Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Amazon-Konto gehackt, Passwort geändert

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.11.2012, 20:03   #1
Rosarabbit
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



Hallo zusammen,

Gratulation und Dank an die Betreiber dieser Site.
Wie bereits im Betreff genannt, wurde mein Amazonkonto gehackt.
Ausgerechnet in einer Woche, in der ich meine EMails nicht kontrollierte.
Tage später fallen mir zwei EMails von Amazon auf. In der ersten Mail meldet mir Amazone die Passwortänderung und in der zweiten Mail war die Aufforderung zur Änderungsbestätigung.
Natürlich habe ich den Bestätigungslink nicht verwendet!
Den PC benutze ich alleine und wusste daher sofort das etwas faul ist.
Zur Probe Einloggen bei Amazon scheiterte am falschen Passwort.
Der Telefonsupport von Amazon bestätigte die Passwortänderung und das keine Bestellungen seit der Änderung aufgegeben wurden.
Per EMail ermöglichte mir Amazon, nach Identifizierung durch die Abfrage alter Bestellunterlagen, die Rücksetzung der Passwortänderung.
Bisher glaubte ich, mich recht umsichtig und sicher im INet zu bewegen.
Meine finanziellen Möglichkeiten sind begrenzt, deshalb vertraute ich als Schutz auf "Microsoft Security Essentials" und die Windows7-Firewall.
Malwarebytes fand allerdings zwei Bedrohungen.
Was mich nun beschäftigt ist, wie ich die Sicherheitslücke schließen und die Bedrohungen auf meinem PC entfernen kann. Damit ich mich wieder ein wenig sicher fühlen kann, würde es mir helfen zu verstehen, wie es den/dem Angreifer(n) möglich war an mein Passwort bei Amazon zu kommen und den Link der Bestätigungsemail von Amazone abzufangen?
Kann ich meine Überweisungen noch per PC erledigen uvm.?
Mit der Bitte und Hoffnung auf Hilfe und Antworten habe ich alle gewünschten Scanns als Zipfile angehängt.

Mfg


Nachtrag:
Beim Weitersuchen auf diesem Board bin ich über den Dateinamen "virtumonde.dll" gestolpert. Bei meinen Scanns, u. A. mit Spybot S&D viel mir auf, das Spybot S&D eine sehr lange Zeit in der Statusleiste den Dateinamen "virtumonde.dll" anzeigte.
Meldete aber nach Scannende das alles in Ordnung sei.

Geändert von Rosarabbit (01.11.2012 um 20:27 Uhr)

Alt 01.11.2012, 20:57   #2
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



hi
die meldung bedeutet nur, dass spybot nach einer speziellen malware gesucht hatt, nicht das sie auf dem pc ist

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
F3:64bit: - HKU\S-1-5-21-1434016917-521015552-1996562822-1001 WinNT: Load - (C:\Users\FrauHo~1\LOCALS~1\Temp\msbkxi.exe) - C:\Users\FrauHo~1\LOCALS~1\Temp\msbkxi.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-1434016917-521015552-1996562822-1001 WinNT: Load - (C:\Users\FrauHo~1\LOCALS~1\Temp\msbkxi.exe) - C:\Users\FrauHo~1\LOCALS~1\Temp\msbkxi.exe (Microsoft Corporation)
 :Files
:Commands
[Reboot]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 02.11.2012, 12:37   #3
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



weiter hiermit:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
__________________

Alt 02.11.2012, 16:16   #4
Rosarabbit
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



Hi, thx für die Hilfe. Leider kann ich nach Combofix keine Internetverbindung mehr herstellen. Das Tool lief durch, rebootete und erstellte das Log-File. Die Fehlermeldung nach dem Neustart kam auch. Nach dem darauf durchgeführten Reboot ist keine INetverbindung mehr möglich. Das Logfile sende ich sobald als möglich über den Uploadchannel.

Alt 02.11.2012, 17:07   #5
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



poste das log mal bitte hier im thema

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2012, 17:32   #6
Rosarabbit
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-11-02.02 - FrauHolle 02.11.2012  14:51:44.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2681 [GMT 1:00]
ausgeführt von:: c:\users\FrauHolle\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\B3B1E585D2.sys
c:\users\FrauHolle\AppData\Local\assembly\tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\SET940B.tmp
c:\windows\SysWow64\SET94D7.tmp
c:\windows\SysWow64\SET9517.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-10-02 bis 2012-11-02  ))))))))))))))))))))))))))))))
.
.
2012-11-02 13:59 . 2012-11-02 13:59	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-02 11:22 . 2012-11-02 11:22	--------	d-----w-	C:\_OTL
2012-11-01 22:41 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF5E4A5E-25AD-409C-BFB2-18125CD786EF}\mpengine.dll
2012-11-01 01:29 . 2012-11-01 01:29	--------	d-----w-	c:\users\FrauHolle\AppData\Roaming\AVG2013
2012-11-01 01:28 . 2012-11-01 01:28	--------	d-----w-	c:\users\FrauHolle\AppData\Roaming\TuneUp Software
2012-11-01 01:27 . 2012-11-01 01:29	--------	d-----w-	c:\programdata\AVG2013
2012-11-01 01:27 . 2012-11-01 01:27	--------	d-----w-	C:\$AVG
2012-11-01 01:23 . 2012-11-02 09:59	--------	d-----w-	c:\programdata\MFAData
2012-11-01 01:23 . 2012-11-01 01:32	--------	d-----w-	c:\users\FrauHolle\AppData\Local\Avg2013
2012-11-01 01:23 . 2012-11-01 01:23	--------	d--h--w-	c:\programdata\Common Files
2012-11-01 01:23 . 2012-11-01 01:23	--------	d-----w-	c:\users\FrauHolle\AppData\Local\MFAData
2012-10-31 19:29 . 2012-10-31 19:31	--------	d-----w-	c:\program files (x86)\Sicherheit
2012-10-31 19:23 . 2012-10-12 07:19	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-31 18:33 . 2012-10-31 18:33	--------	d-----w-	c:\users\FrauHolle\AppData\Roaming\Malwarebytes
2012-10-31 18:32 . 2012-10-31 18:32	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-31 18:32 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-31 18:32 . 2012-10-31 18:35	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-30 11:56 . 2012-10-30 12:07	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-10-22 09:32 . 2012-10-28 22:04	--------	d-----w-	c:\users\FrauHolle\AppData\Roaming\.minecraft
2012-10-21 08:24 . 2012-09-24 21:16	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-20 16:55 . 2012-10-02 15:28	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7307717A-DF3D-4646-B028-850C362AC8BC}\gapaengine.dll
2012-10-18 10:42 . 2012-10-18 10:42	10220472	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-10-17 20:55 . 2012-10-27 14:59	--------	d-----w-	c:\users\FrauHolle\AppData\Roaming\pdfforge
2012-10-17 20:55 . 2012-07-29 11:59	96768	----a-w-	c:\windows\system32\pdfcmon.dll
2012-10-17 20:55 . 2012-05-05 09:54	662288	----a-w-	c:\windows\SysWow64\MSCOMCT2.OCX
2012-10-17 20:55 . 2012-05-05 09:54	137000	----a-w-	c:\windows\SysWow64\MSMAPI32.OCX
2012-10-17 20:55 . 2012-05-05 09:54	23552	----a-w-	c:\windows\SysWow64\MSMPIDE.DLL
2012-10-17 20:55 . 1998-07-06 16:56	125712	----a-w-	c:\windows\SysWow64\VB6DE.DLL
2012-10-17 20:55 . 1998-07-06 16:55	158208	----a-w-	c:\windows\SysWow64\MSCMCDE.DLL
2012-10-17 20:55 . 1998-07-06 16:55	64512	----a-w-	c:\windows\SysWow64\MSCC2DE.DLL
2012-10-17 20:55 . 2012-10-17 20:56	--------	d-----w-	c:\program files (x86)\PDFCreator
2012-10-10 12:28 . 2012-08-24 18:05	220160	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 12:28 . 2012-08-24 16:57	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 12:28 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 12:28 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 12:28 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 12:28 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-10 12:28 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 12:28 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 12:28 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 12:28 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 12:28 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 12:28 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 00:27 . 2012-11-01 14:26	--------	d-----w-	c:\users\FrauHolle\AppData\Roaming\Dropbox
2012-10-09 23:53 . 2012-10-31 20:08	--------	d-----w-	c:\users\FrauHolle\Attack Surface Analyzer
2012-10-08 00:53 . 2012-10-08 00:53	--------	d-----w-	c:\users\FrauHolle\AppData\Local\NBTExplorer
2012-10-05 02:26 . 2012-10-05 02:26	111456	----a-w-	c:\windows\system32\drivers\avgmfx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 10:42 . 2012-04-05 12:54	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-18 10:42 . 2011-12-29 23:42	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 15:28 . 2012-06-13 11:27	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-02 02:30 . 2012-10-02 02:30	185696	----a-w-	c:\windows\system32\drivers\avgldx64.sys
2012-09-27 23:18 . 2011-12-16 19:11	65309168	----a-w-	c:\windows\system32\MRT.exe
2012-09-21 02:46 . 2012-09-21 02:46	200032	----a-w-	c:\windows\system32\drivers\avgtdia.sys
2012-09-21 02:46 . 2012-09-21 02:46	225120	----a-w-	c:\windows\system32\drivers\avgloga.sys
2012-09-21 02:45 . 2012-09-21 02:45	61792	----a-w-	c:\windows\system32\drivers\avgidsha.sys
2012-09-15 11:26 . 2012-09-15 11:26	65536	----a-r-	c:\users\FrauHolle\AppData\Roaming\Microsoft\Installer\{46998273-861A-4540-B4F5-1A6B4CF76EDE}\_103DA28882E8_4215_A872_BD1EF114B86A.exe
2012-09-14 02:05 . 2012-09-14 02:05	40800	----a-w-	c:\windows\system32\drivers\avgrkx64.sys
2012-09-13 02:11 . 2012-09-13 02:11	151904	----a-w-	c:\windows\system32\drivers\avgidsdrivera.sys
2012-09-11 13:44 . 2012-09-11 13:44	163840	----a-w-	c:\windows\LgxSetup.exe
2012-09-05 07:29 . 2012-08-14 21:19	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-09-05 07:29 . 2011-12-14 15:20	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-09-04 15:13 . 2012-09-04 15:13	38520	----a-w-	c:\windows\SysWow64\RGBAcodec.dll
2012-08-30 20:03 . 2012-08-30 20:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2011-04-27 14:25	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-29 18:46 . 2012-08-29 18:46	53248	----a-r-	c:\users\FrauHolle\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-08-29 18:46 . 2011-12-14 00:23	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2012-08-24 21:15 . 2011-12-14 00:15	560184	----a-w-	c:\windows\system32\drivers\sptd.sys
2012-08-24 11:15 . 2012-09-25 23:36	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-25 23:36	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-25 23:36	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-25 23:36	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-25 23:36	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-25 23:36	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-25 23:36	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-25 23:36	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-25 23:36	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-25 23:36	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-25 23:36	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-25 23:36	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-25 23:36	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-25 23:37	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-25 23:37	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-25 23:36	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-25 23:36	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-25 23:36	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-25 23:36	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-25 23:36	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-25 23:36	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-25 23:37	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-19 10:24	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-19 10:24	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-19 10:24	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-19 10:24	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-27 10:56	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 12:29	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-08-15 16:52 . 2012-08-15 16:52	4472832	----a-w-	c:\windows\SysWow64\GPhotos.scr
2012-08-07 10:36 . 2012-09-18 15:36	35112	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	94208	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
c:\users\FrauHolle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]
FRITZ!DSL Startcenter.lnk - c:\users\FrauHolle\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2011-12-14 80896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nach Updates suchen.lnk - c:\program files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe [2009-4-17 238864]
PrintKey-Pro.lnk - c:\program files (x86)\Warecentral\PrintKey-Pro\PKey_Pro.exe [2003-9-19 1637888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"CTxfiHlp"=CTXFIHLP.EXE
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-14 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 202776]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 94744]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [2009-06-10 1627520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-25 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-28 239616]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984]
S3 3xHybr64;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybr64.sys [2006-12-11 1413592]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 azvusb;Virtual USB Hub;c:\windows\system32\DRIVERS\azvusb.sys [2009-08-24 54784]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 202776]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 94744]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2012-08-07 35112]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:42]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 11:43]
.
2012-11-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-14 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19	97792	----a-w-	c:\users\FrauHolle\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\FrauHolle\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\FrauHolle\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - c:\users\FrauHolle\AppData\Roaming\Mozilla\Firefox\Profiles\wthwlk8y.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Herrscher des Olymp - Zeus - c:\windows\IsUn0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\1394ohci]
"ImagePath"="\SystemRoot\system32\drivers\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\3xHybr64]
"ImagePath"="system32\DRIVERS\3xHybr64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aksdf]
"ImagePath"="\??\c:\windows\system32\drivers\aksdf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aksfridge]
"ImagePath"="\??\c:\windows\system32\drivers\aksfridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AMD External Events Utility]
"ImagePath"="%SystemRoot%\system32\atiesrxx.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdkmdap]
"ImagePath"="system32\DRIVERS\atikmpag.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\DRIVERS\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\DRIVERS\arc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\DRIVERS\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASAPIW2k]
"ImagePath"="system32\drivers\ASAPIW2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET_1.1.4322]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Atierecord]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AtiHDAudioService]
"ImagePath"="system32\drivers\AtihdW76.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\azvusb]
"ImagePath"="system32\DRIVERS\azvusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\DRIVERS\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\DRIVERS\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CompositeBus]
"ImagePath"="\SystemRoot\system32\drivers\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\DRIVERS\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Creative Audio Engine Licensing Service]
"ImagePath"="\"c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CSC]
"ImagePath"="system32\drivers\csc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CscService]
"ServiceDll"="%SystemRoot%\System32\cscsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CT20XUT]
"ImagePath"="system32\drivers\CT20XUT.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CT20XUT.SYS]
"ImagePath"="\SystemRoot\System32\drivers\CT20XUT.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctac32k]
"ImagePath"="system32\drivers\ctac32k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctaud2k]
"ImagePath"="system32\drivers\ctaud2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CTAudSvcService]
"ImagePath"="c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CTEXFIFX]
"ImagePath"="system32\drivers\CTEXFIFX.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CTEXFIFX.SYS]
"ImagePath"="\SystemRoot\System32\drivers\CTEXFIFX.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CTHWIUT]
"ImagePath"="system32\drivers\CTHWIUT.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\CTHWIUT.SYS]
"ImagePath"="\SystemRoot\System32\drivers\CTHWIUT.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctprxy2k]
"ImagePath"="system32\drivers\ctprxy2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ctsfm2k]
"ImagePath"="system32\drivers\ctsfm2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\DRIVERS\evbda.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ElbyCDIO]
"ImagePath"="System32\Drivers\ElbyCDIO.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\emupia]
"ImagePath"="system32\drivers\emupia2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\DRIVERS\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\gusvc]
"ImagePath"="\"c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ha20x2k]
"ImagePath"="system32\drivers\ha20x2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hardlock]
"ImagePath"="\??\c:\windows\system32\drivers\hardlock.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hasplms]
"ImagePath"="c:\windows\system32\hasplms.exe  -run"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HDAudBus]
"ImagePath"="\SystemRoot\system32\drivers\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\DRIVERS\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IGDCTRL]
"ImagePath"="\"c:\program files\FRITZ!DSL\IGDCTRL.EXE\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\DRIVERS\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KMService]
"ImagePath"="c:\windows\system32\srvany.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LBTServ]
"ImagePath"="c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LGBusEnum]
"ImagePath"="system32\drivers\LGBusEnum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LGVirHid]
"ImagePath"="system32\drivers\LGVirHid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LHidFilt]
"ImagePath"="system32\DRIVERS\LHidFilt.Sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LMouFilt]
"ImagePath"="system32\DRIVERS\LMouFilt.Sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\LUsbFilt]
"ImagePath"="System32\Drivers\LUsbFilt.Sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MarvinBus]
"ImagePath"="system32\DRIVERS\MarvinBus64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\massfilter]
"ImagePath"="system32\drivers\massfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMProtector]
"ImagePath"="\??\c:\windows\system32\drivers\mbam.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMScheduler]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MBAMService]
"ImagePath"="\"c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\DRIVERS\megasas.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\DRIVERS\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MozillaMaintenance]
"ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpFilter]
"ImagePath"="system32\DRIVERS\MpFilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msahci]
"ImagePath"="\SystemRoot\system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsMpSvc]
"ImagePath"="\"c:\program files\Microsoft Security Client\MsMpEng.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\mssmbios]
"ImagePath"="\SystemRoot\system32\drivers\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\DRIVERS\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\DRIVERS\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NisDrv]
"ImagePath"="system32\DRIVERS\NisDrvWFP.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NisSrv]
"ImagePath"="\"c:\program files\Microsoft Security Client\NisSrv.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nm]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NMSAccess]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NMSAccessU]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NVENETFD]
"ImagePath"="system32\DRIVERS\nvm62x64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvraid]
"ImagePath"="system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nvstor]
"ImagePath"="system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ossrv]
"ImagePath"="system32\drivers\ctoss2k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Outlook]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\DRIVERS\parport.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\DRIVERS\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PeerDistSvc]
"ServiceDll"="%SystemRoot%\system32\peerdistsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Ph3xIB64]
"ImagePath"="system32\DRIVERS\Ph3xIB64.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\DRIVERS\processr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PSI_SVC_2_x64]
"ImagePath"="\"c:\program files\Common Files\Protexis\License Service\PsiService_2.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdpbus]
"ImagePath"="system32\DRIVERS\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPDR]
"ImagePath"="System32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\RTL2832U_IRHID_PARA]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\s3cap]
"ImagePath"="\SystemRoot\system32\drivers\vms3cap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serenum]
"ImagePath"="\SystemRoot\system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Serial]
"ImagePath"="\SystemRoot\system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\DRIVERS\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\DRIVERS\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\DRIVERS\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\skfiltv]
"ImagePath"="system32\drivers\skfiltv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\sptd]
"ImagePath"="\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\DRIVERS\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\storflt]
"ImagePath"="system32\drivers\vmstorfl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\StorSvc]
"ServiceDll"="%SystemRoot%\system32\storsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\storvsc]
"ImagePath"="\SystemRoot\system32\drivers\storvsc.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swenum]
"ImagePath"="\SystemRoot\system32\drivers\swenum.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TeamViewer7]
"ImagePath"="c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\teamviewervpn]
"ImagePath"="system32\DRIVERS\teamviewervpn.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermDD]
"ImagePath"="\SystemRoot\system32\drivers\termdd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\DRIVERS\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UmRdpService]
"ServiceDll"="%SystemRoot%\System32\umrdp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VClone]
"ImagePath"="system32\DRIVERS\VClone.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmbus]
"ImagePath"="system32\drivers\vmbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMBusHID]
"ImagePath"="\SystemRoot\system32\drivers\VMBusHID.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vmci]
"ImagePath"="system32\DRIVERS\vmci.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VMnetAdapter]
"ImagePath"="system32\DRIVERS\vmnetadapter.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vpcbus]
"ImagePath"="system32\DRIVERS\vpchbus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vpcnfltr]
"ImagePath"="system32\DRIVERS\vpcnfltr.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vpcusb]
"ImagePath"="system32\DRIVERS\vpcusb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vpcvmm]
"ImagePath"="system32\drivers\vpcvmm.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\DRIVERS\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\vwifibus]
"ImagePath"="\SystemRoot\System32\drivers\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\VxD]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\DRIVERS\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WatAdminSvc]
"ImagePath"="%SystemRoot%\system32\Wat\WatAdminSvc.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\DRIVERS\wd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinUsb]
"ImagePath"="system32\DRIVERS\WinUsb.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiAcpi]
"ImagePath"="\SystemRoot\system32\drivers\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ZTEusbmdm6k]
"ImagePath"="system32\DRIVERS\ZTEusbmdm6k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ZTEusbnmea]
"ImagePath"="system32\DRIVERS\ZTEusbnmea.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ZTEusbser6k]
"ImagePath"="system32\DRIVERS\ZTEusbser6k.sys"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{20D14F9C-A596-415D-B649-6CFD9517F1BC}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{5D70B3AC-2949-4FEE-81B6-CCD6DD72D936}]
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{E717C688-7563-43C0-BFA2-5DB6BC24AFCD}]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1434016917-521015552-1996562822-1001\Software\SecuROM\License information*]
"datasecu"=hex:94,6c,84,85,0f,8a,5b,96,70,b1,4f,6a,4e,69,f7,32,ec,8c,e6,9a,53,
   a7,b4,ca,03,cc,ff,77,93,33,f0,ba,78,3b,6e,68,59,38,cd,23,37,5c,bf,ac,11,d0,\
"rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,53,dc,09,ef,63,
   f8,9f,26,c8,28,51,af,b0,29,a3,98,09,2d,fd,ba,13,ee,9b,e4,e2,63,26,f1,3f,c8,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,ea,f6,fc,b7,1e,
   9a,c7,34,71,3b,04,66,8b,46,0d,96,5e,f6,f1,6c,a8,9c,a8,72,6a,9c,d6,61,af,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,5c,33,dc,50,06,
   ac,ae,28,25,da,ec,7e,55,20,c9,26,6e,ef,2b,47,45,5f,84,5d,ff,7c,85,e0,43,d4,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,83,db,0d,9a,b7,
   fb,b1,9f,3e,1e,9e,e0,57,5a,93,61,72,55,6c,cb,02,0a,d5,ed,86,8c,21,01,be,91,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,35,3b,07,61,ca,
   30,5f,8e,cd,44,cd,b9,a6,33,6c,cd,8d,0b,19,fb,0f,08,fe,b6,f5,1d,4d,73,a8,13,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,b6,91,36,ff,47,
   be,0c,22,b0,18,ed,a7,3f,8d,37,a4,bf,43,f6,94,27,7f,4f,ac,df,20,58,62,78,6b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,5b,ea,f5,9e,c7,
   86,97,6f,31,77,e1,ba,b1,f8,68,02,7d,50,bc,a6,87,4e,02,5d,fb,a7,78,e6,12,2f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ee,e3,02,99,72,
   ce,73,79,83,6c,56,8b,a0,85,96,ab,53,3f,a2,70,c6,62,98,58,01,3a,48,fc,e8,04,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6e,b9,57,49,ad,
   03,4e,dc,51,fa,6e,91,28,9e,14,cc,85,ca,37,78,2b,62,6a,ad,f6,0f,4e,58,98,5b,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,9e,11,29,2f,d2,
   61,47,29,b1,cd,45,5a,a8,c4,f8,b9,b4,af,1e,9b,a7,13,84,6a,3d,ce,ea,26,2d,45,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,9d,5f,61,b7,7c,
   8b,7e,d3,e3,0e,66,d5,eb,bc,2f,6b,56,38,ed,5a,7b,8a,27,66,2a,b7,cc,b5,b9,7f,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\Windows\\SysWow64\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,c9,fd,12,3c,17,
   fd,6a,cf,fa,ea,66,7f,d4,3b,6b,70,f9,81,21,68,4a,11,2c,a5,6c,43,2d,1e,aa,22,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OOSE05.00.00.01PRO"="7B9E186E9DD58140A6A0BA6A68F4DF3CA4380A6919684953AD6BD938F64FE94B043869F2A8445B3D3F29224009D22777ADB86E578A4867A83F06995B33CD70E80857C50121D70682CC74E8881F5E2F141F4364874DED88861443257C548032C4F54F553EB1ACCBD39DAF21308AA0FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB3452A6A0AC4980AC7933A9C6AECB7A5D1407E1190C92A385E3A9AEF747F4F4FE19E71523DD4D5F1455D0CFA7F168628EE771C69F4937E116D83A86429B626D65407E4A4BF2300DD7ADB91B2299B5293D9CB4745F96DC79047B6A8120BF3B09B2464A681FD33447AFA4BEA52B2D6B2CD8A991F1E3FD8FE96E910F40CE1D67B0C8208D48B26ABCFEE1812DA1CAB78B06AF45016BC8C70C98C7DFF1079FE081345F457EE72B64E10D8C0ECA679D874BB5E12BF631BC0645CCD7B44E40F778D8C283B3C768C433F02B2016CB6FD12E9321661A53B6050AE23438DC5678CF9B72F214EB07904B0AEA77E0EBDCD9A981830C07547193F9EA3EDD58AE30DE36BF843DC4F1CE4B226483F3E8E61CEAFD9CEA25E1209B058884663FFA80F14B4B21FA001DCDA3A3BE7D2487A35E1D87B95DCF796848126A30769D2FB62D2B3345C074FBFA8D804DADD7687C5232E6BB5C666C7EE01C89C684A2DAEC7596DCB6ECE3C6560B42D41F8AB821020A4174B5F79BAD8AE26EA942AE31C796771FF9151F10779A537E80900AA75229B3F3344935AAB4D75E948D2A6C8C4430CEAD6DB24D9242B22BDCD9426FF2B5688AB2896CCEFE588794E8476C0A64E1A3E2AF931AFD7D18723DF9AB7318ACB69B226A4CBA93CA211D9B4DD81FEF2BE63DED13BDF648A21B0F8A74B20C7127F57FDC8EC6F2E7064C7E5C203B789419CD2DFECCB09A5B1AA2A0E6722314FBFE4938F393B877C1E94B7816CBDAD304294607F753A5F9F741BBA6799C22BBCF0EB7C97473544FAD7445B958B81733DE993244902348ADF237A4003E9F48D397F87E21BFAB4026C9E792D50B55C33959EEA841533C3CF2B5E051F484ABA5D10F228E8B89BD18C94A4A4145E695292E3C6EF23D9FA1942ABDE669ACF0F5BA508B330B3A5C306B2E76E51161F970837DE225905D265BDBD91C3448B57AB6FE8CF11A4DC5130C3C6928C979E9A5DE0337BEE0B22AF0F38D28F5F9FC7FEDAA5BE8BB08E2A75E5E03B75146A48420DFCB8FD2354290D7FC1BE3062BCC62EA92ADEA7871893EC439A8F57273ECB5F2F775DD387AD75F0B08697E17012C1663B2483DC910B9CB9DB30E2924A9E66B7C2B8B1F9BC9424D8D2E520B8CF7C839225572AD6660187617E406F51207D7F2ED868EF23B0305F0B58BA244DACE034B40C464AC97240449B0EC56A9FA703701CD97739B6E"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\hasplms.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-11-02  15:09:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-11-02 14:09
.
Vor Suchlauf: 24 Verzeichnis(se), 446.794.178.560 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 446.145.413.120 Bytes frei
.
- - End Of File - - 10687A80E864BEFE02EE0EC6B2B09F83
         
--- --- ---

Alt 02.11.2012, 17:41   #7
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



bitte lass mal folgenes laufen:
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2012, 18:13   #8
Rosarabbit
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



18:02:27.0729 2392 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:02:27.0745 2392 ============================================================
18:02:27.0745 2392 Current date / time: 2012/11/02 18:02:27.0745
18:02:27.0745 2392 SystemInfo:
18:02:27.0745 2392
18:02:27.0745 2392 OS Version: 6.1.7601 ServicePack: 1.0
18:02:27.0745 2392 Product type: Workstation
18:02:27.0745 2392 ComputerName: SCHUBIDUBA-PC
18:02:27.0745 2392 UserName: Schubiduba
18:02:27.0745 2392 Windows directory: C:\Windows
18:02:27.0745 2392 System windows directory: C:\Windows
18:02:27.0745 2392 Running under WOW64
18:02:27.0745 2392 Processor architecture: Intel x64
18:02:27.0745 2392 Number of processors: 4
18:02:27.0745 2392 Page size: 0x1000
18:02:27.0745 2392 Boot type: Normal boot
18:02:27.0745 2392 ============================================================
18:02:29.0448 2392 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:02:29.0448 2392 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:02:29.0463 2392 ============================================================
18:02:29.0463 2392 \Device\Harddisk0\DR0:
18:02:29.0463 2392 MBR partitions:
18:02:29.0463 2392 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384800
18:02:29.0463 2392 \Device\Harddisk1\DR1:
18:02:29.0463 2392 MBR partitions:
18:02:29.0463 2392 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:02:29.0463 2392 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
18:02:29.0463 2392 ============================================================
18:02:29.0463 2392 C: <-> \Device\Harddisk1\DR1\Partition2
18:02:29.0463 2392 G: <-> \Device\Harddisk0\DR0\Partition1
18:02:29.0463 2392 ============================================================
18:02:29.0463 2392 Initialize success
18:02:29.0463 2392 ============================================================
18:02:36.0588 1440 ============================================================
18:02:36.0588 1440 Scan started
18:02:36.0588 1440 Mode: Manual; SigCheck; TDLFS;
18:02:36.0588 1440 ============================================================
18:02:36.0995 1440 ================ Scan system memory ========================
18:02:36.0995 1440 System memory - ok
18:02:36.0995 1440 ================ Scan services =============================
18:02:37.0088 1440 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:02:37.0151 1440 1394ohci - ok
18:02:37.0198 1440 [ 975474B3739A876B21BC85B6A9A872C4 ] 3xHybr64 C:\Windows\system32\DRIVERS\3xHybr64.sys
18:02:37.0260 1440 3xHybr64 - ok
18:02:37.0276 1440 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:02:37.0291 1440 ACPI - ok
18:02:37.0307 1440 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:02:37.0323 1440 AcpiPmi - ok
18:02:37.0463 1440 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:02:37.0479 1440 AdobeFlashPlayerUpdateSvc - ok
18:02:37.0510 1440 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
18:02:37.0541 1440 adp94xx - ok
18:02:37.0557 1440 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
18:02:37.0573 1440 adpahci - ok
18:02:37.0588 1440 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
18:02:37.0620 1440 adpu320 - ok
18:02:37.0651 1440 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:02:37.0698 1440 AeLookupSvc - ok
18:02:37.0713 1440 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:02:37.0729 1440 agp440 - ok
18:02:37.0776 1440 [ 44F360B65C37A42EB5B71C2E5179FDD5 ] aksdf C:\Windows\system32\drivers\aksdf.sys
18:02:37.0791 1440 aksdf - ok
18:02:37.0823 1440 [ BC61697103C9EFC3DBA83777CEA8E76B ] aksfridge C:\Windows\system32\drivers\aksfridge.sys
18:02:37.0838 1440 aksfridge - ok
18:02:37.0870 1440 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
18:02:37.0885 1440 ALG - ok
18:02:37.0901 1440 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
18:02:37.0916 1440 aliide - ok
18:02:37.0963 1440 [ B3B263B419FC9E7B1D41E61FDAE45BD9 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
18:02:37.0979 1440 AMD External Events Utility - ok
18:02:38.0010 1440 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
18:02:38.0026 1440 amdide - ok
18:02:38.0041 1440 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
18:02:38.0057 1440 AmdK8 - ok
18:02:38.0276 1440 [ 9A6E9363F7A5E5A06629D9DDC76EE6B5 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
18:02:38.0448 1440 amdkmdag - ok
18:02:38.0479 1440 [ 957A4C13E1981B1701E600EF1E823C68 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
18:02:38.0510 1440 amdkmdap - ok
18:02:38.0510 1440 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
18:02:38.0541 1440 AmdPPM - ok
18:02:38.0557 1440 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:02:38.0573 1440 amdsata - ok
18:02:38.0588 1440 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
18:02:38.0604 1440 amdsbs - ok
18:02:38.0620 1440 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:02:38.0635 1440 amdxata - ok
18:02:38.0682 1440 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
18:02:38.0713 1440 AppID - ok
18:02:38.0745 1440 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:02:38.0791 1440 AppIDSvc - ok
18:02:38.0838 1440 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
18:02:38.0885 1440 Appinfo - ok
18:02:38.0885 1440 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
18:02:38.0916 1440 AppMgmt - ok
18:02:38.0932 1440 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
18:02:38.0948 1440 arc - ok
18:02:38.0963 1440 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
18:02:38.0979 1440 arcsas - ok
18:02:38.0995 1440 ASAPIW2k - ok
18:02:39.0041 1440 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:02:39.0088 1440 AsyncMac - ok
18:02:39.0151 1440 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
18:02:39.0166 1440 atapi - ok
18:02:39.0213 1440 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
18:02:39.0229 1440 AtiHDAudioService - ok
18:02:39.0260 1440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:02:39.0323 1440 AudioEndpointBuilder - ok
18:02:39.0338 1440 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
18:02:39.0385 1440 AudioSrv - ok
18:02:39.0432 1440 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:02:39.0448 1440 AxInstSV - ok
18:02:39.0479 1440 [ 9F4320BA8E7CE2342517B182A2F2C0E6 ] azvusb C:\Windows\system32\DRIVERS\azvusb.sys
18:02:39.0495 1440 azvusb - ok
18:02:39.0526 1440 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
18:02:39.0541 1440 b06bdrv - ok
18:02:39.0573 1440 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
18:02:39.0588 1440 b57nd60a - ok
18:02:39.0604 1440 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
18:02:39.0635 1440 BDESVC - ok
18:02:39.0635 1440 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
18:02:39.0682 1440 Beep - ok
18:02:39.0745 1440 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
18:02:39.0807 1440 BFE - ok
18:02:39.0838 1440 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
18:02:39.0885 1440 BITS - ok
18:02:39.0901 1440 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:02:39.0916 1440 blbdrive - ok
18:02:39.0948 1440 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:02:39.0979 1440 bowser - ok
18:02:39.0979 1440 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:02:39.0995 1440 BrFiltLo - ok
18:02:40.0010 1440 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:02:40.0026 1440 BrFiltUp - ok
18:02:40.0057 1440 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
18:02:40.0104 1440 BridgeMP - ok
18:02:40.0135 1440 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
18:02:40.0166 1440 Browser - ok
18:02:40.0166 1440 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:02:40.0198 1440 Brserid - ok
18:02:40.0213 1440 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:02:40.0229 1440 BrSerWdm - ok
18:02:40.0260 1440 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:02:40.0276 1440 BrUsbMdm - ok
18:02:40.0291 1440 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:02:40.0307 1440 BrUsbSer - ok
18:02:40.0323 1440 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:02:40.0338 1440 BTHMODEM - ok
18:02:40.0354 1440 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
18:02:40.0401 1440 bthserv - ok
18:02:40.0416 1440 catchme - ok
18:02:40.0432 1440 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:02:40.0479 1440 cdfs - ok
18:02:40.0510 1440 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:02:40.0541 1440 cdrom - ok
18:02:40.0573 1440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
18:02:40.0620 1440 CertPropSvc - ok
18:02:40.0620 1440 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:02:40.0651 1440 circlass - ok
18:02:40.0682 1440 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
18:02:40.0713 1440 CLFS - ok
18:02:40.0807 1440 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:02:40.0823 1440 clr_optimization_v2.0.50727_32 - ok
18:02:40.0870 1440 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:02:40.0885 1440 clr_optimization_v2.0.50727_64 - ok
18:02:40.0948 1440 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:02:40.0963 1440 clr_optimization_v4.0.30319_32 - ok
18:02:41.0026 1440 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:02:41.0041 1440 clr_optimization_v4.0.30319_64 - ok
18:02:41.0057 1440 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:02:41.0073 1440 CmBatt - ok
18:02:41.0104 1440 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:02:41.0120 1440 cmdide - ok
18:02:41.0166 1440 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
18:02:41.0198 1440 CNG - ok
18:02:41.0213 1440 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:02:41.0229 1440 Compbatt - ok
18:02:41.0245 1440 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
18:02:41.0260 1440 CompositeBus - ok
18:02:41.0276 1440 COMSysApp - ok
18:02:41.0291 1440 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
18:02:41.0307 1440 crcdisk - ok
18:02:41.0385 1440 [ C0EAD9F8AB83D41FF07303C75589C2B8 ] Creative Audio Engine Licensing Service C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
18:02:41.0401 1440 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
18:02:41.0401 1440 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
18:02:41.0432 1440 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:02:41.0448 1440 CryptSvc - ok
18:02:41.0495 1440 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
18:02:41.0526 1440 CSC - ok
18:02:41.0557 1440 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
18:02:41.0588 1440 CscService - ok
18:02:41.0620 1440 [ B3B541B3B25ADB02D793C51953B22491 ] CT20XUT C:\Windows\system32\drivers\CT20XUT.SYS
18:02:41.0635 1440 CT20XUT - ok
18:02:41.0651 1440 [ B3B541B3B25ADB02D793C51953B22491 ] CT20XUT.SYS C:\Windows\System32\drivers\CT20XUT.SYS
18:02:41.0682 1440 CT20XUT.SYS - ok
18:02:41.0698 1440 [ F2E098F140B769AE62803E89230F11A9 ] ctac32k C:\Windows\system32\drivers\ctac32k.sys
18:02:41.0729 1440 ctac32k - ok
18:02:41.0760 1440 [ 5C315E9DABF63D9D12973585A6113066 ] ctaud2k C:\Windows\system32\drivers\ctaud2k.sys
18:02:41.0791 1440 ctaud2k - ok
18:02:41.0916 1440 [ CACB67BC2E73894ECBCBC4EAD2F02456 ] CTAudSvcService C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
18:02:41.0932 1440 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
18:02:41.0932 1440 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
18:02:41.0963 1440 [ 59D681564C6D5CD72890082925501BE9 ] CTEXFIFX C:\Windows\system32\drivers\CTEXFIFX.SYS
18:02:42.0010 1440 CTEXFIFX - ok
18:02:42.0057 1440 [ 59D681564C6D5CD72890082925501BE9 ] CTEXFIFX.SYS C:\Windows\System32\drivers\CTEXFIFX.SYS
18:02:42.0104 1440 CTEXFIFX.SYS - ok
18:02:42.0104 1440 [ D0EBCFF35FE9A4F9D3CA2FD6A38BEE56 ] CTHWIUT C:\Windows\system32\drivers\CTHWIUT.SYS
18:02:42.0135 1440 CTHWIUT - ok
18:02:42.0135 1440 [ D0EBCFF35FE9A4F9D3CA2FD6A38BEE56 ] CTHWIUT.SYS C:\Windows\System32\drivers\CTHWIUT.SYS
18:02:42.0151 1440 CTHWIUT.SYS - ok
18:02:42.0166 1440 [ EF305CAB6295B8A250A77A7FD5F9F113 ] ctprxy2k C:\Windows\system32\drivers\ctprxy2k.sys
18:02:42.0182 1440 ctprxy2k - ok
18:02:42.0198 1440 [ 01323C189318B92BB7781B911DE9D62B ] ctsfm2k C:\Windows\system32\drivers\ctsfm2k.sys
18:02:42.0229 1440 ctsfm2k - ok
18:02:42.0245 1440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:02:42.0307 1440 DcomLaunch - ok
18:02:42.0338 1440 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
18:02:42.0385 1440 defragsvc - ok
18:02:42.0416 1440 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:02:42.0463 1440 DfsC - ok
18:02:42.0526 1440 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
18:02:42.0573 1440 Dhcp - ok
18:02:42.0588 1440 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
18:02:42.0635 1440 discache - ok
18:02:42.0651 1440 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
18:02:42.0666 1440 Disk - ok
18:02:42.0698 1440 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:02:42.0713 1440 Dnscache - ok
18:02:42.0745 1440 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:02:42.0791 1440 dot3svc - ok
18:02:42.0838 1440 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
18:02:42.0885 1440 DPS - ok
18:02:42.0916 1440 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:02:42.0932 1440 drmkaud - ok
18:02:42.0963 1440 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:02:42.0995 1440 DXGKrnl - ok
18:02:43.0026 1440 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
18:02:43.0073 1440 EapHost - ok
18:02:43.0135 1440 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
18:02:43.0198 1440 ebdrv - ok
18:02:43.0245 1440 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
18:02:43.0260 1440 EFS - ok
18:02:43.0323 1440 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
18:02:43.0338 1440 ElbyCDIO - ok
18:02:43.0370 1440 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
18:02:43.0401 1440 elxstor - ok
18:02:43.0416 1440 [ 1B68C7DDD39811DF63FC04AF937BE91A ] emupia C:\Windows\system32\drivers\emupia2k.sys
18:02:43.0432 1440 emupia - ok
18:02:43.0448 1440 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:02:43.0463 1440 ErrDev - ok
18:02:43.0495 1440 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
18:02:43.0541 1440 EventSystem - ok
18:02:43.0557 1440 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
18:02:43.0604 1440 exfat - ok
18:02:43.0620 1440 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:02:43.0666 1440 fastfat - ok
18:02:43.0729 1440 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
18:02:43.0745 1440 Fax - ok
18:02:43.0760 1440 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:02:43.0776 1440 fdc - ok
18:02:43.0807 1440 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
18:02:43.0854 1440 fdPHost - ok
18:02:43.0870 1440 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
18:02:43.0916 1440 FDResPub - ok
18:02:43.0948 1440 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:02:43.0963 1440 FileInfo - ok
18:02:43.0995 1440 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:02:44.0041 1440 Filetrace - ok
18:02:44.0057 1440 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:02:44.0073 1440 flpydisk - ok
18:02:44.0104 1440 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:02:44.0135 1440 FltMgr - ok
18:02:44.0182 1440 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
18:02:44.0213 1440 FontCache - ok
18:02:44.0291 1440 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:02:44.0291 1440 FontCache3.0.0.0 - ok
18:02:44.0307 1440 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:02:44.0323 1440 FsDepends - ok
18:02:44.0354 1440 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:02:44.0385 1440 Fs_Rec - ok
18:02:44.0416 1440 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:02:44.0448 1440 fvevol - ok
18:02:44.0463 1440 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
18:02:44.0479 1440 gagp30kx - ok
18:02:44.0526 1440 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
18:02:44.0588 1440 gpsvc - ok
18:02:44.0651 1440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:02:44.0666 1440 gupdate - ok
18:02:44.0682 1440 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:02:44.0698 1440 gupdatem - ok
18:02:44.0729 1440 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
18:02:44.0745 1440 gusvc - ok
18:02:44.0791 1440 [ C1C61E83F44B105A4A131CB0C583174C ] ha20x2k C:\Windows\system32\drivers\ha20x2k.sys
18:02:44.0838 1440 ha20x2k - ok
18:02:44.0870 1440 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
18:02:44.0885 1440 hamachi - ok
18:02:44.0932 1440 [ D619BA1712B83D14149850E758B835AD ] hardlock C:\Windows\system32\drivers\hardlock.sys
18:02:44.0948 1440 hardlock - ok
18:02:44.0963 1440 hasplms - ok
18:02:44.0979 1440 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:02:44.0995 1440 hcw85cir - ok
18:02:45.0026 1440 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:02:45.0041 1440 HdAudAddService - ok
18:02:45.0104 1440 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
18:02:45.0120 1440 HDAudBus - ok
18:02:45.0135 1440 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
18:02:45.0151 1440 HidBatt - ok
18:02:45.0166 1440 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
18:02:45.0182 1440 HidBth - ok
18:02:45.0198 1440 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:02:45.0229 1440 HidIr - ok
18:02:45.0260 1440 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
18:02:45.0307 1440 hidserv - ok
18:02:45.0323 1440 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:02:45.0354 1440 HidUsb - ok
18:02:45.0385 1440 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:02:45.0432 1440 hkmsvc - ok
18:02:45.0463 1440 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:02:45.0495 1440 HomeGroupListener - ok
18:02:45.0510 1440 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:02:45.0541 1440 HomeGroupProvider - ok
18:02:45.0541 1440 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:02:45.0573 1440 HpSAMD - ok
18:02:45.0620 1440 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:02:45.0666 1440 HTTP - ok
18:02:45.0713 1440 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:02:45.0729 1440 hwpolicy - ok
18:02:45.0760 1440 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
18:02:45.0776 1440 i8042prt - ok
18:02:45.0791 1440 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:02:45.0823 1440 iaStorV - ok
18:02:45.0870 1440 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:02:45.0901 1440 idsvc - ok
18:02:46.0010 1440 [ AC9EBDE25DB39A35E1CEB0441BA7A464 ] IGDCTRL C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
18:02:46.0026 1440 IGDCTRL - ok
18:02:46.0041 1440 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
18:02:46.0057 1440 iirsp - ok
18:02:46.0088 1440 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
18:02:46.0151 1440 IKEEXT - ok
18:02:46.0166 1440 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
18:02:46.0182 1440 intelide - ok
18:02:46.0198 1440 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:02:46.0229 1440 intelppm - ok
18:02:46.0245 1440 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:02:46.0291 1440 IPBusEnum - ok
18:02:46.0323 1440 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:02:46.0385 1440 IpFilterDriver - ok
18:02:46.0416 1440 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:02:46.0479 1440 iphlpsvc - ok
18:02:46.0495 1440 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:02:46.0510 1440 IPMIDRV - ok
18:02:46.0526 1440 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:02:46.0573 1440 IPNAT - ok
18:02:46.0588 1440 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:02:46.0620 1440 IRENUM - ok
18:02:46.0635 1440 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:02:46.0651 1440 isapnp - ok
18:02:46.0666 1440 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:02:46.0682 1440 iScsiPrt - ok
18:02:46.0713 1440 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:02:46.0729 1440 kbdclass - ok
18:02:46.0760 1440 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:02:46.0776 1440 kbdhid - ok
18:02:46.0776 1440 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
18:02:46.0791 1440 KeyIso - ok
18:02:46.0838 1440 KMService - ok
18:02:46.0870 1440 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:02:46.0885 1440 KSecDD - ok
18:02:46.0916 1440 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:02:46.0948 1440 KSecPkg - ok
18:02:46.0963 1440 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
18:02:47.0010 1440 ksthunk - ok
18:02:47.0026 1440 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
18:02:47.0073 1440 KtmRm - ok
18:02:47.0104 1440 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
18:02:47.0151 1440 LanmanServer - ok
18:02:47.0182 1440 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:02:47.0245 1440 LanmanWorkstation - ok
18:02:47.0354 1440 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
18:02:47.0370 1440 LBTServ - ok
18:02:47.0416 1440 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
18:02:47.0432 1440 LGBusEnum - ok
18:02:47.0463 1440 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
18:02:47.0479 1440 LGVirHid - ok
18:02:47.0510 1440 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys
18:02:47.0526 1440 LHidFilt - ok
18:02:47.0557 1440 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:02:47.0604 1440 lltdio - ok
18:02:47.0620 1440 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:02:47.0666 1440 lltdsvc - ok
18:02:47.0682 1440 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:02:47.0729 1440 lmhosts - ok
18:02:47.0760 1440 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys
18:02:47.0776 1440 LMouFilt - ok
18:02:47.0807 1440 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
18:02:47.0823 1440 LSI_FC - ok
18:02:47.0854 1440 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
18:02:47.0870 1440 LSI_SAS - ok
18:02:47.0885 1440 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:02:47.0901 1440 LSI_SAS2 - ok
18:02:47.0916 1440 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:02:47.0932 1440 LSI_SCSI - ok
18:02:47.0963 1440 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
18:02:48.0010 1440 luafv - ok
18:02:48.0026 1440 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys
18:02:48.0041 1440 LUsbFilt - ok
18:02:48.0104 1440 [ 024DA28053D57E9E32BEE52600576BBB ] MarvinBus C:\Windows\system32\DRIVERS\MarvinBus64.sys
18:02:48.0104 1440 MarvinBus ( UnsignedFile.Multi.Generic ) - warning
18:02:48.0104 1440 MarvinBus - detected UnsignedFile.Multi.Generic (1)
18:02:48.0120 1440 massfilter - ok
18:02:48.0151 1440 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:02:48.0182 1440 MBAMProtector - ok
18:02:48.0229 1440 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:02:48.0260 1440 MBAMScheduler - ok
18:02:48.0276 1440 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
18:02:48.0291 1440 MBAMService - ok
18:02:48.0323 1440 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
18:02:48.0338 1440 megasas - ok
18:02:48.0354 1440 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
18:02:48.0370 1440 MegaSR - ok
18:02:48.0401 1440 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
18:02:48.0448 1440 MMCSS - ok
18:02:48.0463 1440 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
18:02:48.0510 1440 Modem - ok
18:02:48.0557 1440 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:02:48.0573 1440 monitor - ok
18:02:48.0604 1440 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:02:48.0620 1440 mouclass - ok
18:02:48.0651 1440 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:02:48.0666 1440 mouhid - ok
18:02:48.0682 1440 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:02:48.0698 1440 mountmgr - ok
18:02:48.0791 1440 [ DAE3C509F33059BC4D48A8925F476FB4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:02:48.0807 1440 MozillaMaintenance - ok
18:02:48.0838 1440 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:02:48.0870 1440 MpFilter - ok
18:02:48.0885 1440 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
18:02:48.0901 1440 mpio - ok
18:02:48.0916 1440 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:02:48.0963 1440 mpsdrv - ok
18:02:48.0995 1440 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:02:49.0057 1440 MpsSvc - ok
18:02:49.0073 1440 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:02:49.0104 1440 MRxDAV - ok
18:02:49.0120 1440 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:02:49.0135 1440 mrxsmb - ok
18:02:49.0151 1440 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:02:49.0182 1440 mrxsmb10 - ok
18:02:49.0198 1440 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:02:49.0213 1440 mrxsmb20 - ok
18:02:49.0229 1440 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
18:02:49.0245 1440 msahci - ok
18:02:49.0260 1440 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:02:49.0276 1440 msdsm - ok
18:02:49.0291 1440 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
18:02:49.0323 1440 MSDTC - ok
18:02:49.0323 1440 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:02:49.0370 1440 Msfs - ok
18:02:49.0385 1440 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:02:49.0432 1440 mshidkmdf - ok
18:02:49.0448 1440 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:02:49.0463 1440 msisadrv - ok
18:02:49.0479 1440 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:02:49.0541 1440 MSiSCSI - ok
18:02:49.0541 1440 msiserver - ok
18:02:49.0557 1440 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:02:49.0604 1440 MSKSSRV - ok
18:02:49.0666 1440 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:02:49.0698 1440 MsMpSvc - ok
18:02:49.0729 1440 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:02:49.0776 1440 MSPCLOCK - ok
18:02:49.0791 1440 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:02:49.0838 1440 MSPQM - ok
18:02:49.0854 1440 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:02:49.0870 1440 MsRPC - ok
18:02:49.0901 1440 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
18:02:49.0916 1440 mssmbios - ok
18:02:49.0932 1440 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:02:49.0979 1440 MSTEE - ok
18:02:49.0995 1440 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
18:02:50.0010 1440 MTConfig - ok
18:02:50.0026 1440 [ 03B7145C889603537E9FFEABB1AD1089 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
18:02:50.0041 1440 MTsensor - ok
18:02:50.0057 1440 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
18:02:50.0073 1440 Mup - ok
18:02:50.0104 1440 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
18:02:50.0151 1440 napagent - ok
18:02:50.0182 1440 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:02:50.0213 1440 NativeWifiP - ok
18:02:50.0260 1440 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:02:50.0291 1440 NDIS - ok
18:02:50.0307 1440 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:02:50.0354 1440 NdisCap - ok
18:02:50.0385 1440 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:02:50.0432 1440 NdisTapi - ok
18:02:50.0463 1440 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:02:50.0510 1440 Ndisuio - ok
18:02:50.0526 1440 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:02:50.0573 1440 NdisWan - ok
18:02:50.0620 1440 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:02:50.0666 1440 NDProxy - ok
18:02:50.0682 1440 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:02:50.0729 1440 NetBIOS - ok
18:02:50.0745 1440 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:02:50.0791 1440 NetBT - ok
18:02:50.0823 1440 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
18:02:50.0838 1440 Netlogon - ok
18:02:50.0885 1440 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
18:02:50.0948 1440 Netman - ok
18:02:50.0995 1440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:51.0010 1440 NetMsmqActivator - ok
18:02:51.0010 1440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:51.0026 1440 NetPipeActivator - ok
18:02:51.0041 1440 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
18:02:51.0104 1440 netprofm - ok
18:02:51.0120 1440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:51.0135 1440 NetTcpActivator - ok
18:02:51.0135 1440 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:02:51.0151 1440 NetTcpPortSharing - ok
18:02:51.0182 1440 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
18:02:51.0198 1440 nfrd960 - ok
18:02:51.0245 1440 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:02:51.0260 1440 NisDrv - ok
18:02:51.0291 1440 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:02:51.0307 1440 NisSrv - ok
18:02:51.0338 1440 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:02:51.0385 1440 NlaSvc - ok
18:02:51.0416 1440 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:02:51.0463 1440 Npfs - ok
18:02:51.0495 1440 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
18:02:51.0541 1440 nsi - ok
18:02:51.0557 1440 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:02:51.0604 1440 nsiproxy - ok
18:02:51.0651 1440 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:02:51.0698 1440 Ntfs - ok
18:02:51.0713 1440 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
18:02:51.0760 1440 Null - ok
18:02:51.0807 1440 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
18:02:51.0823 1440 NVENETFD - ok
18:02:51.0854 1440 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:02:51.0870 1440 nvraid - ok
18:02:51.0885 1440 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:02:51.0901 1440 nvstor - ok
18:02:51.0916 1440 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:02:51.0948 1440 nv_agp - ok
18:02:51.0979 1440 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:02:51.0995 1440 ohci1394 - ok
18:02:52.0026 1440 [ EB8724534CEE0977EAC4878812682F6B ] ossrv C:\Windows\system32\drivers\ctoss2k.sys
18:02:52.0041 1440 ossrv - ok
18:02:52.0088 1440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:02:52.0104 1440 p2pimsvc - ok
18:02:52.0135 1440 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
18:02:52.0166 1440 p2psvc - ok
18:02:52.0198 1440 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
18:02:52.0213 1440 Parport - ok
18:02:52.0245 1440 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:02:52.0260 1440 partmgr - ok
18:02:52.0354 1440 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:02:52.0385 1440 PcaSvc - ok
18:02:52.0385 1440 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
18:02:52.0401 1440 pci - ok
18:02:52.0416 1440 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
18:02:52.0432 1440 pciide - ok
18:02:52.0448 1440 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
18:02:52.0463 1440 pcmcia - ok
18:02:52.0479 1440 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
18:02:52.0495 1440 pcw - ok
18:02:52.0510 1440 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:02:52.0573 1440 PEAUTH - ok
18:02:52.0604 1440 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
18:02:52.0635 1440 PeerDistSvc - ok
18:02:52.0713 1440 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
18:02:52.0729 1440 PerfHost - ok
18:02:52.0791 1440 [ 1E81496AFF9D7FA2B4C4032B746DE5B9 ] Ph3xIB64 C:\Windows\system32\DRIVERS\Ph3xIB64.sys
18:02:52.0838 1440 Ph3xIB64 - ok
18:02:52.0885 1440 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
18:02:52.0948 1440 pla - ok
18:02:52.0995 1440 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:02:53.0010 1440 PlugPlay - ok
18:02:53.0026 1440 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:02:53.0041 1440 PNRPAutoReg - ok
18:02:53.0073 1440 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:02:53.0088 1440 PNRPsvc - ok
18:02:53.0120 1440 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:02:53.0166 1440 PolicyAgent - ok
18:02:53.0198 1440 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
18:02:53.0260 1440 Power - ok
18:02:53.0291 1440 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:02:53.0338 1440 PptpMiniport - ok
18:02:53.0354 1440 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
18:02:53.0370 1440 Processor - ok
18:02:53.0401 1440 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
18:02:53.0416 1440 ProfSvc - ok
18:02:53.0432 1440 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:02:53.0448 1440 ProtectedStorage - ok
18:02:53.0495 1440 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:02:53.0541 1440 Psched - ok
18:02:53.0620 1440 [ 788CB65D49D1162C5EE6814AFE5B0A70 ] PSI_SVC_2_x64 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
18:02:53.0635 1440 PSI_SVC_2_x64 - ok
18:02:53.0666 1440 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
18:02:53.0713 1440 ql2300 - ok
18:02:53.0729 1440 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
18:02:53.0745 1440 ql40xx - ok
18:02:53.0791 1440 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
18:02:53.0823 1440 QWAVE - ok
18:02:53.0838 1440 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:02:53.0854 1440 QWAVEdrv - ok
18:02:53.0870 1440 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:02:53.0916 1440 RasAcd - ok
18:02:53.0948 1440 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:02:53.0995 1440 RasAgileVpn - ok
18:02:54.0026 1440 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
18:02:54.0073 1440 RasAuto - ok
18:02:54.0104 1440 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:02:54.0151 1440 Rasl2tp - ok
18:02:54.0198 1440 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
18:02:54.0245 1440 RasMan - ok
18:02:54.0260 1440 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:02:54.0307 1440 RasPppoe - ok
18:02:54.0323 1440 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:02:54.0370 1440 RasSstp - ok
18:02:54.0385 1440 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:02:54.0432 1440 rdbss - ok
18:02:54.0463 1440 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
18:02:54.0479 1440 rdpbus - ok
18:02:54.0495 1440 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:02:54.0541 1440 RDPCDD - ok
18:02:54.0573 1440 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
18:02:54.0604 1440 RDPDR - ok
18:02:54.0620 1440 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:02:54.0666 1440 RDPENCDD - ok
18:02:54.0682 1440 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:02:54.0729 1440 RDPREFMP - ok
18:02:54.0776 1440 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:02:54.0791 1440 RDPWD - ok
18:02:54.0838 1440 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:02:54.0854 1440 rdyboost - ok
18:02:54.0885 1440 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:02:54.0932 1440 RemoteAccess - ok
18:02:54.0948 1440 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:02:54.0995 1440 RemoteRegistry - ok
18:02:55.0010 1440 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:02:55.0057 1440 RpcEptMapper - ok
18:02:55.0088 1440 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
18:02:55.0104 1440 RpcLocator - ok
18:02:55.0151 1440 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
18:02:55.0198 1440 RpcSs - ok
18:02:55.0229 1440 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:02:55.0276 1440 rspndr - ok
18:02:55.0307 1440 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
18:02:55.0323 1440 s3cap - ok
18:02:55.0338 1440 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
18:02:55.0370 1440 SamSs - ok
18:02:55.0385 1440 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:02:55.0401 1440 sbp2port - ok
18:02:55.0432 1440 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:02:55.0479 1440 SCardSvr - ok
18:02:55.0510 1440 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:02:55.0557 1440 scfilter - ok
18:02:55.0604 1440 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
18:02:55.0666 1440 Schedule - ok
18:02:55.0698 1440 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:02:55.0745 1440 SCPolicySvc - ok
18:02:55.0776 1440 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:02:55.0791 1440 SDRSVC - ok
18:02:55.0838 1440 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
18:02:55.0885 1440 seclogon - ok
18:02:55.0901 1440 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
18:02:55.0948 1440 SENS - ok
18:02:55.0963 1440 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:02:55.0979 1440 SensrSvc - ok
18:02:55.0995 1440 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
18:02:56.0010 1440 Serenum - ok
18:02:56.0026 1440 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
18:02:56.0041 1440 Serial - ok
18:02:56.0057 1440 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
18:02:56.0073 1440 sermouse - ok
18:02:56.0120 1440 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
18:02:56.0166 1440 SessionEnv - ok
18:02:56.0198 1440 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:02:56.0213 1440 sffdisk - ok
18:02:56.0229 1440 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:02:56.0245 1440 sffp_mmc - ok
18:02:56.0245 1440 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:02:56.0260 1440 sffp_sd - ok
18:02:56.0291 1440 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:02:56.0307 1440 sfloppy - ok
18:02:56.0338 1440 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:02:56.0401 1440 SharedAccess - ok
18:02:56.0448 1440 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:02:56.0495 1440 ShellHWDetection - ok
18:02:56.0526 1440 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:02:56.0541 1440 SiSRaid2 - ok
18:02:56.0557 1440 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
18:02:56.0573 1440 SiSRaid4 - ok
18:02:56.0588 1440 [ 01ACB9228C303DE1FFF82B807D28B2B0 ] skfiltv C:\Windows\system32\drivers\skfiltv.sys
18:02:56.0604 1440 skfiltv - ok
18:02:56.0713 1440 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
18:02:56.0713 1440 SkypeUpdate - ok
18:02:56.0745 1440 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:02:56.0791 1440 Smb - ok
18:02:56.0823 1440 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:02:56.0838 1440 SNMPTRAP - ok
18:02:56.0854 1440 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
18:02:56.0870 1440 spldr - ok
18:02:56.0901 1440 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
18:02:56.0932 1440 Spooler - ok
18:02:57.0010 1440 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
18:02:57.0120 1440 sppsvc - ok
18:02:57.0120 1440 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:02:57.0166 1440 sppuinotify - ok
18:02:57.0182 1440 sptd - ok
18:02:57.0198 1440 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
18:02:57.0213 1440 srv - ok
18:02:57.0229 1440 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:02:57.0260 1440 srv2 - ok
18:02:57.0260 1440 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:02:57.0276 1440 srvnet - ok
18:02:57.0307 1440 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:02:57.0354 1440 SSDPSRV - ok
18:02:57.0370 1440 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:02:57.0416 1440 SstpSvc - ok
18:02:57.0432 1440 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
18:02:57.0448 1440 stexstor - ok
18:02:57.0479 1440 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
18:02:57.0510 1440 stisvc - ok
18:02:57.0526 1440 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
18:02:57.0541 1440 storflt - ok
18:02:57.0557 1440 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
18:02:57.0573 1440 StorSvc - ok
18:02:57.0588 1440 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
18:02:57.0604 1440 storvsc - ok
18:02:57.0620 1440 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
18:02:57.0635 1440 swenum - ok
18:02:57.0651 1440 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
18:02:57.0713 1440 swprv - ok
18:02:57.0760 1440 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
18:02:57.0807 1440 SysMain - ok
18:02:57.0823 1440 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:02:57.0854 1440 TabletInputService - ok
18:02:57.0870 1440 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:02:57.0916 1440 TapiSrv - ok
18:02:57.0932 1440 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
18:02:57.0979 1440 TBS - ok
18:02:58.0041 1440 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:02:58.0088 1440 Tcpip - ok
18:02:58.0182 1440 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:02:58.0229 1440 TCPIP6 - ok
18:02:58.0276 1440 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:02:58.0307 1440 tcpipreg - ok
18:02:58.0338 1440 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:02:58.0354 1440 TDPIPE - ok
18:02:58.0385 1440 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:02:58.0401 1440 TDTCP - ok
18:02:58.0448 1440 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:02:58.0495 1440 tdx - ok
18:02:58.0604 1440 [ 5E53CF8AD0FD33B35000C113656AB37B ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
18:02:58.0682 1440 TeamViewer7 - ok
18:02:58.0698 1440 [ F5520DBB47C60EE83024B38720ABDA24 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys
18:02:58.0713 1440 teamviewervpn - ok
18:02:58.0729 1440 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
18:02:58.0745 1440 TermDD - ok
18:02:58.0760 1440 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
18:02:58.0807 1440 TermService - ok
18:02:58.0838 1440 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
18:02:58.0854 1440 Themes - ok
18:02:58.0901 1440 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
18:02:58.0948 1440 THREADORDER - ok
18:02:58.0963 1440 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
18:02:59.0010 1440 TrkWks - ok
18:02:59.0088 1440 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:02:59.0135 1440 TrustedInstaller - ok
18:02:59.0166 1440 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:02:59.0213 1440 tssecsrv - ok
18:02:59.0260 1440 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:02:59.0276 1440 TsUsbFlt - ok
18:02:59.0338 1440 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:02:59.0385 1440 tunnel - ok
18:02:59.0401 1440 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
18:02:59.0416 1440 uagp35 - ok
18:02:59.0448 1440 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:02:59.0495 1440 udfs - ok
18:02:59.0526 1440 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:02:59.0541 1440 UI0Detect - ok
18:02:59.0573 1440 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:02:59.0588 1440 uliagpkx - ok
18:02:59.0620 1440 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:02:59.0651 1440 umbus - ok
18:02:59.0666 1440 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
18:02:59.0682 1440 UmPass - ok
18:02:59.0698 1440 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
18:02:59.0713 1440 UmRdpService - ok
18:02:59.0745 1440 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
18:02:59.0791 1440 upnphost - ok
18:02:59.0807 1440 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
18:02:59.0823 1440 usbaudio - ok
18:02:59.0854 1440 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:02:59.0870 1440 usbccgp - ok
18:02:59.0885 1440 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:02:59.0901 1440 usbcir - ok
18:02:59.0916 1440 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:02:59.0932 1440 usbehci - ok
18:02:59.0948 1440 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:02:59.0963 1440 usbhub - ok
18:02:59.0995 1440 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
18:03:00.0010 1440 usbohci - ok
18:03:00.0041 1440 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:03:00.0057 1440 usbprint - ok
18:03:00.0104 1440 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:03:00.0120 1440 usbscan - ok
18:03:00.0151 1440 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:03:00.0166 1440 USBSTOR - ok
18:03:00.0166 1440 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
18:03:00.0198 1440 usbuhci - ok
18:03:00.0213 1440 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
18:03:00.0260 1440 UxSms - ok
18:03:00.0260 1440 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
18:03:00.0276 1440 VaultSvc - ok
18:03:00.0323 1440 [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone C:\Windows\system32\DRIVERS\VClone.sys
18:03:00.0354 1440 VClone - ok
18:03:00.0370 1440 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:03:00.0385 1440 vdrvroot - ok
18:03:00.0432 1440 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
18:03:00.0479 1440 vds - ok
18:03:00.0495 1440 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:03:00.0510 1440 vga - ok
18:03:00.0526 1440 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
18:03:00.0573 1440 VgaSave - ok
18:03:00.0588 1440 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:03:00.0604 1440 vhdmp - ok
18:03:00.0620 1440 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
18:03:00.0635 1440 viaide - ok
18:03:00.0651 1440 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
18:03:00.0666 1440 vmbus - ok
18:03:00.0698 1440 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
18:03:00.0713 1440 VMBusHID - ok
18:03:00.0713 1440 vmci - ok
18:03:00.0729 1440 VMnetAdapter - ok
18:03:00.0729 1440 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:03:00.0745 1440 volmgr - ok
18:03:00.0776 1440 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:03:00.0791 1440 volmgrx - ok
18:03:00.0807 1440 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:03:00.0823 1440 volsnap - ok
18:03:00.0885 1440 [ ABD9B4A7E2D0AE51A3B8DF1AF3152D61 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
18:03:00.0901 1440 vpcbus - ok
18:03:00.0932 1440 [ 8ACDA395841538CE9713A67FE8B2A3EB ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
18:03:00.0948 1440 vpcnfltr - ok
18:03:00.0979 1440 [ 31924E31BC315773E6D149B157DB46D5 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
18:03:00.0995 1440 vpcusb - ok
18:03:01.0041 1440 [ 510D250A08C09850F5C78CA2011B3B62 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
18:03:01.0073 1440 vpcvmm - ok
18:03:01.0088 1440 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
18:03:01.0104 1440 vsmraid - ok
18:03:01.0166 1440 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
18:03:01.0245 1440 VSS - ok
18:03:01.0260 1440 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
18:03:01.0276 1440 vwifibus - ok
18:03:01.0323 1440 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
18:03:01.0385 1440 W32Time - ok
18:03:01.0401 1440 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
18:03:01.0416 1440 WacomPen - ok
18:03:01.0448 1440 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:03:01.0479 1440 WANARP - ok
18:03:01.0495 1440 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:03:01.0541 1440 Wanarpv6 - ok
18:03:01.0604 1440 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:03:01.0635 1440 WatAdminSvc - ok
18:03:01.0698 1440 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
18:03:01.0729 1440 wbengine - ok
18:03:01.0760 1440 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:03:01.0776 1440 WbioSrvc - ok
18:03:01.0807 1440 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:03:01.0838 1440 wcncsvc - ok
18:03:01.0838 1440 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:03:01.0870 1440 WcsPlugInService - ok
18:03:01.0870 1440 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
18:03:01.0885 1440 Wd - ok
18:03:01.0901 1440 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:03:01.0932 1440 Wdf01000 - ok
18:03:01.0948 1440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:03:01.0979 1440 WdiServiceHost - ok
18:03:01.0979 1440 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:03:02.0010 1440 WdiSystemHost - ok
18:03:02.0041 1440 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
18:03:02.0073 1440 WebClient - ok
18:03:02.0088 1440 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:03:02.0135 1440 Wecsvc - ok
18:03:02.0166 1440 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:03:02.0213 1440 wercplsupport - ok
18:03:02.0229 1440 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
18:03:02.0276 1440 WerSvc - ok
18:03:02.0307 1440 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:03:02.0354 1440 WfpLwf - ok
18:03:02.0354 1440 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:03:02.0370 1440 WIMMount - ok
18:03:02.0385 1440 WinDefend - ok
18:03:02.0401 1440 WinHttpAutoProxySvc - ok
18:03:02.0448 1440 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:03:02.0495 1440 Winmgmt - ok
18:03:02.0541 1440 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
18:03:02.0620 1440 WinRM - ok
18:03:02.0682 1440 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
18:03:02.0698 1440 WinUsb - ok
18:03:02.0729 1440 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
18:03:02.0760 1440 Wlansvc - ok
18:03:02.0791 1440 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
18:03:02.0807 1440 WmiAcpi - ok
18:03:02.0823 1440 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:03:02.0838 1440 wmiApSrv - ok
18:03:02.0870 1440 WMPNetworkSvc - ok
18:03:02.0901 1440 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:03:02.0916 1440 WPCSvc - ok
18:03:02.0932 1440 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:03:02.0948 1440 WPDBusEnum - ok
18:03:03.0010 1440 [ 42B7E1AA0C7EC54652A50585793F1885 ] WS2IFSL C:\Windows\System32\drivers\ws2ifsl.sys
18:03:03.0026 1440 WS2IFSL - ok
18:03:03.0041 1440 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
18:03:03.0073 1440 wscsvc - ok
18:03:03.0073 1440 WSearch - ok
18:03:03.0151 1440 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
18:03:03.0213 1440 wuauserv - ok
18:03:03.0229 1440 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:03:03.0276 1440 WudfPf - ok
18:03:03.0323 1440 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:03:03.0370 1440 WUDFRd - ok
18:03:03.0385 1440 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:03:03.0432 1440 wudfsvc - ok
18:03:03.0463 1440 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
18:03:03.0479 1440 WwanSvc - ok
18:03:03.0510 1440 ZTEusbmdm6k - ok
18:03:03.0510 1440 ZTEusbnmea - ok
18:03:03.0541 1440 ZTEusbser6k - ok
18:03:03.0557 1440 ================ Scan global ===============================
18:03:03.0588 1440 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
18:03:03.0635 1440 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:03:03.0635 1440 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
18:03:03.0666 1440 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
18:03:03.0713 1440 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
18:03:03.0713 1440 [Global] - ok
18:03:03.0713 1440 ================ Scan MBR ==================================
18:03:03.0729 1440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:03:03.0760 1440 \Device\Harddisk0\DR0 - ok
18:03:03.0791 1440 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
18:03:03.0979 1440 \Device\Harddisk1\DR1 - ok
18:03:03.0979 1440 ================ Scan VBR ==================================
18:03:03.0995 1440 [ BF95EE9B4264E8F12231D6170DD8D305 ] \Device\Harddisk0\DR0\Partition1
18:03:03.0995 1440 \Device\Harddisk0\DR0\Partition1 - ok
18:03:03.0995 1440 [ 74B50656241D2EF62E6F6B792438BD70 ] \Device\Harddisk1\DR1\Partition1
18:03:03.0995 1440 \Device\Harddisk1\DR1\Partition1 - ok
18:03:04.0010 1440 [ C73A21214D7F83C5077CF348E7C67501 ] \Device\Harddisk1\DR1\Partition2
18:03:04.0010 1440 \Device\Harddisk1\DR1\Partition2 - ok
18:03:04.0010 1440 ============================================================
18:03:04.0010 1440 Scan finished
18:03:04.0010 1440 ============================================================
18:03:04.0026 2508 Detected object count: 3
18:03:04.0026 2508 Actual detected object count: 3
18:04:14.0010 2508 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:14.0010 2508 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:14.0026 2508 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:14.0026 2508 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
18:04:14.0026 2508 MarvinBus ( UnsignedFile.Multi.Generic ) - skipped by user
18:04:14.0026 2508 MarvinBus ( UnsignedFile.Multi.Generic ) - User select action: Skip

Alt 02.11.2012, 18:19   #9
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



lies mal aus combofix
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
6. manuelle wiederherstellung der inet verbindung, falls dein internet noch nicht läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2012, 19:08   #10
Rosarabbit
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



Bekomme keine INet-Verbindung hin und keine Neue eingerichtet.
Unter "Eigenschaften von Internet" ist kein Verbindungseintrag mehr vorhanden.
Nach Anlegen einer Neuen Verbindung kommt eine Fehlermeldung: "Fehler bei der Verbindung, Fehler 651". Habe Box resettet u. v. m. Jetzt hab ich keine Idee mehr, wie ich eine neue Verbindung hinbekommen kann.

Ergänzung: Provider teilte mir gerade mit, das in meinem Bereich eine Störung des INet besteht. Damit ist die Ursache erst mal gefunden.

Geändert von Rosarabbit (02.11.2012 um 19:18 Uhr)

Alt 02.11.2012, 19:17   #11
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



erst mal ne frage, ist das der einzige pc über den du auf amazon zugegriffen hast?
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 02.11.2012, 19:25   #12
Rosarabbit
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



Ja, im Mom schreibe ich auf einem ganz alten Laptop.

Alt 02.11.2012, 20:05   #13
markusg
/// Malware-holic
 
Amazon-Konto gehackt, Passwort geändert - Standard

Amazon-Konto gehackt, Passwort geändert



hmm
das problem ist, wir können durch die logs nicht 100 %ig sicher ausschließen, dass malware auf dem pc ist, bzw gewesen ist.
wenn du mit dem teil einkaufst, wäre daher ein neu aufsetzen + vernünftig absichern günstiger.
ich würde dich durch alles hindurch führen.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Amazon-Konto gehackt, Passwort geändert
amazonkonto gehäckt, antworten, aufgegeben, einloggen, em pc entfernen, emails, entfernen, gehackt, geändert, hallo zusammen, identifizierung, konto, meldet, microsoft, passwort, passwort geändert, pum.userwload, schließen, schutz, security, sicherheitslücke, trojan.agent, windows, woche, änderung



Ähnliche Themen: Amazon-Konto gehackt, Passwort geändert


  1. Amazon Konto gehackt, Schädlinge PUP.OPTIONAL.MetacrawlerBAR.A + PUP.OPTIONAL.Crossrider.A gefunden
    Log-Analyse und Auswertung - 16.07.2015 (13)
  2. Amazon-Konto: Jemand hat mein Passwort geändert & Gutscheine bestellt
    Alles rund um Mac OSX & Linux - 12.01.2015 (5)
  3. Battle.net Passwort wurde durch dritte geändert
    Log-Analyse und Auswertung - 17.08.2014 (4)
  4. Internet Game, Passwort wird immer geändert
    Log-Analyse und Auswertung - 23.10.2013 (17)
  5. Amazon-Konto geknackt
    Log-Analyse und Auswertung - 17.10.2013 (19)
  6. Amazon-Konto gehackt! Ist mein PC infiziert?
    Log-Analyse und Auswertung - 10.04.2013 (1)
  7. Admin Passwort wurde geändert
    Plagegeister aller Art und deren Bekämpfung - 18.10.2012 (3)
  8. Spammails von meinem GMX-Account gesendet, Passwort von fremder Hand geändert
    Log-Analyse und Auswertung - 08.08.2012 (15)
  9. PayPal Phishing Mail -> Passwort geändert Frage zu weitere Folgen
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  10. mein computer passwort wurde geändert....
    Plagegeister aller Art und deren Bekämpfung - 18.01.2011 (2)
  11. Passwort geändert - besorgt
    Log-Analyse und Auswertung - 03.02.2010 (0)
  12. kein login nach dropper.gen mehr möglich, hat er mein Passwort geändert?
    Plagegeister aller Art und deren Bekämpfung - 12.12.2009 (1)
  13. Router passwort geändert
    Netzwerk und Hardware - 19.05.2009 (3)
  14. ICQ-Passwort geändert - Trojaner?
    Log-Analyse und Auswertung - 29.07.2008 (1)
  15. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
  16. E-Mail passwort geändert
    Alles rund um Windows - 20.11.2007 (1)
  17. Kein Zugriff auf XP-Passwort geändert-HILFE!!!
    Plagegeister aller Art und deren Bekämpfung - 19.02.2006 (2)

Zum Thema Amazon-Konto gehackt, Passwort geändert - Hallo zusammen, Gratulation und Dank an die Betreiber dieser Site. Wie bereits im Betreff genannt, wurde mein Amazonkonto gehackt. Ausgerechnet in einer Woche, in der ich meine EMails nicht kontrollierte. - Amazon-Konto gehackt, Passwort geändert...
Archiv
Du betrachtest: Amazon-Konto gehackt, Passwort geändert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.