplorer"=dword:00000001 [Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] #### HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\InprocServer32 @="D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll" @="JQSIEStartDetectorImpl" "NoExplorer"=dword:00000001 -----HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks----- [URLSearchHooks] @="{855F3B16-6D32-4fe6-8A56-BBB695989046}" #### HKCR\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 @="D:\Programme\ICQ6Toolbar\ICQToolBar.dll" "{855F3B16-6D32-4fe6-8A56-BBB695989046}"="" #### HKCR\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 @="D:\Programme\ICQ6Toolbar\ICQToolBar.dll" "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="" #### HKCR\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\InprocServer32 @="D:\WINDOWS\system32\ieframe.dll" -----HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig----- [MSConfig] [MSConfig\services] [MSConfig\startupfolder] [MSConfig\startupreg] [MSConfig\startupreg\Advanced SystemCare 3] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="AWC" "hkey"="HKCU" "command"="\"C:\Downloads\Advanced SystemCare 3\AWC.exe\" /startup" "inimapping"="0" [MSConfig\startupreg\CTFMON.EXE] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="ctfmon" "hkey"="HKCU" "command"="D:\WINDOWS\system32\ctfmon.exe" "inimapping"="0" [MSConfig\startupreg\ipTray.exe] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="iptray" "hkey"="HKLM" "command"="\"D:\Programme\Intel\IDU\iptray.exe\"" "inimapping"="0" [MSConfig\startupreg\Microsoft Update Machine] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="evvwfd" "hkey"="HKLM" "command"="evvwfd.exe" "inimapping"="0" [MSConfig\startupreg\Ocs_SM] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="SearchAnonymizer" "hkey"="HKLM" "command"="D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe" "inimapping"="0" [MSConfig\startupreg\RunSteam] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Steamstart" "hkey"="HKCU" "command"="C:\Program Files\Steam\Steamstart.exe" "inimapping"="0" [MSConfig\startupreg\SigmatelSysTrayApp] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="sttray" "hkey"="HKLM" "command"="sttray.exe" "inimapping"="0" [MSConfig\startupreg\Skype] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="Skype" "hkey"="HKCU" "command"="\"D:\Programme\Skype\Phone\Skype.exe\" /nosplash /minimized" "inimapping"="0" [MSConfig\startupreg\StartCCC] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="CLIStart" "hkey"="HKCU" "command"="D:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" "inimapping"="0" [MSConfig\startupreg\SunJavaUpdateSched] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="jusched" "hkey"="HKLM" "command"="\"D:\Programme\Java\jre6\bin\jusched.exe\"" "inimapping"="0" [MSConfig\startupreg\svchost.exe] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="svchost" "hkey"="HKCU" "command"="D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Microsoft\svchost.exe" "inimapping"="0" [MSConfig\startupreg\winlogon] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="winlogon" "hkey"="HKLM" "command"="D:\WINDOWS\system32\winlogon\winlogon.exe" "inimapping"="0" [MSConfig\startupreg\winupdate] "key"="SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "item"="hitler" "hkey"="HKLM" "command"="D:\WINDOWS\system32\systeme64\hitler.exe" "inimapping"="0" [MSConfig\state] "system.ini"=dword:00000000 "win.ini"=dword:00000000 "bootini"=dword:00000000 "services"=dword:00000000 "startup"=dword:00000002 -----HKCU\Control Panel\Desktop\----- [Desktop] [Desktop\WindowMetrics] -----HKEY_CLASSES_ROOT\exefile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\comfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\batfile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\piffile\shell\open\command----- [command] @="\"%1\" %*" -----HKEY_CLASSES_ROOT\scrFile\shell\open\command----- [command] @="\"%1\" /S" -----HKEY_CLASSES_ROOT\htafile\shell\open\command----- [Command] @="D:\WINDOWS\system32\mshta.exe \"%1\" %*" -----HKEY_CLASSES_ROOT\logfile\shell\open\command----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL----- [URL] [URL\DefaultPrefix] @="http://" [URL\Prefixes] "ftp"="ftp://" "gopher"="gopher://" "home"="http://" "mosaic"="http://" "www"="http://" -----HKLM\SYSTEM\CurrentControlSet\Control\Lsa----- [Lsa] [Lsa\AccessProviders] [Lsa\AccessProviders\Windows NT Access Provider] "ProviderPath"=expand:"%SystemRoot%\system32\ntmarta.dll" [Lsa\Audit] [Lsa\Audit\PerUserAuditing] [Lsa\Audit\PerUserAuditing\System] [Lsa\Data] [Lsa\SSO] [Lsa\SSO\Passport1.4] "SSOURL"="http://www.passport.com" [Lsa\SspiCache] [Lsa\SspiCache\digest.dll] "Name"="Digest" "Comment"="Digest SSPI Authentication Package" [Lsa\SspiCache\msapsspc.dll] "Name"="DPA" "Comment"="DPA Security Package" [Lsa\SspiCache\msnsspc.dll] "Name"="MSN" "Comment"="MSN Security Package" -----HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess----- [SharedAccess] "DependOnGroup"=multi:"\00" "DependOnService"=multi:"Netman\00WinMgmt\00\00" "Description"="Bietet allen Computern in Heim- und kleinen Firmennetzwerken Dienste für die Netzwerkadressübersetzung, Adressierung, Namensauflösung und Eindringsschutz." "DisplayName"="Windows-Firewall/Gemeinsame Nutzung der Internetverbindung" "ErrorControl"=dword:00000001 "ImagePath"=expand:"%SystemRoot%\System32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Start"=dword:00000002 "Type"=dword:00000020 [SharedAccess\Epoch] "Epoch"=dword:0000059e [SharedAccess\Parameters] "ServiceDll"=expand:"%SystemRoot%\System32\ipnathlp.dll" [SharedAccess\Parameters\FirewallPolicy] [SharedAccess\Parameters\FirewallPolicy\DomainProfile] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Combat Arms EU\CombatArms.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Combat Arms EU\Engine.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\CombatArms.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\Engine.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" [SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=dword:00000001 "DisableNotifications"=dword:00000000 [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enaxxxxx@xxxxxres.dll,-22019" "D:\Programme\ICQ6.5\ICQ.exe"="D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "D:\Programme\HLSW\hlsw.exe"="D:\Programme\HLSW\hlsw.exe:*:Enabled:HLSW Application" "D:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe"="D:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe:*:Enabled:NEXON_EU_Downloader_Engine" "D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NexonEU\NGM\NGM.exe"="D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NexonEU\NGM\NGM.exe:*:Enabled:Nexon Game Manager" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\CombatArms.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\Engine.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\Engine.exe:*Enabled:Engine.exe" "D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\NMService.exe"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\NMService.exe:*:Enabled:Nexon Messenger Core" "D:\WINDOWS\Downloaded Program Files\PurpleBean.exe"="D:\WINDOWS\Downloaded Program Files\PurpleBean.exe:*:Enabled  urpleBean.exe""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enaxxxxx@xxxxxres.dll,-20000" "D:\Programme\Pinnacle\VideoSpin\Programs\RM.exe"="D:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager" "D:\Programme\Pinnacle\VideoSpin\Programs\umi.exe"="D:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi" "D:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="D:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled innacle VideoSpin""D:\Programme\Skype\Phone\Skype.exe"="D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] [SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP"="1900:UDP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22007" "2869:TCP"="2869:TCP:LocalSubNet:Enaxxxxx@xxxxxres.dll,-22008" [SharedAccess\Setup] "ServiceUpgrade"=dword:00000001 [SharedAccess\Setup\InterfacesUnfirewalledAtUpdate] "All"=dword:00000001 -----HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Firewall\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Winsock2----- -----HKLM\Software\Microsoft\Ole----- [Ole] "DefaultLaunchPermission"=hex:01,00,04,80,5c,00,00,00,6c,00,00,00,00,00,00,00,\ "MachineLaunchRestriction"=hex:01,00,04,80,48,00,00,00,58,00,00,00,00,00,00,00,\ "MachineAccessRestriction"=hex:01,00,04,80,44,00,00,00,54,00,00,00,00,00,00,00,\ "EnableDCOM"="Y" [Ole\AppCompat] [Ole\AppCompat\ActivationSecurityCheckExemptionList] "{A50398B8-9075-4FBF-A7A1-456BF21937AD}"="1" "{AD65A69D-3831-40D7-9629-9B0B50A93843}"="1" "{0040D221-54A1-11D1-9DE0-006097042D69}"="1" "{2A6D72F1-6E7E-4702-B99C-E40D3DED33C3}"="1" [Ole\NONREDIST] "System.EnterpriseServices.Thunk.dll"="" -----HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\----- [Security Center] "FirstRunDisabled"=dword:00000001 "AntiVirusDisableNotify"=dword:00000000 "FirewallDisableNotify"=dword:00000000 "UpdatesDisableNotify"=dword:00000000 "AntiVirusOverride"=dword:00000000 "FirewallOverride"=dword:00000000 [Security Center\Monitoring] [Security Center\Monitoring\AhnlabAntiVirus] [Security Center\Monitoring\ComputerAssociatesAntiVirus] [Security Center\Monitoring\KasperskyAntiVirus] [Security Center\Monitoring\McAfeeAntiVirus] [Security Center\Monitoring\McAfeeFirewall] [Security Center\Monitoring\PandaAntiVirus] [Security Center\Monitoring\PandaFirewall] [Security Center\Monitoring\SophosAntiVirus] [Security Center\Monitoring\SymantecAntiVirus] [Security Center\Monitoring\SymantecFirewall] [Security Center\Monitoring\TinyFirewall] [Security Center\Monitoring\TrendAntiVirus] [Security Center\Monitoring\TrendFirewall] [Security Center\Monitoring\ZoneLabsFirewall] -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\----- [SystemRestore] "DisableSR"=dword:00000000 "CreateFirstRunRp"=dword:00000001 "DSMin"=dword:000000c8 "DSMax"=dword:00000190 "RPSessionInterval"=dword:00000000 "RPGlobalInterval"=dword:00015180 "RPLifeInterval"=dword:0076a700 "CompressionBurst"=dword:0000003c "TimerInterval"=dword:00000078 "DiskPercent"=dword:0000000c "ThawInterval"=dword:00000384 "RestoreDiskSpaceError"=dword:00000000 "RestoreStatus"=dword:00000000 [SystemRestore\Cfg] "DiskPercent"=dword:0000000c "MachineGuid"="{DE120BF5-A344-4EDC-B8F3-C7E106E51976}" [SystemRestore\SnapshotCallbacks] @="" -----HKEY_CURRENT_USER\Software\VB and VBA Program Settings----- [VB and VBA Program Settings] [VB and VBA Program Settings\INTELAUDIOSTUDIO] [VB and VBA Program Settings\INTELAUDIOSTUDIO\Settings] [VB and VBA Program Settings\INTELAUDIOSTUDIO\Settings\Dolby] [VB and VBA Program Settings\Plugin] -----HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\----- -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- [AdvancedOptions] -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions----- -----HKLM\Software\Microsoft\Active Setup\Installed Components----- [Installed Components] [Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] "@="IE7 Uninstall Stub" "ComponentID"="IEUDINIT" "StubPath"="D:\WINDOWS\system32\ieudinit.exe" [Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="D:\WINDOWS\system32\wmpdxm.dll" "Stubpath"="D:\WINDOWS\inf\unregmp2.exe /ShowWMP" "@="Microsoft Windows Media Player" "ComponentID"="WMPACCESS" [Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] "@="Internet Explorer" "ComponentID"="IEACCESS" "StubPath"="D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig" [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "@="Browser Customizations" "ComponentiD"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] "@="Browseranpassungen" "ComponentID"="BRANDING.CAB" "StubPath"="RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP" [Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] "@="Outlook Express" "ComponentID"="OEACCESS" "StubPath"=expand:"%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE" [Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}] "@="Java (Sun)" "ComponentID"="JAVAVM" "KeyFileName"="D:\Programme\Java\jre6\bin\regutils.dll" [Installed Components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}] "@="Vektorgrafik-Rendering (VML)" "ComponentID"="MSVML" [Installed Components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}] #### HKCR\CLSID\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}\InprocServer32 @="D:\WINDOWS\system32\wmpdxm.dll" "ComponentID"="NetShow" "StubPath"="" [Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] #### HKCR\CLSID\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\InprocServer32 @="D:\WINDOWS\system32\wmpdxm.dll" "@="Microsoft Windows Media Player 6.4" "ComponentID"="Microsoft Windows Media Player" "StubPath"="" [Installed Components\{233C1507-6A77-46A4-9443-F871F945D258}] #### HKCR\CLSID\{233C1507-6A77-46A4-9443-F871F945D258}\InprocServer32 @="D:\WINDOWS\system32\Macromed\Director\SwDir.dll" "ComponentID"="Director" "@="Adobe Shockwave Director 10.2" [Installed Components\{283807B5-2C60-11D0-A31D-00AA00B92C03}] "@="DirectAnimation" "ComponentID"="DirectAnimation" [Installed Components\{2A202491-F00D-11cf-87CC-0020AFEECF20}] "ComponentID"="Director" "@="Adobe Shockwave Director 10.2" [Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] "@="Themes Setup" "ComponentID"="Theme Component" "StubPath"=expand:"%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll" [Installed Components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}] "@="Dynamic HTML-Datenbindung für Java" "ComponentID"="TridataJava" [Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] "@="Offline Browsing Pack" "ComponentID"="MobilePk" [Installed Components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}] "@="Uniscribe" "ComponentID"="USP10" [Installed Components\{411EDCF7-755D-414E-A74B-3DCD6583F589}] "ComponentID"="S867460" "@="Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)" [Installed Components\{4278c270-a269-11d1-b5bf-0000f8051515}] "@="Erweitertes Authoring" "ComponentID"="AdvAuth" [Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] "@="Microsoft Outlook Express 6" "ComponentID"="MailNews" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:OE /CALLER:WINNT /user /install" [Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] "@="NetMeeting 3.01" "ComponentID"="NetMeeting" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT" [Installed Components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}] "@="DirectShow" "ComponentID"="activemovie" [Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] "@="DirectDrawEx" "ComponentID"="DirectDrawEx" [Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] "@="Internet Explorer Help" "ComponentID"="HelpCont" [Installed Components\{4f216970-c90c-11d1-b5c7-0000f8051515}] "@="DirectAnimation Java Classes" "ComponentID"="DAJava" [Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] "@="Microsoft Windows Script 5.7" "ComponentID"="MSVBScript" [Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] "KeyFileName"="D:\Programme\Messenger\msmsgs.exe" "@="Windows Messenger 4.7" "ComponentID"="Messenger" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser" [Installed Components\{5A8D6EE0-3E18-11D0-821E-444553540000}] "(Default)"="Internet Connection Wizard" "ComponentID"="ICW" [Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] "@="Internet Explorer Setup Tools" "ComponentID"="GenSetup" [Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] "@="Browsing Enhancements" "ComponentID"="ExtraPack" "KeyFileName"="D:\WINDOWS\system32\msieftp.dll" [Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] #### HKCR\CLSID\{6BF52A52-394A-11d3-B153-00C04F79FAA6}\InprocServer32 @="D:\WINDOWS\system32\wmp.dll" "@="Microsoft Windows Media Player" "ComponentID"="Microsoft Windows Media Player" "StubPath"="rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub" [Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] "@="MSN Site Access" "ComponentID"="MSN_Auth" [Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] "@="Adressbuch 6" "ComponentID"="WAB" "StubPath"=expand:"\"%ProgramFiles%\Outlook Express\setup50.exe\" /APP:WAB /CALLER:WINNT /user /install" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] "@="Windows Desktop-Update" "ComponentID"="IE4Shell_NT" "StubPath"=expand:"regsvr32.exe /s /n /i:U shell32.dll" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] "@="Internet Explorer" "ComponentID"="BASEIE40_W2K" "StubPath"="D:\WINDOWS\system32\ie4uinit.exe -BaseSettings" [Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}\AuthorizedCDFPrefix] [Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] "ComponentID"="DOTNETFRAMEWORKS" "StubPath"="d:\WINDOWS\system32\Rundll32.exe d:\WINDOWS\system32\mscories.dll,Install" [Installed Components\{9309DD7E-EBFE-3C95-8B47-30D3A012F606}] "@=".NET Framework" "ComponentID"=".NETFramework" [Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] "@="Dynamic HTML Data Binding" "ComponentID"="Tridata" [Installed Components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] [Installed Components\{B508B3F1-A24A-32C0-B310-85786919EF28}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{C314CE45-3392-3B73-B4E1-139CD41CA933}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{C3EB9185-06D2-5AA4-DCE8-5CEB91F794A4}] "StubPath"="D:\WINDOWS\system32\logon.exe" [Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] "@="Internet Explorer Core Fonts" "ComponentID"="Fontcore" [Installed Components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "ComponentID"=".NETFramework" "@=".NET Framework" [Installed Components\{CC2A9BA0-3BDD-11D0-821E-444553540000}] "@="Taskplaner" "ComponentID"="MSTASK" [Installed Components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}] "ComponentID"="Windows Movie Maker v2.1" [Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}] "@="Adobe Flash Player" "ComponentID"="Flash" [Installed Components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}] "ComponentID"="M953297" "@="Microsoft .NET Framework 1.1 Security Update (KB953297)" [Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] "@="HTML Help" "ComponentID"="HTMLHelp" [Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] "@="Active Directory Service Interface" "ComponentID"="ADSI" |
|
|
|
|
|
|
02.11.2009, 14:26
Member
Themenstarter Beiträge: 69 |
#65
-----Comparing registry keys CCS1 vs CCS2 -----
< Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for Oracle\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for Oracle\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for Oracle\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for Oracle\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for SqlServer\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for SqlServer\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for SqlServer\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NET Data Provider for SqlServer\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NETFramework\Performance WbemAdapFileSignature REG_BINARY C99248B969A799B771F484CD68BCB96E > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\.NETFramework\Performance WbemAdapFileSignature REG_BINARY 4C702AEA1C11D15C176C2C276D0907DD < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NETFramework\Performance WbemAdapFileTime REG_BINARY 00C901923FEEC801 > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\.NETFramework\Performance WbemAdapFileTime REG_BINARY 00D083C70AD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\.NETFramework\Performance WbemAdapFileSize REG_DWORD 282112 (0x44E00) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\.NETFramework\Performance WbemAdapFileSize REG_DWORD 155648 (0x26000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_1.1.4322\Performance WbemAdapFileSignature REG_BINARY A54235D77F14C5DBA7931BE1EBFD1763 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_1.1.4322\Performance WbemAdapFileTime REG_BINARY 00660BA10A7EC701 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_1.1.4322\Performance WbemAdapFileSize REG_DWORD 258048 (0x3F000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ASP.NET_1.1.4322\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state DisplayName REG_SZ ASP.NET-Zustandsdienst > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aspnet_state DisplayName REG_SZ ASP.NET State Service < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\aspnet_state Description REG_SZ Stellt die Unterstützung für nicht aktive Sitzungszustände von ASP.NET bereit. Wenn der Dienst angehalten wird, werden nicht aktive Anforderungen nicht verarbeitet. Wenn der Dienst deaktiviert ist, können die explizit abhängigen Dienste nicht gestartet werden. > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\aspnet_state Description REG_SZ Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start. < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\.NET Runtime EventMessageFile REG_SZ d:\WINDOWS\system32\mscoree.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\.NET Runtime EventMessageFile REG_SZ D:\WINDOWS\system32\mscoree.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\.NET Runtime 2.0 Error Reporting EventMessageFile REG_SZ d:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DW20.EXE > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\.NET Runtime 2.0 Error Reporting EventMessageFile REG_SZ D:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DW20.EXE < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\.NET Runtime Optimization Service EventMessageFile REG_SZ d:\WINDOWS\system32\mscoree.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\.NET Runtime Optimization Service EventMessageFile REG_SZ D:\WINDOWS\system32\mscoree.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\CardSpace 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\system32\icardres.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\CardSpace 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\system32\icardres.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\CardSpace 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;d:\WINDOWS\system32\icardres.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\CardSpace 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui;D:\WINDOWS\system32\icardres.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft (R) Visual C# 2005 Compiler EventMessageFile REG_SZ d:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DW20.EXE > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\Microsoft (R) Visual C# 2005 Compiler EventMessageFile REG_SZ D:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DW20.EXE < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\Microsoft.Transactions.Bridge 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ServiceModel Audit 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ServiceModel Audit 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\ServiceModel Audit 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\ServiceModel Audit 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.IdentityModel 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.IdentityModel 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.IdentityModel 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.IdentityModel 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.IO.Log 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.IO.Log 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.IO.Log 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.IO.Log 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.Runtime.Serialization 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.ServiceModel 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.ServiceModel 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\System.ServiceModel 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\System.ServiceModel 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\Application\WMI.NET Provider Extension EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Application\WMI.NET Provider Extension EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\DS > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\LSA > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\NetDDE Object > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\SC Manager > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Security Account Manager > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\ServiceModel 3.0.0.0 > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\Security\Spooler < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System\MSDTC Gateway EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System\MSDTC Gateway EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System\MSDTC WS-AT Protocol EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System\MSDTC WS-AT Protocol EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System\SMSvcHost 3.0.0.0 CategoryMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System\SMSvcHost 3.0.0.0 CategoryMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Eventlog\System\SMSvcHost 3.0.0.0 EventMessageFile REG_SZ d:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\Eventlog\System\SMSvcHost 3.0.0.0 EventMessageFile REG_SZ D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelEvents.dll.mui > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\MRxDAV\EncryptedDirectories < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSDTC Bridge 3.0.0.0\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSDTC Bridge 3.0.0.0\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSDTC Bridge 3.0.0.0\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\MSDTC Bridge 3.0.0.0\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\mssmbios\Data < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetTcpPortSharing DisplayName REG_SZ Net.Tcp-Portfreigabedienst > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\NetTcpPortSharing DisplayName REG_SZ Net.Tcp Port Sharing Service < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\NetTcpPortSharing Description REG_SZ Ermöglicht die Freigabe von TCP-Anschlüssen über das Protokoll "net.tcp". > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\NetTcpPortSharing Description REG_SZ Provides ability to share TCP ports over the net.tcp protocol. < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelEndpoint 3.0.0.0\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelEndpoint 3.0.0.0\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelEndpoint 3.0.0.0\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelEndpoint 3.0.0.0\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelOperation 3.0.0.0\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelOperation 3.0.0.0\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelOperation 3.0.0.0\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelOperation 3.0.0.0\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelService 3.0.0.0\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelService 3.0.0.0\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelService 3.0.0.0\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\ServiceModelService 3.0.0.0\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SharedAccess\Epoch Epoch REG_DWORD 1438 (0x59E) > Value: HKEY_LOCAL_MACHINE\system\controlset002\services\SharedAccess\Epoch Epoch REG_DWORD 1435 (0x59B) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SMSvcHost 3.0.0.0\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SMSvcHost 3.0.0.0\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SMSvcHost 3.0.0.0\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\SMSvcHost 3.0.0.0\Performance WbemAdapStatus REG_DWORD 0 (0x0) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Windows Workflow Foundation 3.0.0.0\Performance WbemAdapFileSignature REG_BINARY 31FB4B337DD09BDF99429D7DBB5FDD48 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Windows Workflow Foundation 3.0.0.0\Performance WbemAdapFileTime REG_BINARY 006D1A330CD9C201 < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Windows Workflow Foundation 3.0.0.0\Performance WbemAdapFileSize REG_DWORD 32768 (0x8000) < Value: HKEY_LOCAL_MACHINE\system\controlset001\services\Windows Workflow Foundation 3.0.0.0\Performance WbemAdapStatus REG_DWORD 0 (0x0) Result compared: Different -----Comparing registry keys CCS1 vs CCS3 ----- < Value: HKEY_LOCAL_MACHINE\system\controlset001\services Result compared: Identical ===================== Advanced startup entries analysis ===================== HKLM\SOFTWARE\Microsoft\windows\currentversion\run Malwarebytes Anti-Malware (reboot) = "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript D:\Programme\Malwarebytes' Anti-Malware\mbam.exe -- 31/10/2009 15:49:20 -- 10/09/2009 14:53:56 -- 1312080 MD5: c5fcc0b761069fabd59e41b7c3280ddf SHA1: 1277ba9e91c2670b0836103030910ddc224eaa70 [1] .text [2] .data [3] .rsrc IntelAudioStudio = "D:\Programme\Intel Audio Studio\IntelAudioStudio.exe" TRAY D:\Programme\Intel Audio Studio\IntelAudioStudio.exe -- 28/08/2008 14:06:54 -- 21/09/2006 10:36:22 -- 9138176 MD5: 3bae8d9448838ca32192033f95790158 SHA1: a1a153f0b229acd584f039dbd028be75668dd9a2 [1] .text [2] .data [3] .rsrc avgnt = "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min D:\Programme\Avira\AntiVir Desktop\avgnt.exe -- 02/10/2009 18:25:04 -- 02/03/2009 12:08:43 -- 209153 MD5: 29680a793f690eef4aaa68479d2a6df8 SHA1: a07ceabce79b3354c25fdd5e20d765cdcd0174f7 [1] .text [2] .rdata [3] .data [4] .rsrc HKLM\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run HKCU\SOFTWARE\Microsoft\windows\currentversion\run ICQ = "D:\Programme\ICQ6.5\ICQ.exe" silent D:\Programme\ICQ6.5\ICQ.exe -- 01/03/2009 11:58:54 -- 01/03/2009 11:59:42 -- 172792 MD5: e4c751de871a863271889b4177d52f66 SHA1: e3c992557f624cf8edd071c0aecb976a072510a3 [1] .text [2] .rdata [3] .data [4] .rsrc ctfmon.exe = D:\WINDOWS\system32\ctfmon.exe D:\WINDOWS\system32\ctfmon.exe -- 28/02/2006 13:00:00 -- 28/02/2006 13:00:00 -- 15360 MD5: 7ce20569925df6789c31799f0c538f29 SHA1: fdf70fcac4bb0c39bc0e2c8faaf81d4742f1fdde [1] .text [2] .data [3] .rsrc HKCU\SOFTWARE\Microsoft\windows\currentversion\policies\explorer\run ===================== AUTOPLAY SETTINGS ===================== ~~~~~~~~~~~~~~~~~~~~~ Registry setting ~~~~~~~~~~~~~~~~~~~~~ (note: default values should be 91 or 95) -----HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer----- [Explorer] "NoDriveTypeAutoRun"=dword:00000143 -----HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer----- [Explorer] "NoDriveTypeAutoRun"=dword:00000143 Autorun is enabled on: DRIVE_UNKNOWN = Falsch DRIVE_NO_ROOT_DIR = Falsch DRIVE_REMOVABLE = Wahr DRIVE_FIXED = Wahr DRIVE_REMOTE = Wahr DRIVE_CDROM = Wahr DRIVE_RAMDISK = Falsch RESERVED = Wahr ~~~~~~~~~~~~~~~~~~~~~ Autorun.inf files ~~~~~~~~~~~~~~~~~~~~~ ### C:\Appz\Downloads\driver\Intel Desktop Utilities 3.0.10.15\heci\autorun.inf open=setup.exe ### C:\Appz\Downloads\driver\Intel Desktop Utilities 3.0.10.15\smbus\autorun.inf open=setup.exe ### C:\Appz\Downloads\driver\LAN_allOS_11.2_PV_TL3_132319_FULL\Autorun.inf OPEN=AUTORUN.EXE ### C:\Appz\Downloads\driver\wlan treiber install + zdwlan\installer\AUTORUN.INF OPEN=setup.exe ### C:\Appz\Downloads\software\Photoshop CS2 mit Dreamweaver 8\Photoshop CS2 + VW Gen - Deutsch\AUTORUN.INF open=Setup.exe -auto ===================== SCHEDULED JOBS ===================== jobs found in D:\WINDOWS: 28.02.2006 13:00:00 65 byte 1343 days old -- D:\WINDOWS\tasks\desktop.ini 02.11.2009 14:07:08 6 byte 0 days old -- D:\WINDOWS\tasks\SA.DAT 02.11.2009 14:07:34 496 byte 0 days old -- D:\WINDOWS\tasks\Automatische Problemsuche.job ~~~~~~~~~~~~~~~~~~~~~ Active jobs: ~~~~~~~~~~~~~~~~~~~~~ Most recent (50) lines in jobs scheduled log: Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 10:53:54 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 10:54:12 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 11:00:12 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 11:00:41 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 12:21:41 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 12:21:48 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 12:34:37 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 12:34:42 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 14:50:43 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 14:51:18 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 19:34:03 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 19:34:32 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 19:45:04 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 19:45:37 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 20:00:00 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 20:00:06 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 01.11.2009 21:26:53 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 01.11.2009 21:27:16 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Start: 02.11.2009 14:07:12 "Automatische Problemsuche.job" (TuneUpSystemStatusCheck.exe) Ende: 02.11.2009 14:07:34 Ergebnis: Der Task wurde mit folgendem Ergebniswert abgeschlossen: (0). ===================== LIST OF ALL SERVICES & DRIVERS ===================== -----HKLM\system\currentcontrolset\services----- 000) "Abiosdsk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 001) "abp480n5" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 002) "ACPI" - Microsoft ACPI-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ACPI.sys ---> TYPE = KERNEL_DRIVER 003) "ACPIEC" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 004) "adpu160m" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 005) "aec" - Microsoft Kernel-Echounterdrückung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\aec.sys ---> TYPE = KERNEL_DRIVER 006) "AFD" - AFD ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\afd.sys ---> TYPE = KERNEL_DRIVER 007) "Aha154x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 008) "aic78u2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 009) "aic78xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 010) "AliIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 011) "amsint" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 012) "Arp1394" - 1394-ARP-Clientprotokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\arp1394.sys ---> TYPE = KERNEL_DRIVER 013) "asc" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 014) "asc3350p" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 015) "asc3550" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 016) "AsyncMac" - Asynchroner RAS -Medientreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\asyncmac.sys ---> TYPE = KERNEL_DRIVER 017) "atapi" - Standard-IDE/ESDI-Festplattencontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\atapi.sys ---> TYPE = KERNEL_DRIVER 018) "Atdisk" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 019) "ati2mtag" ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ati2mtag.sys ---> TYPE = KERNEL_DRIVER 020) "Atmarpc" - Protokoll für ATM ARP-Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\atmarpc.sys ---> TYPE = KERNEL_DRIVER 021) "audstub" - Audiostubtreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\audstub.sys ---> TYPE = KERNEL_DRIVER 022) "avgio" - avgio ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = D:\Programme\Avira\AntiVir Desktop\avgio.sys ---> TYPE = KERNEL_DRIVER 023) "avgntflt" - avgntflt ---> STAT = (RUNNING) Started automatically ---> FILE = system32\DRIVERS\avgntflt.sys ---> TYPE = FILE_SYSTEM_DRIVER 024) "avipbb" - avipbb ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\avipbb.sys ---> TYPE = KERNEL_DRIVER 025) "Beep" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 026) "catchme" ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\DOKUME~1\Dani\LOKALE~1\Temp\catchme.sys ---> TYPE = KERNEL_DRIVER 027) "cbidf2k" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 028) "cd20xrnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 029) "Cdaudio" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 030) "Cdfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 031) "Cdrom" - CD-ROM-Laufwerktreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\cdrom.sys ---> TYPE = KERNEL_DRIVER 032) "Changer" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 033) "CmdIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 034) "Cpqarray" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 035) "dac2w2k" ---> STAT = (RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 036) "dac960nt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 037) "Disk" - Laufwerktreiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\disk.sys ---> TYPE = KERNEL_DRIVER 038) "dmboot" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmboot.sys ---> TYPE = KERNEL_DRIVER 039) "dmio" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmio.sys ---> TYPE = KERNEL_DRIVER 040) "dmload" ---> STAT = (NOT RUNNING) Disabled ---> FILE = System32\drivers\dmload.sys ---> TYPE = KERNEL_DRIVER 041) "DMusic" - Microsoft Kernel-DLS-Synthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\DMusic.sys ---> TYPE = KERNEL_DRIVER 042) "dpti2o" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 043) "drmkaud" - Microsoft Kernel-DRM-Audioentschlüsselung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\drmkaud.sys ---> TYPE = KERNEL_DRIVER 044) "e1express" - Intel(R) PRO/1000 PCI Express Network Connection Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\e1e5132.sys ---> TYPE = KERNEL_DRIVER 045) "EagleNT" - EagleNT ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\drivers\EagleNT.sys ---> TYPE = KERNEL_DRIVER 046) "Fastfat" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 047) "Fdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 048) "Fips" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 049) "Flpydisk" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 050) "FltMgr" - FltMgr ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\fltMgr.sys ---> TYPE = FILE_SYSTEM_DRIVER 051) "Ftdisk" - Treiber für Volume-Manager ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ftdisk.sys ---> TYPE = KERNEL_DRIVER 052) "Gpc" - Standardpaketklassifizierung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\msgpc.sys ---> TYPE = KERNEL_DRIVER 053) "HDAudBus" - Microsoft UAA Bus Driver for High Definition Audio ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\HDAudBus.sys ---> TYPE = KERNEL_DRIVER 054) "hpn" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 055) "HTTP" - HTTP ---> STAT = (RUNNING) Started manually ---> FILE = System32\Drivers\HTTP.sys ---> TYPE = KERNEL_DRIVER 056) "i2omgmt" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 057) "i2omp" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 058) "i8042prt" - i8042-Tastatur- und PS/2-Mausanschluss-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\i8042prt.sys ---> TYPE = KERNEL_DRIVER 059) "Imapi" - Filtertreiber für CD-Brennen ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\imapi.sys ---> TYPE = KERNEL_DRIVER 060) "ini910u" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 061) "IntelIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 062) "intelppm" - Intel-Prozessortreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\intelppm.sys ---> TYPE = KERNEL_DRIVER 063) "Ip6Fw" - IPv6-Windows-Firewalltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\Ip6Fw.sys ---> TYPE = KERNEL_DRIVER 064) "IpFilterDriver" - Filtertreiber für IP-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipfltdrv.sys ---> TYPE = KERNEL_DRIVER 065) "IpInIp" - IP/IP-Tunneltreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\ipinip.sys ---> TYPE = KERNEL_DRIVER 066) "IpNat" - Übersetzer für IP-Netzwerkadressen ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ipnat.sys ---> TYPE = KERNEL_DRIVER 067) "IPSec" - IPSEC-Treiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ipsec.sys ---> TYPE = KERNEL_DRIVER 068) "IRENUM" - IR-Enumeratordienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\irenum.sys ---> TYPE = KERNEL_DRIVER 069) "isapnp" - PnP-ISA/EISA-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\isapnp.sys ---> TYPE = KERNEL_DRIVER 070) "Kbdclass" - Tastaturklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\kbdclass.sys ---> TYPE = KERNEL_DRIVER 071) "kmixer" - Microsoft Kernel-Waveaudiomixer ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\kmixer.sys ---> TYPE = KERNEL_DRIVER 072) "KSecDD" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 073) "lbrtfdc" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 074) "mnmdd" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 075) "Modem" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 076) "Mouclass" - Mausklassentreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mouclass.sys ---> TYPE = KERNEL_DRIVER 077) "MountMgr" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 078) "mraid35x" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 079) "MRxDAV" - Redirector für WebDav-Client ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\mrxdav.sys ---> TYPE = FILE_SYSTEM_DRIVER 080) "MRxSmb" - MRXSMB ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\mrxsmb.sys ---> TYPE = FILE_SYSTEM_DRIVER 081) "Msfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 082) "MSKSSRV" - Microsoft Streaming Service Proxy ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSKSSRV.sys ---> TYPE = KERNEL_DRIVER 083) "MSPCLOCK" - Microsoft Proxy für Streaming Clock ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPCLOCK.sys ---> TYPE = KERNEL_DRIVER 084) "MSPQM" - Microsoft Proxy für Streaming Quality Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\MSPQM.sys ---> TYPE = KERNEL_DRIVER 085) "mssmbios" - Microsoft-Systemverwaltungs-BIOS-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\mssmbios.sys ---> TYPE = KERNEL_DRIVER 086) "Mup" - Mup ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = FILE_SYSTEM_DRIVER 087) "NDIS" - NDIS-Systemtreiber ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 088) "NdisTapi" - RAS-NDIS-TAPI-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndistapi.sys ---> TYPE = KERNEL_DRIVER 089) "Ndisuio" - NDIS-Benutzermodus-E/A-Protokoll ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndisuio.sys ---> TYPE = KERNEL_DRIVER 090) "NdisWan" - RAS-NDIS-WAN-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ndiswan.sys ---> TYPE = KERNEL_DRIVER 091) "NDProxy" - multi:NDIS-Proxy\00\00 ---> STAT = (RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 092) "NetBIOS" - NetBIOS-Schnittstelle ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbios.sys ---> TYPE = FILE_SYSTEM_DRIVER 093) "NetBT" - NetBios über TCP/IP ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\netbt.sys ---> TYPE = KERNEL_DRIVER 094) "NIC1394" - 1394-Netzwerktreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\nic1394.sys ---> TYPE = KERNEL_DRIVER 095) "Npfs" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 096) "Ntfs" ---> STAT = (RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 097) "Null" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 098) "NwlnkFlt" - Filtertreiber für IPX-Verkehr ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkflt.sys ---> TYPE = KERNEL_DRIVER 099) "NwlnkFwd" - Treiber für IPX-Verkehrsweiterleitung ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\nwlnkfwd.sys ---> TYPE = KERNEL_DRIVER 100) "ohci1394" - Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\ohci1394.sys ---> TYPE = KERNEL_DRIVER 101) "osaio" - osaio ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\drivers\osaio.sys ---> TYPE = KERNEL_DRIVER 102) "Parport" - Treiber für parallelen Anschluss ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\parport.sys ---> TYPE = KERNEL_DRIVER 103) "PartMgr" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 104) "ParVdm" ---> STAT = (RUNNING) Started automatically ---> TYPE = KERNEL_DRIVER 105) "PCI" - PCI-Bus-Treiber ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pci.sys ---> TYPE = KERNEL_DRIVER 106) "PCIDump" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 107) "PCIIde" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pciide.sys ---> TYPE = KERNEL_DRIVER 108) "Pcmcia" ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\pcmcia.sys ---> TYPE = KERNEL_DRIVER 109) "PDCOMP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 110) "PDFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 111) "PDRELI" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 112) "PDRFRAME" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 113) "perc2" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 114) "perc2hib" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 115) "PptpMiniport" - WAN-Miniport (PPTP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspptp.sys ---> TYPE = KERNEL_DRIVER 116) "PSched" - QoS-Paketplaner ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\psched.sys ---> TYPE = KERNEL_DRIVER 117) "Ptilink" - Treiber für direkte Parallelverbindung ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\ptilink.sys ---> TYPE = KERNEL_DRIVER 118) "PxHelp20" - PxHelp20 ---> STAT = (RUNNING) Started by operating system loader ---> FILE = System32\Drivers\PxHelp20.sys ---> TYPE = KERNEL_DRIVER 119) "ql1080" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 120) "Ql10wnt" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 121) "ql12160" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 122) "ql1240" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 123) "ql1280" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 124) "RasAcd" - Treiber für automatische RAS-Verbindung ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rasacd.sys ---> TYPE = KERNEL_DRIVER 125) "Rasl2tp" - WAN-Miniport (L2TP) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\rasl2tp.sys ---> TYPE = KERNEL_DRIVER 126) "RasPppoe" - Remotezugriff-PPPOE-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspppoe.sys ---> TYPE = KERNEL_DRIVER 127) "Raspti" - Parallelanschluss (direkt) ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\raspti.sys ---> TYPE = KERNEL_DRIVER 128) "Rdbss" - Rdbss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\rdbss.sys ---> TYPE = FILE_SYSTEM_DRIVER 129) "RDPCDD" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = System32\DRIVERS\RDPCDD.sys ---> TYPE = KERNEL_DRIVER 130) "RDPWD" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 131) "redbook" - Filtertreiber für digitale CD-Audiowiedergabe ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\redbook.sys ---> TYPE = KERNEL_DRIVER 132) "rtl8139" - NT-Treiber für Realtek RTL8139(A/B/C)-basierten PCI-Fast Ethernet-Adapter ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\RTL8139.SYS ---> TYPE = KERNEL_DRIVER 133) "Secdrv" - Secdrv ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\secdrv.sys ---> TYPE = KERNEL_DRIVER 134) "serenum" - Serenum-Filtertreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\serenum.sys ---> TYPE = KERNEL_DRIVER 135) "Serial" - Treiber für seriellen Anschluss ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\serial.sys ---> TYPE = KERNEL_DRIVER 136) "SF" - SF ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\drivers\sf.sys ---> TYPE = KERNEL_DRIVER 137) "Sfloppy" ---> STAT = (NOT RUNNING) Started by "IoInitSystem" function ---> TYPE = KERNEL_DRIVER 138) "sfng32" - Sonic Focus Plugin for Sigmatel HDA ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sfng32.sys ---> TYPE = KERNEL_DRIVER 139) "Simbad" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 140) "SIODRV" - SIODRV ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\drivers\SIODRV.SYS ---> TYPE = KERNEL_DRIVER 141) "SMBios" - Intel (R) System Management BIOS Service ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\SMBios.sys ---> TYPE = KERNEL_DRIVER 142) "smbusp" - Intel(R) SMBus 2.0 Driver ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\intelsmb.sys ---> TYPE = KERNEL_DRIVER 143) "Sparrow" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 144) "splitter" - Microsoft Kernel-Audiosplitter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\splitter.sys ---> TYPE = KERNEL_DRIVER 145) "sr" - Filtertreiber für Systemwiederherstellung ---> STAT = (RUNNING) Started by operating system loader ---> FILE = system32\DRIVERS\sr.sys ---> TYPE = FILE_SYSTEM_DRIVER 146) "Srv" - Srv ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\srv.sys ---> TYPE = FILE_SYSTEM_DRIVER 147) "sscdbus" - SAMSUNG USB Composite Device driver (WDM) ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\sscdbus.sys ---> TYPE = KERNEL_DRIVER 148) "sscdmdfl" - SAMSUNG Mobile Modem Filter ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\sscdmdfl.sys ---> TYPE = KERNEL_DRIVER 149) "sscdmdm" - SAMSUNG Mobile Modem Drivers ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\sscdmdm.sys ---> TYPE = KERNEL_DRIVER 150) "ssmdrv" - ssmdrv ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\ssmdrv.sys ---> TYPE = KERNEL_DRIVER 151) "StarOpen" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> TYPE = FILE_SYSTEM_DRIVER 152) "STHDA" - SigmaTel High Definition Audio CODEC ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sthda.sys ---> TYPE = KERNEL_DRIVER 153) "swenum" - Software-Bus-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\swenum.sys ---> TYPE = KERNEL_DRIVER 154) "swmidi" - Microsoft Kernel GS Wavetablesynthesizer ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\drivers\swmidi.sys ---> TYPE = KERNEL_DRIVER 155) "symc810" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 156) "symc8xx" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 157) "sym_hi" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 158) "sym_u3" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 159) "sysaudio" - Microsoft Kernel-Systemaudiogerät ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\sysaudio.sys ---> TYPE = KERNEL_DRIVER 160) "Tcpip" - TCP/IP-Protokolltreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\tcpip.sys ---> TYPE = KERNEL_DRIVER 161) "TDPIPE" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 162) "TDTCP" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 163) "TermDD" - Terminal-Gerätetreiber ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = system32\DRIVERS\termdd.sys ---> TYPE = KERNEL_DRIVER 164) "TosIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 165) "TuneUpUtilitiesDrv" - TuneUpUtilitiesDrv ---> STAT = (RUNNING) Started manually ---> FILE = D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys ---> TYPE = KERNEL_DRIVER 166) "Udfs" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = FILE_SYSTEM_DRIVER 167) "ultra" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 168) "Update" - Microcode Updatetreiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\update.sys ---> TYPE = KERNEL_DRIVER 169) "usbehci" - Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbehci.sys ---> TYPE = KERNEL_DRIVER 170) "usbhub" - USB2-aktivierter Hub ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbhub.sys ---> TYPE = KERNEL_DRIVER 171) "USBSTOR" - USB-Massenspeichertreiber ---> STAT = (NOT RUNNING) Started manually ---> FILE = system32\DRIVERS\USBSTOR.SYS ---> TYPE = KERNEL_DRIVER 172) "usbuhci" - Miniporttreiber für universellen Microsoft USB-Hostcontroller ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\usbuhci.sys ---> TYPE = KERNEL_DRIVER 173) "VgaSave" ---> STAT = (RUNNING) Started by "IoInitSystem" function ---> FILE = \SystemRoot\System32\drivers\vga.sys ---> TYPE = KERNEL_DRIVER 174) "ViaIde" ---> STAT = (NOT RUNNING) Disabled ---> TYPE = KERNEL_DRIVER 175) "VolSnap" ---> STAT = (RUNNING) Started by operating system loader ---> TYPE = KERNEL_DRIVER 176) "Wanarp" - RAS-IP-ARP-Treiber ---> STAT = (RUNNING) Started manually ---> FILE = system32\DRIVERS\wanarp.sys ---> TYPE = KERNEL_DRIVER 177) "WDICA" ---> STAT = (NOT RUNNING) Started manually ---> TYPE = KERNEL_DRIVER 178) "wdmaud" - Treiber für Microsoft WINMM-WDM-Audiokompatibilität ---> STAT = (RUNNING) Started manually ---> FILE = system32\drivers\wdmaud.sys ---> TYPE = KERNEL_DRIVER -----HKLM\system\currentcontrolset\services----- 000) "Alerter" - Warndienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 001) "ALG" - Gatewaydienst auf Anwendungsebene ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\alg.exe ---> TYPE = OWN_SERVICE 002) "AntiVirSchedulerService" - Avira AntiVir Planer ---> STAT = (RUNNING) Started automatically ---> FILE = \D:\Programme\Avira\AntiVir Desktop\sched.exe\ ---> TYPE = OWN_SERVICE 003) "AntiVirService" - Avira AntiVir Guard ---> STAT = (RUNNING) Started automatically ---> FILE = \D:\Programme\Avira\AntiVir Desktop\avguard.exe\ ---> TYPE = OWN_SERVICE 004) "AntiVirUpgradeService" - Avira Upgrade Service ---> STAT = (NOT RUNNING) Started automatically ---> FILE = \D:\DOKUME~1\Dani\LOKALE~1\Temp\AVSETUP_4ac636d3\basic\avupgsvc.exe\ /TEMPSTART:\\D:\DOKUME~1\Dani\LOKALE~1\Temp\AVSETUP_4ac636d3\basic\setup.exe\ /NOTEMPCLEANUP /CROSSUPGRADE\ ---> TYPE = OWN_SERVICE 005) "AppMgmt" - Anwendungsverwaltung ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 006) "aspnet_state" - ASP.NET-Zustandsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe ---> TYPE = OWN_SERVICE 007) "Ati HotKey Poller" ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\Ati2evxx.exe ---> TYPE = OWN_SERVICE 008) "ATI Smart" - ATI Smart ---> STAT = (NOT RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\ati2sgag.exe ---> TYPE = OWN_SERVICE 009) "AudioSrv" - Windows Audio ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 010) "AWService" - Admin Works Agent X8 ---> STAT = (RUNNING) Started automatically ---> FILE = D:\Programme\Intel\IDU\awServ.exe ---> TYPE = OWN_SERVICE 011) "BITS" - Intelligenter Hintergrundübertragungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 012) "Browser" - Computerbrowser ---> STAT = (NOT RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 013) "CiSvc" - Indexdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\cisvc.exe ---> TYPE = SHARE_SERVICE 014) "ClipSrv" - Ablagemappe ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\clipsrv.exe ---> TYPE = OWN_SERVICE 015) "clr_optimization_v2.0.50727_32" - .NET Runtime Optimization Service v2.0.50727_X86 ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe ---> TYPE = OWN_SERVICE 016) "COMSysApp" - COM+-Systemanwendung ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} ---> TYPE = OWN_SERVICE 017) "CryptSvc" - CryptSvc ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 018) "DcomLaunch" - DCOM-Server-Prozessstart ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost -k DcomLaunch ---> TYPE = SHARE_SERVICE 019) "Dhcp" - DHCP-Client ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 020) "dmadmin" - Verwaltungsdienst für die Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\dmadmin.exe /com ---> TYPE = SHARE_SERVICE 021) "dmserver" - Verwaltung logischer Datenträger ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 022) "Dnscache" - DNS-Client ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k NetworkService ---> TYPE = SHARE_SERVICE 023) "ERSvc" - Fehlerberichterstattungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 024) "Eventlog" - Ereignisprotokoll ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 025) "EventSystem" - COM+-Ereignissystem ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 026) "FastUserSwitchingCompatibility" - Kompatibilität für schnelle Benutzerumschaltung ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 027) "FontCache3.0.0.0" - Windows Presentation Foundation Font Cache 3.0.0.0 ---> STAT = (NOT RUNNING) Started manually ---> FILE = d:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe ---> TYPE = OWN_SERVICE 028) "gusvc" - Google Updater Service ---> STAT = (RUNNING) Started automatically ---> FILE = \D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe\ ---> TYPE = OWN_SERVICE 029) "helpsvc" - Hilfe und Support ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 030) "HidServ" - Eingabegerätezugang ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 031) "HTTPFilter" - HTTP-SSL ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k HTTPFilter ---> TYPE = SHARE_SERVICE 032) "ICQ Service" - ICQ Service ---> STAT = (RUNNING) Started automatically ---> FILE = D:\Programme\ICQ6Toolbar\ICQ Service.exe ---> TYPE = OWN_SERVICE 033) "IDriverT" - InstallDriver Table Manager ---> STAT = (NOT RUNNING) Started manually ---> FILE = \D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe\ ---> TYPE = OWN_SERVICE 034) "idsvc" - Windows CardSpace ---> STAT = (NOT RUNNING) Started manually ---> FILE = \D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\ ---> TYPE = SHARE_SERVICE 035) "ImapiService" - IMAPI-CD-Brenn-COM-Dienste ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\imapi.exe ---> TYPE = OWN_SERVICE 036) "JavaQuickStarterService" - Java Quick Starter ---> STAT = (RUNNING) Started automatically ---> FILE = \D:\Programme\Java\jre6\bin\jqs.exe\ -service -config \D:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf\ ---> TYPE = OWN_SERVICE 037) "lanmanserver" - Server ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 038) "lanmanworkstation" - Arbeitsstationsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 039) "LmHosts" - TCP/IP-NetBIOS-Hilfsprogramm ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 040) "Messenger" - Nachrichtendienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 041) "mnmsrvc" - NetMeeting-Remotedesktop-Freigabe ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\mnmsrvc.exe ---> TYPE = OWN_SERVICE 042) "MSDTC" - Distributed Transaction Coordinator ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\msdtc.exe ---> TYPE = OWN_SERVICE 043) "MSIServer" - Windows Installer ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\msiexec.exe /V ---> TYPE = SHARE_SERVICE 044) "NetDDE" - Netzwerk-DDE-Dienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 045) "NetDDEdsdm" - Netzwerk-DDE-Serverdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\netdde.exe ---> TYPE = SHARE_SERVICE 046) "Netlogon" - Anmeldedienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 047) "Netman" - Netzwerkverbindungen ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 048) "NetTcpPortSharing" - Net.Tcp-Portfreigabedienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = \D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\ ---> TYPE = SHARE_SERVICE 049) "Nla" - NLA (Network Location Awareness) ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 050) "npggsvc" - nProtect GameGuard Service ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\GameMon.des -service ---> TYPE = OWN_SERVICE 051) "NtLmSsp" - NT-LM-Sicherheitsdienst ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 052) "NtmsSvc" - Wechselmedien ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 053) "PlugPlay" - Plug & Play ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\services.exe ---> TYPE = SHARE_SERVICE 054) "PolicyAgent" - IPSEC-Dienste ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 055) "ProtectedStorage" - Geschützter Speicher ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 056) "RasAuto" - Verwaltung für automatische RAS-Verbindung ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 057) "RasMan" - RAS-Verbindungsverwaltung ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 058) "RDSessMgr" - Sitzungs-Manager für Remotedesktophilfe ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\sessmgr.exe ---> TYPE = OWN_SERVICE 059) "RemoteAccess" - Routing und RAS ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 060) "RpcLocator" - RPC-Locator ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\locator.exe ---> TYPE = OWN_SERVICE 061) "RpcSs" - Remoteprozeduraufruf (RPC) ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost -k rpcss ---> TYPE = OWN_SERVICE 062) "RSVP" - QoS-RSVP ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\rsvp.exe ---> TYPE = OWN_SERVICE 063) "SamSs" - Sicherheitskontenverwaltung ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\lsass.exe ---> TYPE = SHARE_SERVICE 064) "SCardSvr" - Smartcard ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\SCardSvr.exe ---> TYPE = SHARE_SERVICE 065) "Schedule" - Taskplaner ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 066) "seclogon" - Secondary Logon ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 067) "SENS" - Systemereignisbenachrichtigung ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 068) "SharedAccess" - Windows-Firewall/Gemeinsame Nutzung der Internetverbindung ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 069) "ShellHWDetection" - Shellhardwareerkennung ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 070) "Spooler" - Druckwarteschlange ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\spoolsv.exe ---> TYPE = OWN_SERVICE 071) "srservice" - Systemwiederherstellungsdienst ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 072) "SSDPSRV" - SSDP-Suchdienst ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 073) "stisvc" - Windows-Bilderfassung (WIA) ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k imgsvc ---> TYPE = SHARE_SERVICE 074) "SwPrv" - MS Software Shadow Copy Provider ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\dllhost.exe /Processid:{C948303A-6A54-4C36-8C74-5669148AF698} ---> TYPE = OWN_SERVICE 075) "SysmonLog" - Leistungsdatenprotokolle und Warnungen ---> STAT = (NOT RUNNING) Disabled ---> FILE = D:\WINDOWS\system32\smlogsvc.exe ---> TYPE = OWN_SERVICE 076) "TapiSrv" - Telefonie ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 077) "TermService" - Terminaldienste ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost -k DComLaunch ---> TYPE = SHARE_SERVICE 078) "Themes" - Designs ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 079) "TrkWks" - Überwachung verteilter Verknüpfungen (Client) ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 080) "TuneUp.Defrag" - TuneUp Drive Defrag-Dienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe ---> TYPE = OWN_SERVICE 081) "TuneUp.UtilitiesSvc" - TuneUp Utilities Service ---> STAT = (RUNNING) Started automatically ---> FILE = \D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe\ ---> TYPE = OWN_SERVICE 082) "upnphost" - Universeller Plug & Play-Gerätehost ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = SHARE_SERVICE 083) "UPS" - Unterbrechungsfreie Stromversorgung ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\ups.exe ---> TYPE = OWN_SERVICE 084) "UxTuneUp" - TuneUp Designerweiterung ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 085) "VSS" - Volumeschattenkopie ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\vssvc.exe ---> TYPE = OWN_SERVICE 086) "W32Time" - Windows-Zeitgeber ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 087) "WebClient" - Webclient ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\svchost.exe -k LocalService ---> TYPE = OWN_SERVICE 088) "winmgmt" - Windows-Verwaltungsinstrumentation ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 089) "Winsock" ---> STAT = (RUNNING) Started manually ---> TYPE = ADAPTER 090) "WmdmPmSN" - Dienst für Seriennummern der tragbaren Medien ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 091) "WmiApSrv" - WMI-Leistungsadapter ---> STAT = (RUNNING) Started manually ---> FILE = D:\WINDOWS\system32\wbem\wmiapsrv.exe ---> TYPE = OWN_SERVICE 092) "wscsvc" - Sicherheitscenter ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 093) "wuauserv" - Automatische Updates ---> STAT = (NOT RUNNING) Started automatically ---> FILE = D:\WINDOWS\system32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 094) "WZCSVC" - Konfigurationsfreie drahtlose Verbindung ---> STAT = (RUNNING) Started automatically ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE 095) "xmlprov" - Netzwerkversorgungsdienst ---> STAT = (NOT RUNNING) Started manually ---> FILE = D:\WINDOWS\System32\svchost.exe -k netsvcs ---> TYPE = SHARE_SERVICE |
|
|
|
|
|
|
02.11.2009, 16:17
Member
Themenstarter Beiträge: 69 |
#66
===================== SVCHOST INSTANCES =====================
HTTPFilter +---- HTTPFilter +---- %SystemRoot%\System32\w3ssl.dll LocalService +---- Alerter +---- %SystemRoot%\system32\alrsvc.dll +---- WebClient +---- %SystemRoot%\System32\webclnt.dll +---- LmHosts +---- %SystemRoot%\System32\lmhsvc.dll +---- RemoteRegistry +---- upnphost +---- %SystemRoot%\System32\upnphost.dll +---- SSDPSRV +---- %SystemRoot%\System32\ssdpsrv.dll NetworkService +---- DnsCache +---- %SystemRoot%\System32\dnsrslvr.dll netsvcs +---- 6to4 +---- AppMgmt +---- %SystemRoot%\System32\appmgmts.dll +---- AudioSrv +---- %SystemRoot%\System32\audiosrv.dll +---- Browser +---- %SystemRoot%\System32\browser.dll +---- CryptSvc +---- %SystemRoot%\System32\cryptsvc.dll +---- DMServer +---- %SystemRoot%\System32\dmserver.dll +---- DHCP +---- %SystemRoot%\System32\dhcpcsvc.dll +---- ERSvc +---- %SystemRoot%\System32\ersvc.dll +---- EventSystem +---- D:\WINDOWS\system32\es.dll +---- FastUserSwitchingCompatibility +---- %SystemRoot%\System32\shsvcs.dll +---- HidServ +---- %SystemRoot%\System32\hidserv.dll +---- Ias +---- Iprip +---- Irmon +---- LanmanServer +---- %SystemRoot%\System32\srvsvc.dll +---- LanmanWorkstation +---- %SystemRoot%\System32\wkssvc.dll +---- Messenger +---- %SystemRoot%\System32\msgsvc.dll +---- Netman +---- %SystemRoot%\System32\netman.dll +---- Nla +---- %SystemRoot%\System32\mswsock.dll +---- Ntmssvc +---- %SystemRoot%\system32\ntmssvc.dll +---- NWCWorkstation +---- Nwsapagent +---- Rasauto +---- %SystemRoot%\System32\rasauto.dll +---- Rasman +---- %SystemRoot%\System32\rasmans.dll +---- Remoteaccess +---- %SystemRoot%\System32\mprdim.dll +---- Schedule +---- %SystemRoot%\system32\schedsvc.dll +---- Seclogon +---- %SystemRoot%\System32\seclogon.dll +---- SENS +---- %SystemRoot%\system32\sens.dll +---- Sharedaccess +---- %SystemRoot%\System32\ipnathlp.dll +---- SRService +---- %SystemRoot%\system32\srsvc.dll +---- Tapisrv +---- %SystemRoot%\System32\tapisrv.dll +---- Themes +---- %SystemRoot%\System32\shsvcs.dll +---- TrkWks +---- %SystemRoot%\system32\trkwks.dll +---- UxTuneUp +---- %SystemRoot%\System32\uxtuneup.dll +---- W32Time +---- %systemroot%\system32\w32time.dll +---- WZCSVC +---- %SystemRoot%\System32\wzcsvc.dll +---- Wmi +---- WmdmPmSp +---- winmgmt +---- %SystemRoot%\system32\wbem\WMIsvc.dll +---- wscsvc +---- %SYSTEMROOT%\system32\wscsvc.dll +---- xmlprov +---- %SystemRoot%\System32\xmlprov.dll +---- BITS +---- %systemroot%\system32\qmgr.dll +---- wuauserv +---- C:\WINDOWS\system32\wuauserv.dll +---- ShellHWDetection +---- %SystemRoot%\System32\shsvcs.dll +---- helpsvc +---- %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll +---- WmdmPmSN +---- D:\WINDOWS\system32\mspmsnsv.dll DcomLaunch +---- DcomLaunch +---- %SystemRoot%\system32\rpcss.dll +---- TermService +---- %SystemRoot%\System32\termsrv.dll rpcss +---- RpcSs +---- %SystemRoot%\System32\rpcss.dll imgsvc +---- StiSvc +---- %SystemRoot%\system32\wiaservc.dll termsvcs +---- TermService +---- %SystemRoot%\System32\termsrv.dll ===================== LOADED MODULES ===================== *** NOTE *** Process uuoywfrygn.exe belongs to SystemScan Already known legit dlls are not shown ------------------------------------------------------------------------------ System pid: 4 Command line: <no command line> ------------------------------------------------------------------------------ smss.exe pid: 928 Command line: \SystemRoot\System32\smss.exe Base Size Version Path 0x48580000 0xf000 \SystemRoot\System32\smss.exe ------------------------------------------------------------------------------ csrss.exe pid: 1048 Command line: D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 Base Size Version Path 0x4a680000 0x5000 \??\D:\WINDOWS\system32\csrss.exe 0x75ae0000 0xb000 5.01.2600.2180 D:\WINDOWS\system32\CSRSRV.dll 0x75af0000 0x10000 5.01.2600.2180 D:\WINDOWS\system32\basesrv.dll 0x75b00000 0x4a000 5.01.2600.2180 D:\WINDOWS\system32\winsrv.dll ------------------------------------------------------------------------------ winlogon.exe pid: 1196 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\D:\WINDOWS\system32\winlogon.exe 0x77690000 0x11000 5.01.2600.2180 D:\WINDOWS\system32\AUTHZ.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x10000000 0x1e000 6.14.0010.4162 D:\WINDOWS\system32\Ati2evxx.dll 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll 0x76ad0000 0x11000 3.05.2284.0002 D:\WINDOWS\system32\ATL.DLL ------------------------------------------------------------------------------ services.exe pid: 1240 Command line: D:\WINDOWS\system32\services.exe Base Size Version Path 0x01000000 0x1d000 5.01.2600.3520 D:\WINDOWS\system32\services.exe 0x76020000 0x65000 6.02.3104.0000 D:\WINDOWS\system32\MSVCP60.dll 0x77b40000 0x53000 5.01.2600.2180 D:\WINDOWS\system32\SCESRV.dll 0x77690000 0x11000 5.01.2600.2180 D:\WINDOWS\system32\AUTHZ.dll 0x75850000 0x1f000 5.01.2600.2180 D:\WINDOWS\system32\umpnpmgr.dll 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x772d0000 0x11000 5.01.2600.2180 D:\WINDOWS\system32\eventlog.dll ------------------------------------------------------------------------------ lsass.exe pid: 1252 Command line: D:\WINDOWS\system32\lsass.exe Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 D:\WINDOWS\system32\lsass.exe 0x753d0000 0xb6000 5.01.2600.3592 D:\WINDOWS\system32\LSASRV.dll 0x76750000 0x13000 5.01.2600.2180 D:\WINDOWS\system32\NTDSAPI.dll 0x76ee0000 0x27000 5.01.2600.3394 D:\WINDOWS\system32\DNSAPI.dll 0x743c0000 0x6e000 5.01.2600.2180 D:\WINDOWS\system32\SAMSRV.dll 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x20000000 0xe000 5.01.2600.2180 D:\WINDOWS\system32\msprivs.dll 0x71c70000 0x4b000 5.01.2600.3592 D:\WINDOWS\system32\kerberos.dll 0x74430000 0x65000 5.01.2600.2180 D:\WINDOWS\system32\netlogon.dll 0x76770000 0x2d000 5.01.2600.2180 D:\WINDOWS\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 D:\WINDOWS\system32\MSVCP60.dll 0x767a0000 0x2d000 5.01.2600.3592 D:\WINDOWS\system32\schannel.dll 0x7f000000 0x12000 5.01.2600.3592 D:\WINDOWS\system32\wdigest.dll 0x74380000 0x30000 5.01.2600.2180 D:\WINDOWS\system32\scecli.dll 0x74350000 0x30000 5.01.2600.2180 D:\WINDOWS\system32\ipsecsvc.dll 0x77690000 0x11000 5.01.2600.2180 D:\WINDOWS\system32\AUTHZ.dll 0x756c0000 0xce000 5.01.2600.2180 D:\WINDOWS\system32\oakley.DLL 0x742e0000 0xb000 5.01.2600.2180 D:\WINDOWS\system32\WINIPSEC.DLL 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll 0x74310000 0xb000 5.01.2600.2180 D:\WINDOWS\system32\pstorsvc.dll 0x74330000 0x1b000 5.01.2600.2180 D:\WINDOWS\system32\psbase.dll 0x68100000 0x24000 5.01.2600.2133 D:\WINDOWS\system32\dssenh.dll ------------------------------------------------------------------------------ ati2evxx.exe pid: 1468 Command line: D:\WINDOWS\system32\Ati2evxx.exe Base Size Version Path 0x00400000 0x73000 6.14.0010.4163 D:\WINDOWS\system32\Ati2evxx.exe 0x74a60000 0x7000 5.01.2600.2180 D:\WINDOWS\system32\cfgMgr32.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll 0x00b50000 0x10000 6.14.0010.2511 D:\WINDOWS\system32\Ati2edxx.dll 0x10000000 0x20000 6.14.0010.2516 D:\WINDOWS\system32\atipdlxx.dll ------------------------------------------------------------------------------ svchost.exe pid: 1488 Command line: D:\WINDOWS\system32\svchost -k DcomLaunch Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 D:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x77690000 0x11000 5.01.2600.2180 d:\windows\system32\AUTHZ.dll 0x76ad0000 0x11000 3.05.2284.0002 d:\windows\system32\ATL.DLL 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll ------------------------------------------------------------------------------ svchost.exe pid: 1560 Command line: D:\WINDOWS\system32\svchost -k rpcss Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 D:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll 0x76ee0000 0x27000 5.01.2600.3394 D:\WINDOWS\system32\DNSAPI.dll ------------------------------------------------------------------------------ svchost.exe pid: 1660 Command line: D:\WINDOWS\System32\svchost.exe -k netsvcs Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 D:\WINDOWS\System32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x55580000 0xc000 9.00.2000.0015 d:\windows\system32\uxtuneup.dll 0x59dd0000 0xa1000 5.01.2600.2180 d:\windows\system32\dbghelp.dll 0x76ee0000 0x27000 5.01.2600.3394 d:\windows\system32\DNSAPI.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\System32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll 0x76ad0000 0x11000 3.05.2284.0002 d:\windows\system32\ATL.DLL 0x00ec0000 0x9000 6.00.5441.0000 D:\WINDOWS\system32\Normaliz.dll 0x40f50000 0x45000 7.00.6000.16915 D:\WINDOWS\system32\iertutil.dll 0x767a0000 0x2d000 5.01.2600.3592 D:\WINDOWS\System32\SCHANNEL.dll 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\System32\cryptdll.dll 0x76750000 0x13000 5.01.2600.2180 d:\windows\system32\NTDSAPI.dll 0x776e0000 0x44000 2001.12.4414.0320 d:\windows\system32\es.dll 0x74ec0000 0xc000 5.01.2600.2180 d:\windows\pchealth\helpctr\binaries\pchsvc.dll 0x76bc0000 0x2f000 5.01.2600.2180 d:\windows\system32\credui.dll 0x4f110000 0x28000 5.01.2600.2180 d:\windows\system32\wbem\wmisvc.dll 0x76770000 0x2d000 5.01.2600.2180 d:\windows\system32\w32time.dll 0x76020000 0x65000 6.02.3104.0000 d:\windows\system32\MSVCP60.dll 0x77690000 0x11000 5.01.2600.2180 d:\windows\system32\AUTHZ.dll 0x74e50000 0xe000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wbemsvc.dll 0x742e0000 0xb000 5.01.2600.2180 d:\windows\system32\WINIPSEC.DLL 0x58030000 0x36000 5.01.2600.2180 D:\WINDOWS\System32\unimdm.tsp 0x580b0000 0xb000 5.01.2600.2180 D:\WINDOWS\System32\kmddsp.tsp 0x58090000 0x10000 5.01.2600.2180 D:\WINDOWS\System32\ndptsp.tsp 0x580c0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\ipconf.tsp 0x580e0000 0x46000 5.01.2600.2180 D:\WINDOWS\System32\h323.tsp 0x580d0000 0xa000 5.01.2600.2180 D:\WINDOWS\System32\hidphone.tsp 0x71c70000 0x4b000 5.01.2600.3592 D:\WINDOWS\system32\kerberos.dll ------------------------------------------------------------------------------ svchost.exe pid: 1784 Command line: D:\WINDOWS\system32\svchost.exe -k NetworkService Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 D:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x76ee0000 0x27000 5.01.2600.3394 d:\windows\system32\DNSAPI.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ svchost.exe pid: 1864 Command line: D:\WINDOWS\system32\svchost.exe -k LocalService Base Size Version Path 0x01000000 0x6000 5.01.2600.2180 D:\WINDOWS\system32\svchost.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ ati2evxx.exe pid: 1952 Command line: Ati2evxx.exe -Client Base Size Version Path 0x00400000 0x73000 6.14.0010.4163 D:\WINDOWS\system32\Ati2evxx.exe 0x74a60000 0x7000 5.01.2600.2180 D:\WINDOWS\system32\cfgMgr32.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll 0x00ba0000 0x10000 6.14.0010.2511 D:\WINDOWS\system32\Ati2edxx.dll 0x10000000 0x20000 6.14.0010.2516 D:\WINDOWS\system32\atipdlxx.dll 0x00bd0000 0x1e000 6.14.0010.4162 D:\WINDOWS\system32\ati2evxx.dll ------------------------------------------------------------------------------ spoolsv.exe pid: 244 Command line: D:\WINDOWS\system32\spoolsv.exe Base Size Version Path 0x01000000 0x10000 5.01.2600.2180 D:\WINDOWS\system32\spoolsv.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x76ee0000 0x27000 5.01.2600.3394 D:\WINDOWS\system32\DNSAPI.dll 0x00970000 0xb000 6.00.6000.16438 D:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\System32\mswsock.dll 0x76750000 0x13000 5.01.2600.2180 D:\WINDOWS\system32\NTDSAPI.dll ------------------------------------------------------------------------------ sched.exe pid: 328 Command line: "D:\Programme\Avira\AntiVir Desktop\sched.exe" ------------------------------------------------------------------------------ explorer.exe pid: 788 Command line: D:\WINDOWS\Explorer.EXE Base Size Version Path 0x01000000 0xff000 6.00.2900.2180 D:\WINDOWS\Explorer.EXE 0x75f20000 0xfd000 6.00.2900.3627 D:\WINDOWS\system32\BROWSEUI.dll 0x7e1e0000 0x172000 6.00.2900.3627 D:\WINDOWS\system32\SHDOCVW.dll 0x00400000 0x9000 6.00.5441.0000 D:\WINDOWS\system32\Normaliz.dll 0x40f50000 0x45000 7.00.6000.16915 D:\WINDOWS\system32\iertutil.dll 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x5b9b0000 0x72000 6.00.2900.2180 D:\WINDOWS\system32\themeui.dll 0x76320000 0x5000 5.01.2600.2180 D:\WINDOWS\system32\MSIMG32.dll 0x71cc0000 0x1c000 6.00.2900.2180 D:\WINDOWS\system32\actxprxy.dll 0x60010000 0x33000 5.01.2600.2180 D:\WINDOWS\system32\msutb.dll 0x746a0000 0x4b000 5.01.2600.3319 D:\WINDOWS\system32\MSCTF.dll 0x4c580000 0x18000 9.00.0000.3250 D:\PROGRA~1\WINDOW~2\wmpband.dll 0x76ad0000 0x11000 3.05.2284.0002 D:\WINDOWS\system32\ATL.DLL 0x41140000 0x5cd000 7.00.6000.16915 D:\WINDOWS\system32\ieframe.dll 0x76bc0000 0x2f000 5.01.2600.2180 D:\WINDOWS\system32\credui.dll 0x76930000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\LINKINFO.dll 0x75dc0000 0x91000 6.00.2900.2180 D:\WINDOWS\system32\MLANG.dll 0x765c0000 0x21000 5.01.2600.2180 D:\WINDOWS\system32\stobject.dll 0x74a70000 0xa000 6.00.2900.2180 D:\WINDOWS\system32\BatMeter.dll 0x02370000 0x13000 6.00.2900.2180 D:\WINDOWS\system32\browselc.dll 0x75f00000 0x7000 5.01.2600.2180 D:\WINDOWS\System32\drprov.dll 0x71b90000 0xe000 5.01.2600.2180 D:\WINDOWS\System32\ntlanman.dll 0x71c50000 0x17000 5.01.2600.2180 D:\WINDOWS\System32\NETUI0.dll 0x71c10000 0x40000 5.01.2600.2180 D:\WINDOWS\System32\NETUI1.dll 0x75f10000 0x9000 5.01.2600.2180 D:\WINDOWS\System32\davclnt.dll ------------------------------------------------------------------------------ IntelAudioStudio.exe pid: 972 Command line: "D:\Programme\Intel Audio Studio\IntelAudioStudio.exe" TRAY Base Size Version Path 0x00400000 0x8c6000 2.00.0000.0133 D:\Programme\Intel Audio Studio\IntelAudioStudio.exe 0x73390000 0x154000 6.00.0096.0090 D:\WINDOWS\system32\MSVBVM60.DLL 0x66630000 0x22000 6.00.0089.0088 D:\WINDOWS\system32\VB6DE.DLL 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x10000000 0x45000 1.00.0000.0012 D:\WINDOWS\system32\IASDLL.DLL 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x022e0000 0x3a000 1.00.5208.0000 D:\WINDOWS\system32\stacapi.dll 0x02680000 0x4b000 5.01.2600.3319 D:\WINDOWS\system32\MSCTF.dll 0x01db0000 0xc000 1.00.0001.0003 D:\WINDOWS\system32\SFIMLARK.DLL 0x73e70000 0x5c000 5.03.2600.2180 D:\WINDOWS\system32\DSOUND.dll 0x73e40000 0x4000 5.03.2600.2180 D:\WINDOWS\system32\KsUser.dll 0x02740000 0x46000 1.02.0000.0000 D:\WINDOWS\system32\IASMXDLL.DLL 0x02820000 0xd000 1.00.0000.0001 D:\WINDOWS\system32\IASBB.DLL ------------------------------------------------------------------------------ avgnt.exe pid: 944 Command line: "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min ------------------------------------------------------------------------------ ctfmon.exe pid: 1008 Command line: "D:\WINDOWS\system32\ctfmon.exe" Base Size Version Path 0x00400000 0x6000 5.01.2600.2180 D:\WINDOWS\system32\ctfmon.exe 0x746a0000 0x4b000 5.01.2600.3319 D:\WINDOWS\system32\MSCTF.dll 0x60010000 0x33000 5.01.2600.2180 D:\WINDOWS\system32\MSUTB.dll 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime ------------------------------------------------------------------------------ avguard.exe pid: 1304 Command line: "D:\Programme\Avira\AntiVir Desktop\avguard.exe" ------------------------------------------------------------------------------ awServ.exe pid: 1544 Command line: D:\Programme\Intel\IDU\awServ.exe Base Size Version Path 0x00400000 0x14000 1.06.0029.0086 D:\Programme\Intel\IDU\awServ.exe 0x406d0000 0xfe000 D:\WINDOWS\system32\indy70.bpl 0x00320000 0x87000 7.00.0004.0453 D:\WINDOWS\system32\soaprtl70.bpl 0x40370000 0xd6000 7.00.0004.0453 D:\WINDOWS\system32\xmlrtl70.bpl 0x003b0000 0x46000 7.00.0008.0001 D:\WINDOWS\system32\dbrtl70.bpl 0x40650000 0x22000 7.00.0004.0453 D:\WINDOWS\system32\inet70.bpl 0x00580000 0x9000 6.00.5441.0000 D:\WINDOWS\system32\Normaliz.dll 0x40f50000 0x45000 7.00.6000.16915 D:\WINDOWS\system32\iertutil.dll 0x00590000 0x38000 7.00.0008.0001 D:\WINDOWS\system32\dsnap70.bpl 0x005d0000 0x61f000 3.07.0001.0001 D:\WINDOWS\system32\TMSD7.bpl 0x5f1a0000 0x17000 5.01.2600.2180 D:\WINDOWS\system32\olepro32.dll 0x76320000 0x5000 5.01.2600.2180 D:\WINDOWS\system32\msimg32.dll 0x40220000 0x3b000 7.00.0004.0453 D:\WINDOWS\system32\vclx70.bpl 0x405b0000 0x46000 7.00.0008.0001 D:\WINDOWS\system32\vcldb70.bpl 0x73dc0000 0x3000 5.01.2600.0000 D:\WINDOWS\system32\LZ32.DLL 0x40860000 0x15000 7.00.0000.0188 D:\WINDOWS\system32\VclSmp70.bpl 0x6c0c0000 0x1b000 3.525.1117.0000 D:\WINDOWS\system32\ODBCCP32.DLL 0x40260000 0x1d000 7.00.0004.0453 D:\WINDOWS\system32\vcljpg70.bpl 0x00bf0000 0x3b000 7.00.0004.0453 D:\WINDOWS\system32\bdertl70.bpl 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x01910000 0x10000 1.04.0013.0023 D:\Programme\Intel\IDU\Provider\ISensorPlug.dll 0x10000000 0x20000 1.03.0000.0171 D:\WINDOWS\system32\SensorDll.dll 0x01990000 0x13000 1.05.0010.0013 D:\Programme\Intel\IDU\Provider\ISystemPlug.dll 0x01be0000 0x2b000 1.00.0003.0014 D:\Programme\Intel\IDU\IpmiTrans.dll 0x019b0000 0xf000 1.00.0004.0016 D:\Programme\Intel\IDU\SYSAPI.dll 0x01c10000 0x18000 1.00.0007.0014 D:\Programme\Intel\IDU\cpuid_dll.dll 0x01c30000 0x11000 1.01.0002.0016 D:\Programme\Intel\IDU\osaiodll.dll 0x01c80000 0xe000 1.05.0005.0006 D:\Programme\Intel\IDU\Provider\SmbiosPlug.dll 0x01c90000 0xe000 1.05.0005.0006 D:\Programme\Intel\IDU\Provider\WMIPlug.dll 0x69b10000 0x13c000 4.20.9870.0000 d:\WINDOWS\system32\msxml4.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ GoogleUpdaterService.exe pid: 424 Command line: "D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe" Base Size Version Path 0x00400000 0x2c000 2.04.1399.3742 D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ ICQ Service.exe pid: 448 Command line: "D:\Programme\ICQ6Toolbar\ICQ Service.exe" Base Size Version Path 0x00400000 0x39000 1.00.0000.0001 D:\Programme\ICQ6Toolbar\ICQ Service.exe 0x40f50000 0x45000 7.00.6000.16915 D:\WINDOWS\system32\iertutil.dll 0x00330000 0x9000 6.00.5441.0000 D:\WINDOWS\system32\Normaliz.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ jqs.exe pid: 476 Command line: "D:\Programme\Java\jre6\bin\jqs.exe" -service -config "D:\Programme\Java\jre6\lib\deploy\jqs\jqs.conf" Base Size Version Path 0x00400000 0x24000 6.00.0160.0001 D:\Programme\Java\jre6\bin\jqs.exe 0x7c340000 0x56000 7.10.3052.0004 D:\Programme\Java\jre6\bin\MSVCR71.dll 0x66b40000 0x6000 2000.85.1117.0000 D:\WINDOWS\system32\odbcbcp.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll 0x79fd0000 0x8000 1.01.4322.0573 D:\WINDOWS\system32\netfxperf.dll 0x79000000 0x46000 2.00.50727.3053 D:\WINDOWS\system32\mscoree.dll 0x640d0000 0x16000 2.00.50727.3053 d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll 0x78130000 0x9b000 8.00.50727.3053 D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 0x00df0000 0x590000 2.00.50727.3603 d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 0x60310000 0x17000 2.00.50727.3053 d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll 0x60080000 0x9000 2.00.50727.3053 d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll 0x79e60000 0x42000 1.01.4322.2443 D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll 0x7d9b0000 0x167000 5.01.2600.3602 D:\WINDOWS\System32\query.dll 0x61070000 0x2b000 2001.12.4414.0320 D:\WINDOWS\system32\msdtcuiu.DLL 0x76ad0000 0x11000 3.05.2284.0002 D:\WINDOWS\system32\ATL.DLL 0x727a0000 0xfe000 6.02.4131.0000 D:\WINDOWS\system32\MFC42u.DLL 0x6da00000 0x6d000 2001.12.4414.0320 D:\WINDOWS\system32\MSDTCPRX.dll 0x76020000 0x65000 6.02.3104.0000 D:\WINDOWS\system32\MSVCP60.dll 0x5eb60000 0x9000 5.01.2600.2180 D:\WINDOWS\system32\perfdisk.dll 0x5eb50000 0x8000 5.01.2600.0000 D:\WINDOWS\system32\perfnet.dll 0x5eb30000 0xa000 5.01.2600.2180 D:\WINDOWS\system32\perfos.dll 0x5eb20000 0xd000 5.01.2600.2180 D:\WINDOWS\system32\perfproc.dll 0x5e5b0000 0x6000 5.01.2600.0000 D:\WINDOWS\system32\pschdprf.dll 0x5d7c0000 0x6000 5.01.2600.0000 D:\WINDOWS\System32\rsvpperf.dll 0x5bb60000 0x5000 5.01.2600.0000 D:\WINDOWS\system32\tapiperf.dll 0x5eb70000 0xd000 5.01.2600.2180 D:\WINDOWS\system32\Perfctrs.dll 0x5eb10000 0x6000 5.01.2600.0000 D:\WINDOWS\system32\perfts.dll 0x5b130000 0xa000 5.01.2600.0000 D:\WINDOWS\system32\UTILDLL.dll 0x59d20000 0x19000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wmiaprpl.dll 0x72ed0000 0x1c000 5.01.2600.2180 D:\WINDOWS\system32\loadperf.dll ------------------------------------------------------------------------------ TuneUpUtilitiesService32.exe pid: 308 Command line: "D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe" Base Size Version Path 0x00400000 0x103000 9.00.2000.0015 D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x71cc0000 0x1c000 6.00.2900.2180 D:\WINDOWS\system32\actxprxy.dll 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll ------------------------------------------------------------------------------ TuneUpUtilitiesApp32.exe pid: 964 Command line: "D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe" /TUStart /pid:308 Base Size Version Path 0x00400000 0x7b000 9.00.2000.0015 D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\COMCTL32.dll 0x00ea0000 0x4b000 5.01.2600.3319 D:\WINDOWS\system32\MSCTF.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime ------------------------------------------------------------------------------ alg.exe pid: 2264 Command line: D:\WINDOWS\System32\alg.exe Base Size Version Path 0x01000000 0xd000 5.01.2600.2180 D:\WINDOWS\System32\alg.exe 0x76ad0000 0x11000 3.05.2284.0002 D:\WINDOWS\System32\ATL.DLL 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\System32\MSWSOCK.DLL 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\System32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ wmiapsrv.exe pid: 2552 Command line: D:\WINDOWS\system32\wbem\wmiapsrv.exe Base Size Version Path 0x01000000 0x22000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wmiapsrv.exe 0x72ed0000 0x1c000 5.01.2600.2180 D:\WINDOWS\system32\loadperf.dll 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x20000000 0x4000 5.01.2600.2180 D:\WINDOWS\system32\wbem\WMIApRes.dll 0x74e70000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wbemprox.dll 0x74e50000 0xe000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wbemsvc.dll 0x76020000 0x65000 6.02.3104.0000 D:\WINDOWS\system32\MSVCP60.dll 0x76750000 0x13000 5.01.2600.2180 D:\WINDOWS\system32\NTDSAPI.dll 0x76ee0000 0x27000 5.01.2600.3394 D:\WINDOWS\system32\DNSAPI.dll 0x72e90000 0x28000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wmiprov.dll ------------------------------------------------------------------------------ wmiprvse.exe pid: 2560 Command line: D:\WINDOWS\system32\wbem\wmiprvse.exe Base Size Version Path 0x01000000 0x3a000 5.01.2600.3520 D:\WINDOWS\system32\wbem\wmiprvse.exe 0x76020000 0x65000 6.02.3104.0000 D:\WINDOWS\system32\MSVCP60.dll 0x76750000 0x13000 5.01.2600.2180 D:\WINDOWS\system32\NTDSAPI.dll 0x76ee0000 0x27000 5.01.2600.3394 D:\WINDOWS\system32\DNSAPI.dll 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x74e50000 0xe000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wbemsvc.dll 0x72e90000 0x28000 5.01.2600.2180 D:\WINDOWS\system32\wbem\wmiprov.dll ------------------------------------------------------------------------------ sys22905.exe pid: 1480 Command line: "D:\Dokumente und Einstellungen\Dani\Desktop\sys22905.exe" Base Size Version Path 0x00400000 0x39000 D:\Dokumente und Einstellungen\Dani\Desktop\sys22905.exe 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x746a0000 0x4b000 5.01.2600.3319 D:\WINDOWS\system32\MSCTF.dll ------------------------------------------------------------------------------ runme.exe pid: 3128 Command line: runme.exe Base Size Version Path 0x00400000 0x62000 3.06.0000.0002 D:\DOKUME~1\Dani\LOKALE~1\Temp\nsvC.tmp\runme.exe 0x73390000 0x154000 6.00.0096.0090 D:\WINDOWS\system32\MSVBVM60.DLL 0x66630000 0x22000 6.00.0089.0088 D:\WINDOWS\system32\VB6DE.DLL 0x746a0000 0x4b000 5.01.2600.3319 D:\WINDOWS\system32\MSCTF.dll 0x75250000 0x2e000 5.01.2600.2180 D:\WINDOWS\system32\msctfime.ime 0x73510000 0x25000 5.06.0000.8820 D:\WINDOWS\system32\scrrun.dll 0x013e0000 0x9000 6.00.5441.0000 D:\WINDOWS\system32\Normaliz.dll 0x40f50000 0x45000 7.00.6000.16915 D:\WINDOWS\system32\iertutil.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll 0x72240000 0x5000 5.01.2600.2180 D:\WINDOWS\system32\sensapi.dll 0x76740000 0xc000 5.01.2600.2180 D:\WINDOWS\system32\cryptdll.dll 0x719b0000 0x40000 5.01.2600.3394 D:\WINDOWS\System32\mswsock.dll 0x76ee0000 0x27000 5.01.2600.3394 D:\WINDOWS\system32\DNSAPI.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll ------------------------------------------------------------------------------ cmd.exe pid: 3444 Command line: cmd /c uuoywfrygn.exe > tempd.txt Base Size Version Path 0x4ad00000 0x64000 5.01.2600.2180 D:\WINDOWS\system32\cmd.exe 0x5cf00000 0x26000 5.01.2600.2180 D:\WINDOWS\system32\ShimEng.dll 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ------------------------------------------------------------------------------ uuoywfrygn.exe pid: 3232 Command line: uuoywfrygn.exe Base Size Version Path 0x00400000 0x14000 2.25.0000.0000 D:\DOKUME~1\Dani\LOKALE~1\Temp\nsvC.tmp\uuoywfrygn.exe 0x773a0000 0x102000 6.00.2900.2180 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ===================== NTFS ADS ===================== D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP  FC5A2B2 148 bytesD:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:05EE1EEF 133 bytes D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\TEMP:888AFB86 110 bytes D:\Dokumente und Einstellungen\All Users.WINDOWS\Dokumente\Eigene Bilder\Beispielbilder\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\ctx-bts\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Neuer Ordner\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Bilder\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Rest\CA VIDEO\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Pics by NiCoStYl3R\Paris hilton handy\Pics\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\nadine\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Desktop\nadine\video\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Eigene Dateien\Eigene Bilder\Nadine Projektprüfung 09\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Dani\Eigene Dateien\Eigene Videos\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Desktop\aequ\11030890\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Desktop\Musik\Cascada_Everytime We Touch\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Desktop\Musik\Eminem - Eminem Presents The Re-up\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Desktop\Musik\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Desktop\Musik\Trance Voices - 11\Cover\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Bilder\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Musik\Music Instructor\Super Sonic\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Musik\Music Instructor\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Musik\trance, techno und so\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Musik\Eminem\Lose Yourself\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Musik\Eminem\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\Eigene Videos\Thumbs.db:encryptable 0 bytes D:\Dokumente und Einstellungen\Daniel\Eigene Dateien\ICQ\260777547\ReceivedFiles\318257153 ninchen\Thumbs.db:encryptable 0 bytes ===================== ENCRYPTED FILES ===================== ===================== HIDDEN OBJECTS ===================== scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ===================== RUSTOCK ROOTKIT DETECTION ===================== #### NOTHING FOUND #### ===================== MASTER BOOT RECORD ===================== device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK ===================== NETWORK SETTINGS ===================== ~~~~~~~~~~~~~~~~~~~~~ Winsock Parameters ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters\----- [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001] "LibraryPath"="%SystemRoot%\System32\mswsock.dll" [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002] "LibraryPath"="%SystemRoot%\System32\winrnr.dll" [Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003] "LibraryPath"="%SystemRoot%\System32\mswsock.dll" [Parameters\Protocol_Catalog9\Catalog_Entries\000000000001] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000002] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000003] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000004] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000005] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\rsvpsp.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000006] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000007] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000008] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000009] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000010] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000011] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000013] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000014] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll [Parameters\Protocol_Catalog9\Catalog_Entries\000000000015] ### "PackedCatalogItem" (bin)= %SystemRoot%\system32\mswsock.dll ~~~~~~~~~~~~~~~~~~~~~ TCP/IP network configuration ~~~~~~~~~~~~~~~~~~~~~ Hostname. . . . . . . . . . . . . : dani-ca5f8d0997 Primäres DNS-Suffix . . . . . . . : Knotentyp . . . . . . . . . . . . : Unbekannt WINS-Proxy aktiviert. . . . . . . : Nein Ethernetadapter LAN-Verbindung: Verbindungsspezifisches DNS-Suffix: Beschreibung. . . . . . . . . . . : ATI AT-2500TX-PCI-Fast Ethernet-Adapter Physikalische Adresse . . . . . . : 00-A0-D2-04-BC-2C DHCP aktiviert. . . . . . . . . . : Ja Autokonfiguration aktiviert . . . : Ja Subnetzmaske. . . . . . . . . . . : 255.255.255.0 Standardgateway . . . . . . . . . : 192.168.178.1 DHCP-Server . . . . . . . . . . . : 192.168.178.1 DNS-Server. . . . . . . . . . . . : 192.168.178.1 Lease erhalten. . . . . . . . . . : Montag, 2. November 2009 14:07:07 Lease läuft ab. . . . . . . . . . : Donnerstag, 12. November 2009 14:07:07 Ethernetadapter LAN-Verbindung 2: Medienstatus. . . . . . . . . . . : Es besteht keine Verbindung Beschreibung. . . . . . . . . . . : Intel(R) PRO/1000 PL Network Connection Physikalische Adresse . . . . . . : 00-16-76-31-CC-25 -----HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces ~~~~~~~~~~~~~~~~~~~~~ Open ports ~~~~~~~~~~~~~~~~~~~~~ Aktive Verbindungen Proto Lokale Adresse Remoteadresse Status PID TCP dani-ca5f8d0997:epmap dani-ca5f8d0997:0 ABH™REN 1560 d:\windows\system32\WS2_32.dll D:\WINDOWS\system32\RPCRT4.dll d:\windows\system32\rpcss.dll D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\ADVAPI32.dll [svchost.exe] TCP dani-ca5f8d0997:microsoft-ds dani-ca5f8d0997:0 ABH™REN 4 [System] TCP dani-ca5f8d0997:2804 dani-ca5f8d0997:0 ABH™REN 1544 [awServ.exe] TCP dani-ca5f8d0997:1030 dani-ca5f8d0997:0 ABH™REN 2264 [alg.exe] TCP dani-ca5f8d0997:5152 dani-ca5f8d0997:0 ABH™REN 476 [jqs.exe] TCP dani-ca5f8d0997:netbios-ssn dani-ca5f8d0997:0 ABH™REN 4 [System] TCP dani-ca5f8d0997:5152 localhost:1038 SCHLIESSEN_WARTEN 476 [jqs.exe] TCP dani-ca5f8d0997:1168 w-03.th.seeweb.it:http SCHLIESSEN_WARTEN 3128 [runme.exe] UDP dani-ca5f8d0997:microsoft-ds *:* 4 [System] UDP dani-ca5f8d0997:4500 *:* 1252 [lsass.exe] UDP dani-ca5f8d0997:isakmp *:* 1252 [lsass.exe] UDP dani-ca5f8d0997:1900 *:* 1864 d:\windows\system32\WS2_32.dll d:\windows\system32\ssdpsrv.dll D:\WINDOWS\system32\ADVAPI32.dll D:\WINDOWS\system32\kernel32.dll [svchost.exe] UDP dani-ca5f8d0997:ntp *:* 1660 d:\windows\system32\WS2_32.dll d:\windows\system32\w32time.dll ntdll.dll D:\WINDOWS\system32\kernel32.dll [svchost.exe] UDP dani-ca5f8d0997:1900 *:* 1864 d:\windows\system32\WS2_32.dll d:\windows\system32\ssdpsrv.dll D:\WINDOWS\system32\ADVAPI32.dll D:\WINDOWS\system32\kernel32.dll [svchost.exe] UDP dani-ca5f8d0997:ntp *:* 1660 d:\windows\system32\WS2_32.dll d:\windows\system32\w32time.dll ntdll.dll D:\WINDOWS\system32\kernel32.dll [svchost.exe] UDP dani-ca5f8d0997:netbios-dgm *:* 4 [System] UDP dani-ca5f8d0997:netbios-ns *:* 4 [System] |
|
|
|
|
|
|
02.11.2009, 16:18
Member
Themenstarter Beiträge: 69 |
#67
~~~~~~~~~~~~~~~~~~~~~ Shared Resources ~~~~~~~~~~~~~~~~~~~~~
Name Ressource Beschreibung IPC$ Remote-IPC Der Befehl wurde erfolgreich ausgefhrt. ~~~~~~~~~~~~~~~~~~~~~ TRUSTED DOMAINS ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ~~~~~~~~~~~~~~~~~~~~~ TRUSTED IPs ~~~~~~~~~~~~~~~~~~~~~ -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ~~~~~~~~~~~~~~~~~~~~~ RAS active connections ~~~~~~~~~~~~~~~~~~~~~ Keine Verbindungen Der Befehl wurde erfolgreich ausgefhrt. ~~~~~~~~~~~~~~~~~~~~~ Rasphone.pbk content ~~~~~~~~~~~~~~~~~~~~~ -----D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Microsoft\Network\Connections\Pbk\rasphone.pbk ===================== HOSTS FILE ===================== 127.0.0.1 localhost ===================== SUSPICIOUS FILES ===================== EXE and DLL files packed with runtime packers, found in: D:\; D:\WINDOWS\; D:\WINDOWS\system32\ D:\WINDOWS\MBR.exe --> is compressed with UPX D:\WINDOWS\NIRCMD.exe --> is compressed with UPX D:\WINDOWS\PEV.exe --> is compressed with PECompact D:\WINDOWS\SWREG.exe --> is compressed with UPX D:\WINDOWS\SWSC.exe --> is compressed with UPX ===================== UNINSTALL LIST ===================== -----HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- [Uninstall] [Uninstall\Adobe Flash Player ActiveX] "DisplayName"="Adobe Flash Player ActiveX" "DisplayIcon"="D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe" "UninstallString"="D:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe" [Uninstall\Adobe Flash Player Plugin] "DisplayName"="Adobe Flash Player 10 Plugin" "DisplayIcon"="D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe" "UninstallString"="D:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe" [Uninstall\Advanced SystemCare 3_is1] "DisplayName"="Advanced SystemCare 3" "DisplayIcon"="C:\Downloads\Advanced SystemCare 3\AWC.exe" "UninstallString"="\"C:\Downloads\Advanced SystemCare 3\unins000.exe\"" [Uninstall\All ATI Software] "DisplayName"="ATI - Software Uninstall Utility" "UninstallString"="D:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe" "DisplayIcon"="D:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe" [Uninstall\ATI Display Driver] "DisplayName"="ATI Display Driver" "UninstallString"="rundll32 D:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class ISPLAY -clean"[Uninstall\Avira AntiVir Desktop] "DisplayIcon"="D:\Programme\Avira\AntiVir Desktop\rcimage.dll,1" "DisplayName"="Avira AntiVir Personal - Free Antivirus" "UninstallString"="D:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE" [Uninstall\Branding] [Uninstall\Combat Arms EU] "DisplayName"="Combat Arms EU" "DisplayIcon"="D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Combat Arms EU\CombatArms.exe" "UninstallString"="\"D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\NexonEU\NGM\NGM.exe\" -mode:uninstall -dll:ngm.nexoneu.com/cbangm/NGM/Bin/NGMDll.dll -game:50340359 -locale:EU" [Uninstall\Connection Manager] [Uninstall\Cool's_Codec_pack_4.12] "DisplayName"="Codec Pack - All In 1 6.0.3.0" "UninstallString"="D:\WINDOWS\iun6002.exe \"D:\Programme\Codec Pack - All In 1\irunin.ini\"" [Uninstall\FirstloadIkarus] "DisplayName"="Firstload Ikarus" "UninstallString"="D:\Programme\Verimount\FirstloadIkarus\Uninstall.exe" [Uninstall\Fraps] "DisplayName"="Fraps (remove only)" "UninstallString"="\"D:\Dokumente und Einstellungen\Dani\Desktop\nadine\PAscal\Rest\uninstall.exe\"" [Uninstall\Free Download Manager_is1] "DisplayName"="Free Download Manager 2.5" "DisplayIcon"="D:\Programme\Free Download Manager\fdm.exe" "UninstallString"="\"D:\Programme\Free Download Manager\unins000.exe\"" [Uninstall\Free YouTube Download_is1] "DisplayName"="Free YouTube Download 2.2" "UninstallString"="\"D:\Programme\DVDVideoSoft\Free YouTube Download\unins000.exe\"" [Uninstall\Free YouTube to Mp3 Converter_is1] "DisplayName"="Free YouTube to Mp3 Converter version 3.1" "UninstallString"="\"D:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe\"" [Uninstall\Game Booster_is1] "DisplayName"="Game Booster" "DisplayIcon"="C:\Downloads\Game Booster\GameBooster.exe" "UninstallString"="\"C:\Downloads\Game Booster\unins000.exe\"" [Uninstall\Google Updater] "DisplayIcon"="D:\Programme\Google\Google Updater\GoogleUpdater.exe" "DisplayName"="Google Updater" "UninstallString"="\"D:\Programme\Google\Google Updater\GoogleUpdater.exe\" -uninstall" [Uninstall\HijackThis] "DisplayName"="HijackThis 2.0.2" "UninstallString"="\"D:\Programme\Trend Micro\HijackThis\HijackThis.exe\" /uninstall" "DisplayIcon"="D:\Programme\Trend Micro\HijackThis\HijackThis.exe" [Uninstall\ICQ-Flowers_is1] "DisplayName"="ICQ-Flowers" "DisplayIcon"="D:\Programme\ICQ-Flowers\ICQ-Flowers.exe" "UninstallString"="\"D:\Programme\ICQ-Flowers\unins000.exe\"" [Uninstall\ICQToolbar] "DisplayName"="ICQ Toolbar" "UninstallString"="D:\Programme\ICQ6Toolbar\ICQUnToolbar.exe" "DisplayIcon"="D:\Programme\ICQ6Toolbar\icq6Toolbar.ico" [Uninstall\IDNMitigationAPIs] "DisplayName"="Microsoft Internationalized Domain Names Mitigation APIs" "UninstallString"="\"D:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe\"" [Uninstall\ie7] "DisplayName"="Windows Internet Explorer 7" "UninstallString"="\"D:\WINDOWS\ie7\spuninst\spuninst.exe\"" "DisplayIcon"="D:\Programme\Internet Explorer\iexplore.exe" [Uninstall\InstallShield Uninstall Information] [Uninstall\InstallShield Uninstall Information\{F5982296-84CC-4D5B-B791-B03650F3380E}] [Uninstall\InstallShield_{F5982296-84CC-4D5B-B791-B03650F3380E}] "UninstallString"="D:\Programme\InstallShield Installation Information\{F5982296-84CC-4D5B-B791-B03650F3380E}\setup.exe -runfromtemp -l0x0409" "DisplayName"="Intel(R) Desktop Utilities" "InstallSource"="D:\WINDOWS\Downloaded Installations\{5E213038-E2E6-485D-99F8-79C5F18E9296}\" "DisplayIcon"=expand:"D:\WINDOWS\Installer\{F5982296-84CC-4D5B-B791-B03650F3380E}\ARPPRODUCTICON.exe" [Uninstall\KB884016] [Uninstall\KB888111WXPSP2] "DisplayName"="High Definition Audio Driver Package - KB888111" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe\"" [Uninstall\KB893803] [Uninstall\KB893803v2] "DisplayName"="Windows Installer 3.1 (KB893803)" "UninstallString"="\"D:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"%windir%\system32\msiexec.exe" [Uninstall\KB898461] "DisplayName"="Update für Windows XP (KB898461)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe\"" [Uninstall\KB911164] "DisplayName"="Update für Windows XP (KB911164)" "UninstallString"="" [Uninstall\KB914440] "DisplayName"="Hotfix für Windows XP (KB914440)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe\"" [Uninstall\KB915865] "DisplayName"="Hotfix for Windows XP (KB915865)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe\"" [Uninstall\KB923561] "DisplayName"="Sicherheitsupdate für Windows XP (KB923561)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe\"" [Uninstall\KB925720] "DisplayName"="Update für Windows XP (KB925720)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe\"" [Uninstall\KB932823-v3] "DisplayName"="Update für Windows XP (KB932823-v3)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe\"" [Uninstall\KB938127-v2-IE7] "DisplayName"="Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)" "UninstallString"="\"D:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe\"" "DisplayIcon"="D:\Programme\internet explorer\iexplore.exe" [Uninstall\KB938464] "DisplayName"="Sicherheitsupdate für Windows XP (KB938464)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe\"" [Uninstall\KB944338-v2] "DisplayName"="Sicherheitsupdate für Windows XP (KB944338-v2)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe\"" [Uninstall\KB946648] "DisplayName"="Sicherheitsupdate für Windows XP (KB946648)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe\"" [Uninstall\KB950762] "DisplayName"="Sicherheitsupdate für Windows XP (KB950762)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe\"" [Uninstall\KB950974] "DisplayName"="Sicherheitsupdate für Windows XP (KB950974)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe\"" [Uninstall\KB951066] "DisplayName"="Sicherheitsupdate für Windows XP (KB951066)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe\"" [Uninstall\KB951376-v2] "DisplayName"="Sicherheitsupdate für Windows XP (KB951376-v2)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe\"" [Uninstall\KB951698] "DisplayName"="Sicherheitsupdate für Windows XP (KB951698)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe\"" [Uninstall\KB951748] "DisplayName"="Sicherheitsupdate für Windows XP (KB951748)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe\"" [Uninstall\KB952004] "DisplayName"="Sicherheitsupdate für Windows XP (KB952004)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe\"" [Uninstall\KB952069_WM9] "DisplayName"="Sicherheitsupdate für Windows Media Player (KB952069)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\"" [Uninstall\KB952287] "DisplayName"="Hotfix für Windows XP (KB952287)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe\"" [Uninstall\KB952954] "DisplayName"="Sicherheitsupdate für Windows XP (KB952954)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe\"" [Uninstall\KB954155_WM9] "DisplayName"="Sicherheitsupdate für Windows Media Player (KB954155)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\"" [Uninstall\KB954211] "DisplayName"="Sicherheitsupdate für Windows XP (KB954211)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe\"" [Uninstall\KB954550-v5] "DisplayName"="Hotfix for Windows XP (KB954550-v5)" "UninstallString"="" [Uninstall\KB954600] "DisplayName"="Sicherheitsupdate für Windows XP (KB954600)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe\"" [Uninstall\KB955069] "DisplayName"="Sicherheitsupdate für Windows XP (KB955069)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe\"" [Uninstall\KB955839] "DisplayName"="Update für Windows XP (KB955839)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe\"" [Uninstall\KB956391] "DisplayName"="Sicherheitsupdate für Windows XP (KB956391)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe\"" [Uninstall\KB956572] "DisplayName"="Sicherheitsupdate für Windows XP (KB956572)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe\"" [Uninstall\KB956802] "DisplayName"="Sicherheitsupdate für Windows XP (KB956802)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe\"" [Uninstall\KB956803] "DisplayName"="Sicherheitsupdate für Windows XP (KB956803)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe\"" [Uninstall\KB956841] "DisplayName"="Sicherheitsupdate für Windows XP (KB956841)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe\"" [Uninstall\KB956844] "DisplayName"="Sicherheitsupdate für Windows XP (KB956844)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe\"" [Uninstall\KB957095] "DisplayName"="Sicherheitsupdate für Windows XP (KB957095)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe\"" [Uninstall\KB957097] "DisplayName"="Sicherheitsupdate für Windows XP (KB957097)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe\"" [Uninstall\KB958215] "DisplayName"="Sicherheitsupdate für Windows XP (KB958215)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe\"" [Uninstall\KB958470] "DisplayName"="Sicherheitsupdate für Windows XP (KB958470)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe\"" [Uninstall\KB958644] "DisplayName"="Sicherheitsupdate für Windows XP (KB958644)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe\"" [Uninstall\KB958687] "DisplayName"="Sicherheitsupdate für Windows XP (KB958687)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe\"" [Uninstall\KB958869] "DisplayName"="Sicherheitsupdate für Windows XP (KB958869)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe\"" [Uninstall\KB959426] "DisplayName"="Sicherheitsupdate für Windows XP (KB959426)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe\"" [Uninstall\KB960225] "DisplayName"="Sicherheitsupdate für Windows XP (KB960225)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe\"" [Uninstall\KB960714] "DisplayName"="Sicherheitsupdate für Windows XP (KB960714)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe\"" [Uninstall\KB960715] "DisplayName"="Sicherheitsupdate für Windows XP (KB960715)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe\"" [Uninstall\KB960803] "DisplayName"="Sicherheitsupdate für Windows XP (KB960803)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe\"" [Uninstall\KB960859] "DisplayName"="Sicherheitsupdate für Windows XP (KB960859)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe\"" [Uninstall\KB961118] "DisplayName"="Hotfix für Windows XP (KB961118)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe\"" [Uninstall\KB961371-v2] "DisplayName"="Sicherheitsupdate für Windows XP (KB961371-v2)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe\"" [Uninstall\KB961501] "DisplayName"="Sicherheitsupdate für Windows XP (KB961501)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe\"" [Uninstall\KB967715] "DisplayName"="Update für Windows XP (KB967715)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe\"" [Uninstall\KB968389] "DisplayName"="Update für Windows XP (KB968389)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe\"" [Uninstall\KB968537] "DisplayName"="Sicherheitsupdate für Windows XP (KB968537)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe\"" [Uninstall\KB968816_WM9] "DisplayName"="Sicherheitsupdate für Windows Media Player (KB968816)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\"" [Uninstall\KB969059] "DisplayName"="Sicherheitsupdate für Windows XP (KB969059)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe\"" [Uninstall\KB970238] "DisplayName"="Sicherheitsupdate für Windows XP (KB970238)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe\"" [Uninstall\KB970653-v3] "DisplayName"="Hotfix für Windows XP (KB970653-v3)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe\"" [Uninstall\KB971486] "DisplayName"="Sicherheitsupdate für Windows XP (KB971486)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe\"" [Uninstall\KB971557] "DisplayName"="Sicherheitsupdate für Windows XP (KB971557)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe\"" [Uninstall\KB971633] "DisplayName"="Sicherheitsupdate für Windows XP (KB971633)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe\"" [Uninstall\KB971657] "DisplayName"="Sicherheitsupdate für Windows XP (KB971657)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe\"" [Uninstall\KB971961] "DisplayName"="Sicherheitsupdate für Windows XP (KB971961)" "UninstallString"="" [Uninstall\KB972260] "DisplayName"="Sicherheitsupdate für Windows XP (KB972260)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe\"" [Uninstall\KB973346] "DisplayName"="Sicherheitsupdate für Windows XP (KB973346)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe\"" [Uninstall\KB973354] "DisplayName"="Sicherheitsupdate für Windows XP (KB973354)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe\"" [Uninstall\KB973507] "DisplayName"="Sicherheitsupdate für Windows XP (KB973507)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe\"" [Uninstall\KB973525] "DisplayName"="Sicherheitsupdate für Windows XP (KB973525)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe\"" [Uninstall\KB973540_WM9L] "DisplayName"="Sicherheitsupdate für Windows Media Player (KB973540)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe\"" "DisplayIcon"=expand:"\"%ProgramFiles%\windows media player\wmplayer.exe\"" [Uninstall\KB973815] "DisplayName"="Update für Windows XP (KB973815)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe\"" [Uninstall\KB973869] "DisplayName"="Sicherheitsupdate für Windows XP (KB973869)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe\"" [Uninstall\KB974112] "DisplayName"="Sicherheitsupdate für Windows XP (KB974112)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe\"" [Uninstall\KB974455] "DisplayName"="Sicherheitsupdate für Windows XP (KB974455)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe\"" [Uninstall\KB974455-IE7] "DisplayName"="Sicherheitsupdate für Windows Internet Explorer 7 (KB974455)" "UninstallString"="\"D:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe\"" "DisplayIcon"="D:\Programme\internet explorer\iexplore.exe" [Uninstall\KB974571] "DisplayName"="Sicherheitsupdate für Windows XP (KB974571)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe\"" [Uninstall\KB975025] "DisplayName"="Sicherheitsupdate für Windows XP (KB975025)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe\"" [Uninstall\KB975467] "DisplayName"="Sicherheitsupdate für Windows XP (KB975467)" "UninstallString"="\"D:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe\"" [Uninstall\kikin Plugin (Murb.com Edition)] "DisplayName"="kikin Plugin (Murb.com Edition) 1.11" "DisplayIcon"="D:\Programme\kikin\uninst.exe,0" "UninstallString"="D:\Programme\kikin\uninst.exe" [Uninstall\king.com] "DisplayName"="king.com (remove only)" "UninstallString"="\"D:\WINDOWS\king-uninstall.exe\"" [Uninstall\M953297] "DisplayName"="Microsoft .NET Framework 1.1 Security Update (KB953297)" "DisplayIcon"="D:\WINDOWS\system32\msiexec.exe" "UninstallString"="\"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe\" \"D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp\"" [Uninstall\Malwarebytes' Anti-Malware_is1] "DisplayName"="Malwarebytes' Anti-Malware" "DisplayIcon"="D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" "UninstallString"="\"D:\Programme\Malwarebytes' Anti-Malware\unins000.exe\"" [Uninstall\Microsoft .NET Framework 1.1 (1033)] "UninstallString"="msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" "DisplayName"="Microsoft .NET Framework 1.1" "DisplayIcon"="D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ndpsetup.ico" [Uninstall\Microsoft .NET Framework 3.5 Language Pack SP1 - deu] "DisplayIcon"="D:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 3.5 Language Pack SP1 - DEU" "UninstallString"="d:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe" [Uninstall\Microsoft .NET Framework 3.5 SP1] "DisplayIcon"="D:\WINDOWS\system32\msiexec.exe" "DisplayName"="Microsoft .NET Framework 3.5 SP1" "UninstallString"="D:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe" [Uninstall\mIRC] "DisplayIcon"="D:\Programme\mIRC\mirc.exe,0" "DisplayName"="mIRC" "UninstallString"="D:\Programme\mIRC\uninstall.exe _?=D:\Programme\mIRC" [Uninstall\Mozilla Firefox (3.0.14)] "DisplayIcon"="D:\Programme\Mozilla Firefox\firefox.exe,0" "DisplayName"="Mozilla Firefox (3.0.14)" "UninstallString"="D:\Programme\Mozilla Firefox\uninstall\helper.exe" [Uninstall\MSI30-Beta1] [Uninstall\MSI30-Beta2] [Uninstall\MSI30-KB884016] [Uninstall\MSI30-RC1] [Uninstall\MSI30-RC2] [Uninstall\MSI30a-KB884016] [Uninstall\MSI31-Beta] [Uninstall\MSI31-RC1] [Uninstall\NLSDownlevelMapping] "DisplayName"="Microsoft National Language Support Downlevel APIs" "UninstallString"="\"D:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe\"" [Uninstall\PCHealth] "UninstallString"="rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 D:\WINDOWS\INF\PCHealth.inf" [Uninstall\PKR] "DisplayName"="PKR" "UninstallString"="\"D:\Programme\PKR\uninstall-pkr.exe\"" [Uninstall\PokerStars] "DisplayName"="PokerStars" "UninstallString"="\"D:\Programme\PokerStars\PokerStarsUninstall.exe\" /u okerStars"[Uninstall\REAPER] "DisplayName"="REAPER" "UninstallString"="\"D:\Programme\REAPER\Uninstall.exe\"" [Uninstall\SAMSUNG Mobile Composite Device] "DisplayName"="SAMSUNG Mobile Composite Device Software" "UninstallString"="D:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe" [Uninstall\SAMSUNG Mobile Modem] "DisplayName"="SAMSUNG Mobile Modem Driver Set" "UninstallString"="D:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe" [Uninstall\Samsung Mobile phone USB driver] "DisplayName"="Samsung Mobile phone USB driver Software" "UninstallString"="D:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe" [Uninstall\SAMSUNG Mobile USB Modem] "DisplayName"="SAMSUNG Mobile USB Modem Software" "UninstallString"="D:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe" [Uninstall\SAMSUNG Mobile USB Modem 1.0] "DisplayName"="SAMSUNG Mobile USB Modem 1.0 Software" "UninstallString"="D:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe" [Uninstall\TuneUp Utilities] "DisplayName"="TuneUp Utilities" "UninstallString"="D:\Programme\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall" "DisplayIcon"="D:\Programme\TuneUp Utilities 2010\Integrator.exe" "InstallSource"="D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}\" [Uninstall\Uninstall_is1] "DisplayName"="Uninstall 1.0.0.1" "UninstallString"="\"D:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe\"" [Uninstall\VLC media player] "DisplayName"="VideoLAN VLC media player 0.8.6h" "UninstallString"="D:\Programme\VideoLAN\VLC\uninstall.exe" "DisplayIcon"="D:\Programme\VideoLAN\VLC\vlc.exe" [Uninstall\WIC] "DisplayName"="Windows Imaging Component" "UninstallString"="\"D:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe\"" [Uninstall\WinRAR archiver] "DisplayName"="WinRAR Archivierer" "UninstallString"="D:\Programme\WinRAR\uninstall.exe" [Uninstall\XpsEPSC] "DisplayName"="XML Paper Specification Shared Components Pack 1.0" "UninstallString"="" [Uninstall\XPSEPSCLP] "DisplayName"="XML Paper Specification Shared Components Language Pack 1.0" "UninstallString"="\"D:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe\"" [Uninstall\{052FDD78-A6EA-3187-8386-C82F4CA3A929}] "UninstallString"=expand:"MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}" "DisplayName"="Microsoft .NET Framework 3.5 Language Pack SP1 - deu" [Uninstall\{055EE59D-217B-43A7-ABFF-507B966405D8}] "UninstallString"="RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup \"D:\Programme\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe\" -l0x0 " "DisplayName"="ATI Catalyst Control Center" [Uninstall\{06A940CD-4924-485E-8500-476C9E08A820}] "DisplayName"="Samsung PC Studio 3" [Uninstall\{18063128-B9E1-AFAE-B7DD-2C313D2C375B}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Core-PreInstall\" "DisplayName"="ccc-core-preinstall" [Uninstall\{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}] "UninstallString"=expand:"MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}" "DisplayName"="MSXML 6 Service Pack 2 (KB954459)" [Uninstall\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}] "UninstallString"=expand:"MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" "DisplayName"="Google Earth" [Uninstall\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}] "UninstallString"="RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup \"D:\Programme\InstallShield Installation Information\{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}\setup.exe\" -l0x7 " "InstallSource"="D:\DOKUME~1\Dani\LOKALE~1\Temp\bye53.tmp\Disk1\" "DisplayName"="Intel Audio Studio 2.0" "DisplayIcon"="ARPPRODUCTICON.exe" [Uninstall\{2222B364-0854-4265-B32E-A142DB9DC7BB}] "InstallSource"="c:\appz\downloads\driver\lan_allos_11.2_pv_tl3_132319_full\APPS\PROSETDX\win32\" "UninstallString"="MsiExec.exe /i{2222B364-0854-4265-B32E-A142DB9DC7BB} ARPREMOVE=1" "DisplayName"="Intel(R) PRO Network Connections 11.2.0.69" [Uninstall\{24141F03-D9B2-D029-1C94-0BBA9977D173}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Skins\" "DisplayName"="Skins" [Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216016FF}] "DisplayIcon"="D:\Programme\Java\jre6\\bin\javaws.exe" "InstallSource"="D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Sun\Java\jre1.6.0_16\" "UninstallString"=expand:"MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}" "DisplayName"="Java(TM) 6 Update 16" [Uninstall\{2A425503-3D15-BE66-8781-3D153AF1F8A9}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Help\en-US\" "DisplayName"="CCC Help English" [Uninstall\{34ACF0AB-D649-47DC-A90C-6DF34C270D78}] "DisplayName"="Intel Audio Studio 2.0" [Uninstall\{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}] "InstallSource"="D:\WINDOWS\system32\" "DisplayName"="WebFldrs XP" [Uninstall\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}] "UninstallString"="RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup \"D:\Programme\InstallShield Installation Information\{3D1B20A6-E31D-4BB5-BC5C-DDD3B0D91728}\setup.exe\" -l0x7 -removeonly" "DisplayName"="Intel Audio Studio" "DisplayIcon"="ARPPRODUCTICON.exe" [Uninstall\{403EF592-953B-4794-BCEF-ECAB835C2095}] "InstallSource"="c:\appz\downloads\driver\lan_allos_11.2_pv_tl3_132319_full\APPS\PROSETDX\win32\" "UninstallString"=expand:"MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}" [Uninstall\{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}] "InstallSource"="D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype\{D103C4BA-F905-437A-8049-DB24763BBE36}\" "UninstallString"=expand:"MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" "DisplayName"="Skype web features" [Uninstall\{60DE4033-9503-48D1-A483-7846BD217CA9}] "UninstallString"="\"D:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe\" -runfromtemp -l0x0009 -removeonly" "DisplayName"="ICQ6.5" "DisplayIcon"="icq_install.ico" [Uninstall\{6FFE151F-BD3F-4B7A-A71A-5854C7E22839}] "UninstallString"=expand:"MsiExec.exe /I{6FFE151F-BD3F-4B7A-A71A-5854C7E22839}" "DisplayName"="TMPGEnc 4.0 XPress Testversion" [Uninstall\{7299052b-02a4-4627-81f2-1818da5d550d}] "UninstallString"=expand:"MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}" "DisplayName"="Microsoft Visual C++ 2005 Redistributable" [Uninstall\{7585478E9D9B42108671C12F8714CEFE}] "DisplayIcon"="D:\Programme\DivX\DivX Converter\Converter.exe,0" "UninstallString"="D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER" [Uninstall\{767CC44C-9BBC-438D-BAD3-FD4595DD148B}] "InstallSource"="D:\Programme\Gemeinsame Dateien\DivX Shared\" "UninstallString"=expand:"MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" "DisplayName"="VC80CRTRedist - 8.0.50727.762" [Uninstall\{77FF5817-ABA9-1294-2D3D-A29F8FDA8BAD}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Core-Static\" "DisplayName"="ccc-core-static" [Uninstall\{7B63B2922B174135AFC0E1377DD81EC2}] "DisplayName"="DivX Codec" "DisplayIcon"="D:\Programme\DivX\DivX Codec\config.exe,0" "UninstallString"="D:\Programme\DivX\DivXCodecUninstall.exe /CODEC" [Uninstall\{7E0AED65-CE72-3715-5FD0-A18C149B5BFF}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Graphics-Full-Existing\" "DisplayName"="Catalyst Control Center Graphics Full Existing" [Uninstall\{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}] "InstallSource"="D:\DOKUME~1\Dani\LOKALE~1\Temp\" "DisplayName"="TuneUp Utilities Language Pack (de-DE)" [Uninstall\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}] "UninstallString"=expand:"MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}" "DisplayName"="MSXML 4.0 SP2 (KB954430)" [Uninstall\{8ADFC4160D694100B5B8A22DE9DCABD9}] "DisplayName"="DivX Player" "UninstallString"="D:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER" "DisplayIcon"="D:\Programme\DivX\DivX Player\DivX Player.exe,0" [Uninstall\{8D6BCA55-8E9C-416E-823C-05E8123C3162}] "InstallSource"="D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations\{98DBD841-40B7-41E1-B00E-ABC33CEDDDE1}\" "UninstallString"=expand:"MsiExec.exe /I{8D6BCA55-8E9C-416E-823C-05E8123C3162}" "DisplayName"="Movavi Flash Converter" [Uninstall\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}] "UninstallString"=expand:"MsiExec.exe /I{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" "DisplayName"="OpenOffice.org 3.1" [Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] "UninstallString"=expand:"MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}" "DisplayName"="Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17" [Uninstall\{9DEE2DB4-D46C-E7CF-9465-802BD2077A0A}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Graphics-Light\" "DisplayName"="Catalyst Control Center Graphics Light" [Uninstall\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}] "UninstallString"=expand:"MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" "DisplayName"="Microsoft .NET Framework 3.0 Service Pack 2" [Uninstall\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}] "UninstallString"="RunDll32 D:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup \"D:\Programme\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe\" -l0x7 -remove -removeonly" "InstallSource"="D:\Programme\Intel Desktop Board\Audio\DISK1\" "DisplayName"="SigmaTel Audio" [Uninstall\{B13A7C41581B411290FBC0395694E2A9}] "DisplayName"="DivX Converter" "DisplayIcon"="D:\Programme\DivX\DivX Converter\Converter.exe,0" "UninstallString"="D:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER" [Uninstall\{B7050CBDB2504B34BC2A9CA0A692CC29}] "DisplayName"="DivX Web Player" "DisplayIcon"="D:\Programme\DivX\DivX Web Player\npdivx32.dll,0" "UninstallString"="D:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN" [Uninstall\{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}] "InstallSource"="D:\Programme\Sony Setup\Vegas Pro 8.0\" "UninstallString"=expand:"MsiExec.exe /X{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" "DisplayName"="Sony Vegas Pro 8.0" [Uninstall\{C02EDE17-BC2E-4393-70BD-36185ABEBFF7}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Graphics-Previews-Common\" "DisplayName"="Catalyst Control Center Graphics Previews Common" [Uninstall\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}] "UninstallString"=expand:"MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" "DisplayName"="Microsoft .NET Framework 2.0 Service Pack 2" [Uninstall\{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}] "UninstallString"=expand:"MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" "DisplayName"="Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU" [Uninstall\{C314CE45-3392-3B73-B4E1-139CD41CA933}] "UninstallString"=expand:"MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}" "DisplayName"="Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU" [Uninstall\{C4A4722E-79F9-417C-BD72-8D359A090C97}] "UninstallString"="\"D:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe\" -runfromtemp -l0x0007 -removeonly" "InstallSource"="E:\PC Studio\Samsung_PC_Studio_321_HC1.exe" "DisplayName"="Samsung PC Studio 3" "DisplayIcon"="D:\Programme\Samsung\Launcher.exe" [Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}] "DisplayIcon"="D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ndpsetup.ico" "UninstallString"=expand:"MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" "DisplayName"="Microsoft .NET Framework 1.1" [Uninstall\{CB5363FC-04F2-E3F2-78BD-A9A6DB63DB9E}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Utility\" "DisplayName"="ccc-utility" [Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}] "UninstallString"=expand:"MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" "DisplayName"="Microsoft .NET Framework 3.5 SP1" [Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB350003] [Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595] "DisplayName"="Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)" "UninstallString"="D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=\"\"" [Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB958484] "DisplayName"="Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)" "UninstallString"="D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=\"\"" [Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB960043] [Uninstall\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707] "DisplayName"="Update for Microsoft .NET Framework 3.5 SP1 (KB963707)" "UninstallString"="D:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=\"\"" [Uninstall\{D103C4BA-F905-437A-8049-DB24763BBE36}] "DisplayIcon"="D:\Programme\Skype\Phone\Skype.exe" "InstallSource"="D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\Skype\{D103C4BA-F905-437A-8049-DB24763BBE36}\" "UninstallString"=expand:"MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}" "DisplayName"="Skype™ 4.1" [Uninstall\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}] "InstallSource"="D:\Dokumente und Einstellungen\All Users.WINDOWS\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}\" "DisplayName"="TuneUp Utilities" [Uninstall\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}] "UninstallString"="\"D:\Programme\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe\" -runfromtemp -l0x0007 -removeonly" "InstallSource"="E:\USB Driver\Samsung_USB_Driver_Installer.exe" "DisplayName"="Samsung PC Studio 3 USB Driver Installer" [Uninstall\{F5982296-84CC-4D5B-B791-B03650F3380E}] "InstallSource"="D:\WINDOWS\Downloaded Installations\{5E213038-E2E6-485D-99F8-79C5F18E9296}\" "DisplayName"="Intel(R) Desktop Utilities" [Uninstall\{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}] "InstallSource"="D:\Dokumente und Einstellungen\Dani\Lokale Einstellungen\Anwendungsdaten\Downloaded Installations\{DEE21864-4059-47C5-B476-BC86742D4A4D}\" "UninstallString"=expand:"MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" "DisplayName"="Pinnacle VideoSpin" [Uninstall\{FEC22238-FB7E-5D07-F88A-78F15460073A}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Graphics-Full-New\" "DisplayName"="Catalyst Control Center Graphics Full New" [Uninstall\{FFD06ACB-DF8B-D34D-9F9E-CDA18C15E208}] "InstallSource"="C:\ATI\SUPPORT\7-4_xp_dd_ccc_wdm_enu_44981\CCC\Core-Implementation\" "DisplayName"="Catalyst Control Center Core Implementation" -----HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall----- ===================== HIJACKTHIS LOG ===================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:17:48, on 02.11.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16915) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\Ati2evxx.exe D:\WINDOWS\system32\spoolsv.exe D:\Programme\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\Programme\Intel Audio Studio\IntelAudioStudio.exe D:\Programme\Avira\AntiVir Desktop\avgnt.exe D:\WINDOWS\system32\ctfmon.exe D:\Programme\Avira\AntiVir Desktop\avguard.exe D:\Programme\Intel\IDU\awServ.exe D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe D:\Programme\ICQ6Toolbar\ICQ Service.exe D:\Programme\Java\jre6\bin\jqs.exe D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\Dokumente und Einstellungen\Dani\Desktop\sys22905.exe D:\DOKUME~1\Dani\LOKALE~1\Temp\nsvC.tmp\runme.exe D:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - D:\Programme\kikin\ie_kikin.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Programme\ICQ6Toolbar\ICQToolBar.dll O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "D:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [IntelAudioStudio] "D:\Programme\Intel Audio Studio\IntelAudioStudio.exe" TRAY O4 - HKLM\..\Run: [avgnt] "D:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ICQ] "D:\Programme\ICQ6.5\ICQ.exe" silent O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Alles mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://D:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://D:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - D:\Programme\kikin\ie_kikin.dll O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - D:\Programme\kikin\ie_kikin.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Programme\PokerStars\PokerStarsUpdate.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programme\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - D:\DOKUME~1\Dani\LOKALE~1\Temp\AVSETUP_4ac636d3\basic\avupgsvc.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - D:\Programme\Intel\IDU\awServ.exe O23 - Service: Google Updater Service (gusvc) - Google - D:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - D:\Programme\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Programme\Java\jre6\bin\jqs.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: TuneUp Drive Defrag-Dienst (TuneUp.Defrag) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- End of file - 6429 bytes ========================================== Scan completed in 7 minutes End of report ~~~~~~~~~~~~~~~~~~~~~-----CREDITS-----~~~~~~~~~~~~~~~~~~~~~ SystemScan uses some freeware tools that remain property of their authors: * SteelWerX Registry Console Tool, Who Am I (Bobby Flekman: www.xs4all.nl/~fstaal01) --> "Registry scan", "PC accounts " * dumphive (Markus Stephany)--> "Registry scan" * Listdlls (M.Russinovich, B.Cogswell: www.sysinternals.com) --> "Loaded modules" * Catchme & MBR Rootkit detector (gmer: www.gmer.net) --> "Hidden objects", "Alternate Data Streams" & "Master Boot Record" ---> NOTE: SystemScan integrates "The Avenger" from Swandog46 (http://swandog46.geekstogo.com) to allow you to remove malwares found in this log Thanks to all of them for their hard work |
|
|
|
|
|
|
02.11.2009, 16:22
Member
Themenstarter Beiträge: 69 |
#68
so das war es, ich glaub ich hab zuviel gemacht, da ich es nicht ganz gecheckt hatte
|
|
|
|
|
|
|
02.11.2009, 16:35
Member
Beiträge: 3716 |
#69
kannst du mal die windows suche verwenden, auf optionen gehen und versteckte und systemdateien einschließen auswählen und schauen ob du eine evvwfd.exe
finden kannst. desweiteren prüfe bei virustotal: D:\Dokumente und Einstellungen\Dani\Anwendungsdaten\Microsoft\svchost.exe und poste das ergebniss |
|
|
|
|
|
|
02.11.2009, 16:48
Member
Themenstarter Beiträge: 69 |
#70
also dieses evvwfd.exe findet es nicht aber ich hab das schonmal iwo gesehen auf meinem pc, aber unter dem Ordner Microsoft sind nur weiter ordner, keine exe oder so
|
|
|
|
|
|
|
02.11.2009, 17:11
Member
Beiträge: 3716 |
#71
a, sorry malwarebytes hatts schon gelöscht.
so: 1. Download atf cleaner und bereinige deinen PC: http://virus-protect.org/tmp1.html 2. Rechtsklick auf Arbeitsplatz,eigenschaften,Systemwiederherstellung. Wähle auf allen laufwerken deaktivieren, übernehmen ok. Warten bis der PC aufhört zu arbeiten, dann wieder einschalten. 3. öffne avira, klicke konfiguration und hake den expertenmodus an. Gehe dann auf scanner und öffne diese liste.alles aktivieren außer symbolischen verknüpfungen folgen. bei archive bitte alle archive auswählen recoursionstiefe einschrenken aus und den rest aktiev lassen. heuristik beide einschalten, Stufe hoch. allgemein, gefahrenkategorien alle auswählen. ok klicken. Nun bitte Avira updaten. Danach klicke in avira auf lokaler Schutz und lokale laufwerke. Funde in Quarantäne, Log posten. Als nächstes lokaler Schutz und Rootkitsuche. Warnmeldung am ende mit nein anklicken und auch dieses log posten. |
|
|
|
|
|
|
02.11.2009, 17:13
Member
Themenstarter Beiträge: 69 |
#72
was soll ich bei atf auswählen?
da kann man auswählen files do delet |
|
|
|
|
|
|
02.11.2009, 17:18
Member
Beiträge: 3716 |
#73
select all
und emty selected |
|
|
|
|
|
|
02.11.2009, 17:20
Member
Themenstarter Beiträge: 69 |
#74
ok........
|
|
|
|
|
|
|
02.11.2009, 18:47
Member
Themenstarter Beiträge: 69 |
#75
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 2. November 2009 17:30 Es wird nach 1854592 Virenstämmen gesucht. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 2) [5.1.2600] Boot Modus : Normal gebootet Benutzername : Dani Computername : DANI-CA5F8D0997 Versionsinformationen: BUILD.DAT : 9.0.0.410 18074 Bytes 25.09.2009 11:51:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21.07.2009 12:36:08 AVSCAN.DLL : 9.0.3.0 49409 Bytes 13.02.2009 11:04:10 LUKE.DLL : 9.0.3.2 209665 Bytes 20.02.2009 10:35:44 LUKERES.DLL : 9.0.2.0 13569 Bytes 26.01.2009 09:41:59 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 11:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24.06.2009 08:21:42 ANTIVIR2.VDF : 7.1.6.160 5413376 Bytes 28.10.2009 14:25:00 ANTIVIR3.VDF : 7.1.6.178 114688 Bytes 02.11.2009 14:16:14 Engineversion : 8.2.1.53 AEVDF.DLL : 8.1.1.2 106867 Bytes 03.10.2009 17:50:43 AESCRIPT.DLL : 8.1.2.43 528764 Bytes 01.11.2009 14:25:27 AESCN.DLL : 8.1.2.5 127346 Bytes 03.10.2009 17:50:33 AERDL.DLL : 8.1.3.2 479604 Bytes 03.10.2009 17:50:30 AEPACK.DLL : 8.2.0.2 422263 Bytes 23.10.2009 14:14:48 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23.07.2009 08:59:39 AEHEUR.DLL : 8.1.0.173 2064760 Bytes 01.11.2009 14:25:23 AEHELP.DLL : 8.1.7.0 237940 Bytes 03.10.2009 17:49:53 AEGEN.DLL : 8.1.1.70 364917 Bytes 01.11.2009 14:25:05 AEEMU.DLL : 8.1.1.0 393587 Bytes 03.10.2009 17:49:46 AECORE.DLL : 8.1.8.1 184693 Bytes 03.10.2009 17:49:42 AEBB.DLL : 8.1.0.3 53618 Bytes 09.10.2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12.12.2008 07:47:56 AVPREF.DLL : 9.0.3.0 44289 Bytes 03.10.2009 17:50:43 AVREP.DLL : 8.0.0.3 155905 Bytes 20.01.2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07.11.2008 14:25:04 AVARKT.DLL : 9.0.0.3 292609 Bytes 24.03.2009 14:05:37 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30.01.2009 09:37:04 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28.01.2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02.02.2009 07:21:28 NETNT.DLL : 9.0.0.0 11521 Bytes 07.11.2008 14:41:21 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15.05.2009 14:35:17 RCTEXT.DLL : 9.0.37.0 87809 Bytes 17.04.2009 09:13:12 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Lokale Laufwerke Konfigurationsdatei...................: d:\programme\avira\antivir desktop\alldrives.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, E:, F:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Optimierter Suchlauf..................: ein Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: aus Archiv Smart Extensions...............: ein Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Montag, 2. November 2009 17:30 Der Suchlauf nach versteckten Objekten wird begonnen. Es wurden '35731' Objekte überprüft, '0' versteckte Objekte wurden gefunden. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TeamSpeak.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiapsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesApp32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TuneUpUtilitiesService32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ICQ Service.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleUpdaterService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'awServ.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IntelAudioStudio.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ati2evxx.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Es wurden '30' Prozesse mit '30' Modulen durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '49' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <Media & Tools> Beginne mit der Suche in 'D:\' D:\pagefile.sys [WARNUNG] Die Datei konnte nicht geöffnet werden! [HINWEIS] Bei dieser Datei handelt es sich um eine Windows Systemdatei. [HINWEIS] Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann. D:\Dokumente und Einstellungen\Dani\Desktop\Installationsdateien\SDFix.exe [0] Archivtyp: RAR SFX (self extracting) [FUND] Enthält Erkennungsmuster der Anwendung APPL/PrcView.E Beginne mit der Suche in 'E:\' <office2007> Beginne mit der Suche in 'F:\' Der zu durchsuchende Pfad F:\ konnte nicht geöffnet werden! Systemfehler [21]: Das Gerät ist nicht bereit. Beginne mit der Desinfektion: D:\Dokumente und Einstellungen\Dani\Desktop\Installationsdateien\SDFix.exe [FUND] Enthält Erkennungsmuster der Anwendung APPL/PrcView.E [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4b351a14.qua' verschoben! Ende des Suchlaufs: Montag, 2. November 2009 18:41 Benötigte Zeit: 1:11:08 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 11508 Verzeichnisse wurden überprüft 458482 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 1 Dateien konnten nicht durchsucht werden 458480 Dateien ohne Befall 4046 Archive wurden durchsucht 1 Warnungen 2 Hinweise 35731 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten