Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Win64/Patched.A und Luhe.Sirefef.A gefunden (https://www.trojaner-board.de/129876-win64-patched-a-luhe-sirefef-a-gefunden.html)

Illunia 21.01.2013 12:06
Win64/Patched.A und Luhe.Sirefef.A gefunden
 
Obige Infektionen wurden bei mir gefunden, Services.exe infiziert.

Ist es möglich, die Infektionen ohne Neuinstallation zu beheben?

Hier der Log von OTL

Code:
OTL logfile created on: 21.01.2013 11:43:36 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = D:\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,97 Gb Total Physical Memory | 4,85 Gb Available Physical Memory | 60,90% Memory free
15,94 Gb Paging File | 12,40 Gb Available in Paging File | 77,82% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 22,97 Gb Free Space | 19,28% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 604,35 Gb Free Space | 64,88% Space Free | Partition Type: NTFS
Drive F: | 3,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 292,97 Gb Total Space | 55,09 Gb Free Space | 18,81% Space Free | Partition Type: NTFS
Drive J: | 1863,01 Gb Total Space | 1212,05 Gb Free Space | 65,06% Space Free | Partition Type: NTFS
Drive M: | 443,23 Gb Total Space | 110,08 Gb Free Space | 24,84% Space Free | Partition Type: NTFS
Drive Z: | 195,31 Gb Total Space | 146,20 Gb Free Space | 74,86% Space Free | Partition Type: NTFS
 
Computer Name: MICHA-PC | User Name: Micha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.21 11:27:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013.01.08 20:08:44 | 000,389,168 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2013.01.08 01:06:24 | 001,248,360 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.01.04 14:46:24 | 001,973,384 | ---- | M] (Micro-Star International) -- C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012.12.04 17:01:46 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.03 06:41:36 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.11.24 23:36:13 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Micha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.11.24 16:00:37 | 000,516,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.11.12 11:45:18 | 000,309,688 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.11.12 11:45:14 | 000,968,120 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.11.01 13:16:42 | 000,577,536 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
PRC - [2012.10.31 07:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.08.30 14:47:32 | 002,369,720 | ---- | M] (Beepa P/L) -- C:\Fraps\fraps.exe
PRC - [2012.08.30 12:48:06 | 001,507,328 | ---- | M] (Samsung Electronics.) -- C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe
PRC - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2012.08.15 15:18:06 | 000,104,088 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2012.04.26 13:33:16 | 002,743,104 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012.02.15 17:05:26 | 000,014,848 | ---- | M] () -- C:\Programme\COMPUTERBILD-Cloud\Data\Tools\mounter.exe
PRC - [2012.01.12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012.01.12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012.01.12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012.01.12 13:58:47 | 000,371,256 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012.01.02 03:21:22 | 000,501,544 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.17 09:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.08.04 14:44:24 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.09 21:52:09 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7f6c86879d27a285cc97c12d59424dd0\System.ServiceProcess.ni.dll
MOD - [2013.01.09 21:52:04 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\07753c0a8ed7f9bc61b0ee718f3c779d\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 21:51:50 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\40c7a89fe2cbf3c12a2c39e034da54cf\System.Xaml.ni.dll
MOD - [2013.01.09 21:44:05 | 005,459,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa022967bdd1030211f9cadcab797520\System.Xml.ni.dll
MOD - [2013.01.09 21:28:38 | 001,065,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d602f7a5bbd392dddbc07c2f5f083a11\System.Management.ni.dll
MOD - [2013.01.09 07:38:55 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 07:37:20 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013.01.09 07:37:20 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.01.09 07:37:07 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 03:05:49 | 018,022,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b8e60f81fd56934c9f9da7b15bee3376\PresentationFramework.ni.dll
MOD - [2013.01.09 03:05:42 | 011,522,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\932901ff0ad5e365ffbe705d7459a37e\PresentationCore.ni.dll
MOD - [2013.01.09 03:05:38 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b519f42484e1d488662a9a8a87cb8849\System.Core.ni.dll
MOD - [2013.01.09 03:05:37 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\fc476bbac36944e352c2f547352ffa64\System.Xml.ni.dll
MOD - [2013.01.09 03:05:36 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8abaedf6aecb073b22f8801aa0b8babf\WindowsBase.ni.dll
MOD - [2013.01.09 03:05:35 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\7cd4aa51f6e6b9330b8f50bba8bb62c6\System.Configuration.ni.dll
MOD - [2013.01.09 03:05:34 | 009,095,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\f93dca0e4baa1dcb37cf75392b7c89da\System.ni.dll
MOD - [2013.01.09 03:05:31 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013.01.09 03:02:31 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2013.01.09 03:02:31 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013.01.09 03:02:31 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2013.01.08 20:08:44 | 002,242,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2013.01.08 20:08:44 | 000,158,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2013.01.08 20:08:44 | 000,022,576 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2013.01.08 01:06:22 | 000,460,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
MOD - [2013.01.08 01:06:19 | 004,012,648 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
MOD - [2013.01.08 01:05:29 | 000,598,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libglesv2.dll
MOD - [2013.01.08 01:05:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\libegl.dll
MOD - [2013.01.08 01:05:25 | 001,553,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ffmpegsumo.dll
MOD - [2012.12.25 03:58:13 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.12.12 20:30:10 | 000,070,536 | ---- | M] () -- C:\Programme\TortoiseSVN\bin\libsasl32.dll
MOD - [2012.12.03 06:41:36 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012.10.31 07:35:36 | 000,311,808 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2012.05.16 20:24:04 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Pro\MSIMG32.dll
MOD - [2012.04.26 13:33:16 | 002,743,104 | ---- | M] () -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
MOD - [2012.04.25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtScript4.dll
MOD - [2012.04.25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtGui4.dll
MOD - [2012.04.25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtNetwork4.dll
MOD - [2012.04.25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtSql4.dll
MOD - [2012.04.25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtDeclarative4.dll
MOD - [2012.04.25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\QtCore4.dll
MOD - [2012.02.11 00:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.02.11 00:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.11 00:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2012.01.12 13:55:29 | 000,075,048 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\subsys\DLNA\DMS\_PyDMSCtrl.pyd
MOD - [2012.01.02 03:21:17 | 000,374,056 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.08.24 03:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011.08.24 03:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd
MOD - [2011.08.24 03:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
MOD - [2011.04.12 08:43:19 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2010.11.21 04:25:01 | 000,667,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core\3.5.0.0__b77a5c561934e089\System.Core.dll
MOD - [2010.11.21 04:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.01.09 21:13:33 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 20:08:44 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.04 17:01:46 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012.08.15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012.08.15 14:36:34 | 015,680,000 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012.08.15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012.08.01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012.04.25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012.02.15 17:05:26 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Programme\COMPUTERBILD-Cloud\Data\Tools\mounter.exe -- (DokanMounter)
SRV - [2012.01.12 14:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012.01.12 14:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012.01.12 14:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011.09.18 19:18:54 | 003,271,496 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2011.03.21 16:19:16 | 001,845,248 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Programme\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2011.03.14 16:27:34 | 000,346,976 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)
SRV - [2010.08.26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010.08.04 14:44:24 | 000,266,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100)
SRV - [2010.03.22 20:05:40 | 000,960,992 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.03 19:39:38 | 004,590,432 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)
SRV - [2010.02.12 07:09:18 | 002,227,216 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe -- (GenericMount Helper Service)
SRV - [2009.11.18 13:40:26 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.12.01 01:46:01 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.11.28 18:49:00 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2012.11.24 16:00:38 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2012.11.24 16:00:37 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.11.24 15:37:23 | 000,212,992 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV:64bit: - [2012.11.24 15:37:23 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2012.11.24 15:37:23 | 000,098,816 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2012.11.24 15:37:23 | 000,086,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2012.11.24 15:37:23 | 000,028,672 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV:64bit: - [2012.11.24 15:37:23 | 000,013,952 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012.08.15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012.08.15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012.08.15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012.08.01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012.07.06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012.07.06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 17:05:24 | 000,120,408 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisPT)
DRV:64bit: - [2011.03.21 16:44:30 | 000,033,416 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nlndis.sys -- (NLNdisMP)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011.02.10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.03.03 19:59:22 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2010.02.12 07:10:12 | 000,066,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GenericMount.sys -- (GenericMount)
DRV:64bit: - [2010.02.11 02:34:46 | 000,170,032 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\symsnap.sys -- (symsnap)
DRV:64bit: - [2009.11.23 17:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.18 07:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.11.06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.09.21 20:40:14 | 000,020,528 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.15 02:28:00 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007.01.19 18:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2012.11.19 09:57:24 | 000,013,368 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2012.02.14 11:32:16 | 000,013,328 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI\ControlCenter\NTIOLib_X64.sys -- (NTIOLib_1_0_1)
DRV - [2012.01.11 22:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/12/11 16:47:19] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.10.27 07:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2011.03.21 16:44:28 | 000,088,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Programme\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2011.01.06 11:06:56 | 000,011,888 | ---- | M] (MSI) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Setup Files\Ms7673v1J0\NTIOLib_X64.sys -- (NTIOLib_1_0_6)
DRV - [2010.10.22 10:37:36 | 000,014,136 | ---- | M] (MSI) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys -- (NTIOLib_1_0_4)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 FD 94 19 54 CA CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{81CE708B-5104-4C62-B333-94B417473B29}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6OyWo5iVXD&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Micha\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.01.08 20:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.11.24 23:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Micha\AppData\Roaming\mozilla\Extensions
[2012.12.06 19:02:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://google.de/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://google.de/
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - Extension: Google Drive = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.55_0\
CHR - Extension: Google Mail = C:\Users\Micha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.01.21 11:20:47 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ControlCenterCount] C:\Program Files (x86)\MSI\ControlCenter\ControlCenterCount.exe (MSI CO.,LTD.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe ()
O4 - HKLM..\Run: [Norton Ghost 15.0] C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Micha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ControlCenter_Side - Verknüpfung.lnk = C:\Program Files (x86)\MSI\ControlCenter\ControlCenter_Side.exe (MSI CO.,LTD.)
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Programme\Rainmeter\Rainmeter.exe ()
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O4 - Startup: C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52EEF90D-729D-4F4D-971C-9BD3211D79C7}: DhcpNameServer = 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69A327D4-606B-4460-B9AA-BB5B6720D3DE}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B7C749D-BFEA-44D0-8F5C-B66DE8703934}: NameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A407B695-E2BF-488A-B03C-130443C2510D}: NameServer = 139.7.30.125 139.7.30.126
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\PROGRA~2\DESKSC~1\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\PROGRA~2\DESKSC~1\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\PROGRA~2\DESKSC~1\DreamControl.dll (Stardock)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.10.21 18:02:11 | 000,000,000 | ---D | M] - F:\autorun -- [ CDFS ]
O32 - AutoRun File - [2004.09.30 07:18:33 | 000,000,061 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.21 11:20:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.21 11:19:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.01.21 11:17:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.01.21 11:17:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.01.21 11:17:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.01.21 11:17:01 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.21 11:16:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.21 11:16:50 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.01.21 11:09:49 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.01.21 10:36:03 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2013.01.21 10:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013.01.21 10:35:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.01.19 06:06:55 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Malwarebytes
[2013.01.19 06:06:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.01.19 06:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.19 06:06:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.01.19 06:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.19 00:03:07 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2013.01.19 00:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2013.01.19 00:03:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack
[2013.01.18 23:40:06 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mega Codec Pack
[2013.01.18 23:40:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mega Codec Pack
[2013.01.17 20:51:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TERA
[2013.01.17 20:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2013.01.15 11:23:33 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Virtual Machines
[2013.01.15 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\VMware
[2013.01.15 11:20:22 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\VMware
[2013.01.15 11:18:38 | 000,070,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013.01.15 11:18:38 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013.01.15 11:18:38 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013.01.15 11:18:37 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013.01.15 11:17:52 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013.01.15 11:17:49 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013.01.15 11:17:48 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013.01.15 11:17:47 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013.01.15 11:17:46 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013.01.15 11:17:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2013.01.15 11:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013.01.15 11:17:34 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013.01.15 11:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013.01.15 11:17:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013.01.15 11:17:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2013.01.14 15:36:43 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Pix
[2013.01.14 15:34:33 | 000,000,000 | ---D | C] -- C:\Guild Wars 2
[2013.01.13 23:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guild Wars 2
[2013.01.13 23:47:31 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Guild Wars 2
[2013.01.13 14:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2013.01.13 14:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.01.12 16:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2013.01.12 16:45:57 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.01.12 05:23:30 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\SWTOR
[2013.01.12 05:23:30 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\HeroBlade Logs
[2013.01.11 08:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[2013.01.11 08:25:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\BioWare
[2013.01.11 08:15:41 | 000,011,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\acpimof.dll
[2013.01.11 08:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
[2013.01.11 06:40:19 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\StarCraft II
[2013.01.10 09:19:20 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\RIFT
[2013.01.10 06:50:07 | 000,000,000 | ---D | C] -- C:\Users\Micha\Desktop\Camera
[2013.01.10 05:49:19 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Rift
[2013.01.08 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013.01.07 03:17:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.01.07 03:17:57 | 000,000,000 | ---D | C] -- C:\Fraps
[2013.01.01 01:15:28 | 000,000,000 | ---D | C] -- C:\Users\Micha\Documents\Activision
[2013.01.01 01:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.12.26 08:40:05 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012.12.26 08:39:54 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo II
[2012.12.26 08:34:19 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2012.12.26 08:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2012.12.25 06:23:30 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\ARelog
[2012.12.25 05:50:10 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\HighVoltz
[2012.12.25 03:58:40 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2012.12.25 03:58:08 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.12.25 03:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.12.25 03:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.12.25 03:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.25 03:57:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.12.24 23:15:00 | 000,000,000 | ---D | C] -- C:\World of Warcraft
[2012.12.24 15:13:38 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Local\TSVNCache
[2012.12.24 15:08:36 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\TortoiseSVN
[2012.12.24 15:08:24 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Subversion
[2012.12.24 15:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2012.12.24 15:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\TortoiseSVN
[2012.12.24 15:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TortoiseOverlays
[2012.12.24 15:07:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TortoiseOverlays
[2012.12.23 13:45:17 | 000,000,000 | ---D | C] -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2012.12.23 13:45:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.21 11:27:38 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 11:27:38 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.21 11:26:26 | 001,620,588 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.21 11:26:26 | 000,699,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.21 11:26:26 | 000,654,660 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.21 11:26:26 | 000,149,164 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.21 11:26:26 | 000,122,118 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.21 11:20:48 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.21 11:20:47 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.01.21 11:20:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.21 11:20:29 | 000,057,375 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2013.01.21 10:36:02 | 000,001,079 | ---- | M] () -- C:\Users\Micha\Desktop\Kaspersky Security Scan.lnk
[2013.01.21 09:19:35 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3799727064-644077472-3735977901-1000Core.job
[2013.01.21 09:18:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.21 09:10:08 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3799727064-644077472-3735977901-1000UA.job
[2013.01.21 09:10:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.15 11:17:43 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013.01.15 11:17:41 | 001,640,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.14 19:00:00 | 000,112,640 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.14 11:05:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.01.14 11:05:57 | 000,281,688 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.12 16:37:55 | 2184,496,054 | ---- | M] () -- C:\Riot Games.rar
[2013.01.11 08:10:52 | 000,001,608 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird - Verknüpfung.lnk
[2013.01.10 07:05:19 | 000,001,456 | ---- | M] () -- C:\Users\Micha\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2013.01.09 07:24:10 | 000,295,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.02 00:33:51 | 000,444,027 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130109-014024.backup
[2012.12.27 16:55:13 | 000,026,604 | ---- | M] () -- C:\Users\Micha\Desktop\Gem Pricing.ods
[2012.12.26 08:41:10 | 000,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.12.26 08:40:54 | 000,028,050 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2012.12.26 08:34:19 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2012.12.26 08:34:19 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2012.12.25 03:58:59 | 000,001,237 | ---- | M] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.21 11:17:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.01.21 11:17:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.01.21 11:17:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.01.21 11:17:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.01.21 11:17:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.01.21 10:36:03 | 000,001,079 | ---- | C] () -- C:\Users\Micha\Desktop\Kaspersky Security Scan.lnk
[2013.01.19 00:03:07 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.01.19 00:03:07 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.01.19 00:03:07 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2013.01.19 00:03:07 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.01.19 00:03:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.01.15 11:17:43 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013.01.12 16:36:23 | 2184,496,054 | ---- | C] () -- C:\Riot Games.rar
[2013.01.11 09:05:20 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3799727064-644077472-3735977901-1000UA.job
[2013.01.11 09:05:20 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3799727064-644077472-3735977901-1000Core.job
[2013.01.09 07:28:57 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2012.12.26 08:40:45 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.12.26 08:34:20 | 000,028,050 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012.12.26 08:34:19 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2012.12.25 05:08:12 | 000,026,604 | ---- | C] () -- C:\Users\Micha\Desktop\Gem Pricing.ods
[2012.12.25 03:58:59 | 000,001,237 | ---- | C] () -- C:\Users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2012.12.09 11:14:51 | 000,035,840 | ---- | C] () -- C:\Windows\SysWow64\dokan.dll
[2012.12.09 01:19:15 | 000,007,606 | ---- | C] () -- C:\Users\Micha\AppData\Local\Resmon.ResmonCfg
[2012.12.04 17:01:46 | 000,281,688 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.12.04 17:01:46 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.01 09:59:00 | 000,001,456 | ---- | C] () -- C:\Users\Micha\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2012.11.25 01:43:59 | 001,640,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.29 12:09:28 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.10.29 12:09:28 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.10.29 12:09:28 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.10.29 12:09:28 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.10.29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.09.28 16:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll
 
========== ZeroAccess Check ==========
 
[2013.01.21 11:19:37 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{76625705-3e1d-3622-2a9e-caf37653d34f}\L
[2013.01.21 11:16:53 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{76625705-3e1d-3622-2a9e-caf37653d34f}\U
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.11.25 21:11:19 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\AVG2013
[2013.01.11 09:08:43 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\COMPUTERBILD Cloud
[2013.01.21 11:19:36 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\convert
[2013.01.10 12:20:25 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\DAEMON Tools Pro
[2012.12.25 05:50:10 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\HighVoltz
[2012.12.06 07:05:40 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\ICQ
[2012.11.24 17:11:44 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\LolClient
[2013.01.21 11:45:11 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\NetSpeedMonitor
[2012.12.25 03:58:40 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\OpenOffice.org
[2012.12.19 14:15:56 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Origin
[2012.11.25 04:46:43 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\QuickScan
[2012.11.25 02:21:10 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Rainmeter
[2013.01.14 18:11:04 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Rift
[2012.12.06 19:22:07 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Samsung
[2013.01.21 10:00:13 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Spotify
[2012.12.24 15:08:24 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Subversion
[2012.11.24 23:48:40 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Thunderbird
[2013.01.21 09:59:53 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TS3Client
[2012.11.25 21:11:08 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\TuneUp Software
[2013.01.14 17:50:49 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\UseNeXT
[2013.01.21 10:00:06 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\uTorrent
[2012.11.25 03:35:42 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Video Wallpaper
[2012.11.25 20:36:41 | 000,000,000 | ---D | M] -- C:\Users\Micha\AppData\Roaming\Windows Authenticator
[2012.12.10 08:59:04 | 000,000,000 | -HSD | M] -- C:\Users\Micha\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 

< End of report >
Malwarebytes

Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.19.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Micha :: MICHA-PC [Administrator]

21.01.2013 12:01:11
mbam-log-2013-01-21 (12-01-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 259880
Laufzeit: 1 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 0 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

AVG erstellt scheinbar keine einsehbaren Logs, deswegen kann ich davon nichts posten.

Code:
"";"Virus identifiziert: Win64/Patched.A, C:\Windows\System32\services.exe";"Kann nicht bereinigt werden
Manuell entfernen"

Vielen Dank schonmal!

cosinus 21.01.2013 12:39
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Illunia 21.01.2013 12:50
Hallo,
Da mir die Infektion nun scheinbar den Internetzugang verwehrt, muss ich kurz per Handy schreiben
Malwarebytes hat vorgestern

Trojan.access.bcminer
Rootkit.0access
Trojan.clicker gefunden

Logs posten ist leider grad schlecht :(

cosinus 21.01.2013 12:55
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Illunia 21.01.2013 14:10
Code:
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8162.5885 [GMT 1:00]
ausgeführt von:: d:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
c:\windows\system32\Services.exe . . . ist infiziert!!
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-21 12:33 . 2013-01-21 12:33        --------        dc----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-01-21 12:33 . 2013-01-21 12:33        --------        dc----w-        c:\users\Default\AppData\Local\temp
2013-01-21 12:19 . 2009-07-14 01:39        328704        -c--a-w-        c:\windows\SysWow64\services.exe
2013-01-21 12:19 . 2006-11-01 12:05        150328        -c--a-w-        C:\pendmoves.exe
2013-01-21 12:19 . 2006-11-01 12:05        146232        -c--a-w-        C:\movefile.exe
2013-01-21 10:09 . 2013-01-21 10:09        --------        dc----w-        C:\TDSSKiller_Quarantine
2013-01-21 09:36 . 2013-01-21 09:36        --------        dc----w-        c:\program files (x86)\Kaspersky Lab
2013-01-21 09:35 . 2013-01-21 09:35        --------        dc----w-        c:\programdata\Kaspersky Lab
2013-01-19 05:06 . 2013-01-19 05:06        --------        dc----w-        c:\users\Micha\AppData\Roaming\Malwarebytes
2013-01-19 05:06 . 2013-01-19 05:06        --------        dc----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-19 05:06 . 2013-01-19 05:06        --------        dc----w-        c:\programdata\Malwarebytes
2013-01-19 05:06 . 2012-12-14 15:49        24176        -c--a-w-        c:\windows\system32\drivers\mbam.sys
2013-01-18 23:03 . 2012-06-09 18:21        178688        -c--a-w-        c:\windows\SysWow64\unrar.dll
2013-01-18 23:03 . 2011-12-21 18:14        151552        -c--a-w-        c:\windows\SysWow64\ac3acm.acm
2013-01-18 23:03 . 2011-12-07 18:32        216064        -c--a-w-        c:\windows\SysWow64\lagarith.dll
2013-01-18 23:03 . 2011-06-24 15:44        243200        -c--a-w-        c:\windows\SysWow64\xvidvfw.dll
2013-01-18 23:03 . 2011-06-24 15:28        650752        -c--a-w-        c:\windows\SysWow64\xvidcore.dll
2013-01-18 23:03 . 2013-01-14 18:00        112640        -c--a-w-        c:\windows\SysWow64\ff_vfw.dll
2013-01-18 23:03 . 2013-01-18 23:03        --------        dc----w-        c:\program files (x86)\K-Lite Codec Pack
2013-01-18 22:40 . 2013-01-18 22:40        --------        dc----w-        c:\program files (x86)\Mega Codec Pack
2013-01-17 19:51 . 2013-01-17 19:51        --------        dc----w-        c:\programdata\TERA
2013-01-15 10:20 . 2013-01-15 12:59        --------        dc----w-        c:\users\Micha\AppData\Roaming\VMware
2013-01-15 10:20 . 2013-01-15 12:59        --------        dc----w-        c:\users\Micha\AppData\Local\VMware
2013-01-15 10:18 . 2012-07-06 11:30        67224        -c--a-w-        c:\windows\system32\vsocklib.dll
2013-01-15 10:18 . 2012-07-06 11:29        63128        -c--a-w-        c:\windows\SysWow64\vsocklib.dll
2013-01-15 10:18 . 2012-07-06 11:29        70256        -c--a-w-        c:\windows\system32\drivers\vsock.sys
2013-01-15 10:18 . 2012-08-15 14:18        67224        -c--a-w-        c:\windows\system32\drivers\vmx86.sys
2013-01-15 10:17 . 2012-08-15 14:18        357016        -c--a-w-        c:\windows\SysWow64\vmnetdhcp.exe
2013-01-15 10:17 . 2012-08-15 14:17        435864        -c--a-w-        c:\windows\SysWow64\vmnat.exe
2013-01-15 10:17 . 2012-08-15 14:18        30360        -c--a-w-        c:\windows\system32\drivers\vmnetuserif.sys
2013-01-15 10:17 . 2012-08-15 14:18        933528        -c--a-w-        c:\windows\system32\vnetlib64.dll
2013-01-15 10:17 . 2012-08-01 16:10        52376        -c--a-w-        c:\windows\system32\drivers\hcmon.sys
2013-01-15 10:17 . 2013-01-15 10:17        --------        dc----w-        c:\program files\Common Files\VMware
2013-01-15 10:17 . 2013-01-21 12:34        --------        dc----w-        c:\programdata\VMware
2013-01-15 10:17 . 2013-01-15 10:17        --------        dc----w-        c:\program files (x86)\VMware
2013-01-15 10:17 . 2013-01-15 10:17        --------        dc----w-        c:\program files (x86)\Common Files\VMware
2013-01-14 14:34 . 2013-01-14 14:34        --------        dc----w-        C:\Guild Wars 2
2013-01-13 13:47 . 2013-01-13 13:47        --------        dc----w-        c:\program files\Recuva
2013-01-12 15:46 . 2008-07-12 07:18        3851784        -c--a-w-        c:\windows\SysWow64\D3DX9_39.dll
2013-01-12 04:23 . 2013-01-12 04:23        --------        dc----w-        c:\users\Micha\AppData\Local\SWTOR
2013-01-11 07:25 . 2013-01-11 07:57        --------        dc----w-        c:\program files (x86)\Common Files\BioWare
2013-01-11 07:25 . 2013-01-11 07:25        --------        dc----w-        c:\users\swtor
2013-01-11 07:15 . 2012-08-22 09:19        11832        -c--a-w-        c:\windows\acpimof.dll
2013-01-10 04:49 . 2013-01-14 17:11        --------        dc----w-        c:\users\Micha\AppData\Roaming\Rift
2013-01-08 19:08 . 2013-01-09 06:27        --------        dc----w-        c:\program files (x86)\Mozilla Thunderbird
2013-01-07 02:17 . 2013-01-21 10:21        --------        dc----w-        C:\Fraps
2013-01-01 00:13 . 2013-01-01 00:13        --------        dc----w-        c:\programdata\EA Core
2012-12-26 07:40 . 2012-12-26 07:41        43520        -c--a-w-        c:\windows\SysWow64\CmdLineExt03.dll
2012-12-26 07:34 . 2012-12-26 07:34        2829        -c--a-w-        c:\windows\DIIUnin.pif
2012-12-26 07:34 . 2012-12-26 07:34        102400        -c--a-w-        c:\windows\DIIUnin.exe
2012-12-25 05:23 . 2012-12-26 03:40        --------        dc----w-        c:\users\Micha\AppData\Local\ARelog
2012-12-25 04:50 . 2012-12-25 04:50        --------        dc----w-        c:\users\Micha\AppData\Roaming\HighVoltz
2012-12-25 02:58 . 2012-12-25 02:58        --------        dc----w-        c:\users\Micha\AppData\Roaming\OpenOffice.org
2012-12-25 02:57 . 2012-12-25 02:58        --------        dc----w-        c:\program files (x86)\OpenOffice.org 3
2012-12-25 02:57 . 2012-12-25 02:57        --------        dc----w-        c:\program files (x86)\Common Files\Java
2012-12-25 02:57 . 2012-12-25 02:57        472808        -c--a-w-        c:\windows\SysWow64\deployJava1.dll
2012-12-25 02:57 . 2012-12-25 02:57        --------        dc----w-        c:\program files (x86)\Java
2012-12-24 22:15 . 2012-12-24 22:23        --------        dc----w-        C:\World of Warcraft
2012-12-24 14:13 . 2013-01-21 12:36        --------        dc----w-        c:\users\Micha\AppData\Local\TSVNCache
2012-12-24 14:08 . 2012-12-24 14:08        --------        dc----w-        c:\users\Micha\AppData\Roaming\TortoiseSVN
2012-12-24 14:08 . 2012-12-24 14:08        --------        dc----w-        c:\users\Micha\AppData\Roaming\Subversion
2012-12-24 14:07 . 2012-12-24 14:07        --------        dc----w-        c:\program files\TortoiseSVN
2012-12-24 14:07 . 2012-12-24 14:07        --------        dc----w-        c:\program files\Common Files\TortoiseOverlays
2012-12-24 14:07 . 2012-12-24 14:07        --------        dc----w-        c:\program files (x86)\Common Files\TortoiseOverlays
2012-12-23 12:45 . 2012-12-24 03:10        --------        dc----w-        c:\program files (x86)\MSI Afterburner
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-21 11:30 . 2012-11-24 15:00        18960        -c--a-w-        c:\windows\system32\drivers\LNonPnP.sys
2013-01-21 11:24 . 2012-11-24 15:24        22368        -c--a-w-        c:\windows\system32\drivers\AFD.SYS
2013-01-21 11:24 . 2009-07-14 00:10        22368        -c--a-w-        c:\windows\system32\drivers\WS2IFSL.SYS
2013-01-14 10:05 . 2012-12-04 16:01        281688        -c--a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-01-14 10:05 . 2012-12-01 21:23        281688        -c--a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-01-09 20:13 . 2012-11-25 05:51        74248        -c--a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 20:13 . 2012-11-25 05:51        697864        -c--a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 02:02 . 2012-11-28 03:15        67599240        -c--a-w-        c:\windows\system32\MRT.exe
2013-01-09 02:00 . 2013-01-09 00:36        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-12-22 02:00 . 2012-12-22 02:00        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-22 02:00 . 2012-12-22 02:00        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-22 02:00 . 2012-12-22 02:00        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-22 02:00 . 2012-12-22 02:00        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-13 02:01 . 2012-12-12 02:50        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2012-12-13 02:01 . 2012-12-12 02:50        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-12-13 02:00 . 2012-12-12 02:21        478208        ----a-w-        c:\windows\system32\dpnet.dll
2012-12-13 02:00 . 2012-12-12 02:21        376832        ----a-w-        c:\windows\SysWow64\dpnet.dll
2012-12-13 02:00 . 2012-12-13 02:00        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-12-13 02:00 . 2012-12-13 02:00        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-12-13 02:00 . 2012-12-13 02:00        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-12-13 02:00 . 2012-12-13 02:00        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-12-13 02:00 . 2012-12-13 02:00        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-12-13 02:00 . 2012-12-13 02:00        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-12-13 02:00 . 2012-12-13 02:00        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-12-13 02:00 . 2012-12-13 02:00        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-12-13 02:00 . 2012-12-13 02:00        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-12-13 02:00 . 2012-12-13 02:00        729088        ----a-w-        c:\windows\system32\msfeeds.dll
2012-12-13 02:00 . 2012-12-13 02:00        599040        ----a-w-        c:\windows\system32\vbscript.dll
2012-12-13 02:00 . 2012-12-13 02:00        237056        ----a-w-        c:\windows\system32\url.dll
2012-12-13 02:00 . 2012-12-13 02:00        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-12-13 02:00 . 2012-12-13 02:00        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-12-13 02:00 . 2012-12-13 02:00        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-12-13 02:00 . 2012-12-13 02:00        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-12-13 02:00 . 2012-12-13 02:00        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-12-13 02:00 . 2012-12-13 02:00        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-12-13 02:00 . 2012-12-13 02:00        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-12-13 02:00 . 2012-12-13 02:00        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-12-13 02:00 . 2012-12-13 02:00        17811968        ----a-w-        c:\windows\system32\mshtml.dll
2012-12-13 02:00 . 2012-12-13 02:00        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-12-06 14:58 . 2012-12-01 21:19        281688        -c--a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-12-06 05:32 . 2012-12-06 05:32        31344        -c--a-w-        c:\windows\system32\drivers\cnnctfy2.sys
2012-12-04 16:01 . 2012-12-04 16:01        76888        -c--a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-12-01 00:46 . 2012-12-01 00:46        283200        -c--a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-11-28 17:49 . 2012-12-06 18:11        35112        -c--a-w-        c:\windows\system32\drivers\teamviewervpn.sys
2012-11-24 15:42 . 2012-11-24 15:42        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-11-24 15:42 . 2012-11-24 15:42        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-11-24 15:42 . 2012-11-24 15:42        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2012-11-24 15:42 . 2012-11-24 15:42        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-11-24 15:42 . 2012-11-24 15:42        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-11-24 15:42 . 2012-11-24 15:42        82432        ----a-w-        c:\windows\system32\icardie.dll
2012-11-24 15:42 . 2012-11-24 15:42        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-11-24 15:42 . 2012-11-24 15:42        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-11-24 15:42 . 2012-11-24 15:42        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-11-24 15:42 . 2012-11-24 15:42        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-11-24 15:42 . 2012-11-24 15:42        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2012-11-24 15:42 . 2012-11-24 15:42        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-11-24 15:42 . 2012-11-24 15:42        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2012-11-24 15:42 . 2012-11-24 15:42        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2012-11-24 15:42 . 2012-11-24 15:42        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-11-24 15:42 . 2012-11-24 15:42        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-11-24 15:42 . 2012-11-24 15:42        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-11-24 15:42 . 2012-11-24 15:42        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2012-11-24 15:42 . 2012-11-24 15:42        448512        ----a-w-        c:\windows\system32\html.iec
2012-11-24 15:42 . 2012-11-24 15:42        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2012-11-24 15:42 . 2012-11-24 15:42        39936        ----a-w-        c:\windows\system32\iernonce.dll
2012-11-24 15:42 . 2012-11-24 15:42        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2012-11-24 15:42 . 2012-11-24 15:42        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-11-24 15:42 . 2012-11-24 15:42        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-11-24 15:42 . 2012-11-24 15:42        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-11-24 15:42 . 2012-11-24 15:42        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2012-11-24 15:42 . 2012-11-24 15:42        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2012-11-24 15:42 . 2012-11-24 15:42        249344        ----a-w-        c:\windows\system32\webcheck.dll
2012-11-24 15:42 . 2012-11-24 15:42        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-11-24 15:42 . 2012-11-24 15:42        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-11-24 15:42 . 2012-11-24 15:42        197120        ----a-w-        c:\windows\system32\msrating.dll
2012-11-24 15:42 . 2012-11-24 15:42        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-11-24 15:42 . 2012-11-24 15:42        163840        ----a-w-        c:\windows\system32\ieakui.dll
2012-11-24 15:42 . 2012-11-24 15:42        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-11-24 15:42 . 2012-11-24 15:42        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-11-24 15:42 . 2012-11-24 15:42        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2012-11-24 15:42 . 2012-11-24 15:42        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-11-24 15:42 . 2012-11-24 15:42        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-11-24 15:42 . 2012-11-24 15:42        149504        ----a-w-        c:\windows\system32\occache.dll
2012-11-24 15:42 . 2012-11-24 15:42        145920        ----a-w-        c:\windows\system32\iepeers.dll
2012-11-24 15:42 . 2012-11-24 15:42        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-11-24 15:42 . 2012-11-24 15:42        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-11-24 15:42 . 2012-11-24 15:42        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-11-24 15:42 . 2012-11-24 15:42        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-11-24 15:42 . 2012-11-24 15:42        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-11-24 15:42 . 2012-11-24 15:42        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-11-24 15:42 . 2012-11-24 15:42        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2012-11-24 15:42 . 2012-11-24 15:42        103936        ----a-w-        c:\windows\system32\inseng.dll
2012-11-24 15:42 . 2012-11-24 15:42        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-11-24 15:00 . 2012-11-24 15:00        16008        -c--a-w-        c:\windows\system32\drivers\LGVirHid.sys
2012-11-24 15:00 . 2012-11-24 15:00        66328        -c--a-w-        c:\windows\system32\drivers\LGSHidFilt.Sys
2012-11-24 15:00 . 2012-11-24 15:00        1845528        -c--a-w-        c:\windows\system32\LkmdfCoInst.dll
2012-11-24 14:59 . 2012-11-24 14:59        525544        -c--a-w-        c:\windows\system32\deployJava1.dll
2012-11-24 14:59 . 2012-11-24 14:59        190752        -c--a-w-        c:\windows\system32\javaws.exe
2012-11-24 14:59 . 2012-11-24 14:59        171808        -c--a-w-        c:\windows\system32\javaw.exe
2012-11-24 14:59 . 2012-11-24 14:59        171808        -c--a-w-        c:\windows\system32\java.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\services.exe
[-] 2009-07-14 . 50BEA589F7D7958BDD2528A8F69D05CC . 329216 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-05-11 15:38        154216        -c--a-w-        c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}]
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{F9639E4A-801B-4843-AEE3-03D9DA199E77}"= "c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{f9639e4a-801b-4843-aee3-03d9da199e77}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\Incredibar.dskBnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        64792        -c--a-w-        c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ControlCenter_Side - Verknüpfung.lnk - c:\program files (x86)\MSI\ControlCenter\ControlCenter_Side.exe [2012-11-24 5696056]
CurseClientStartup.ccip [2012-12-13 0]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-11-18 41136]
Samsung SSD Magician.lnk - c:\program files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-11-24 1507328]
thunderbird - Verknüpfung.lnk - c:\program files (x86)\Mozilla Thunderbird\thunderbird.exe [2013-1-8 389168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-10-31 522752]
Virtual Router Manager.lnk - c:\windows\Installer\{8DB05F7E-1F7A-4CC0-882F-375B97F04CD4}\_E6D9769DD20AF384865041.exe [2012-12-6 22486]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - NTIOLIB_1_0_2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 17:19        1606760        -c--a-w-        c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 20:13]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 15:13]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 09:20        75544        -c--a-w-        c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_DOWNLOAD]
@="{C3DBFBE2-A521-4619-9F32-502318CB4EC2}"
[HKEY_CLASSES_ROOT\CLSID\{C3DBFBE2-A521-4619-9F32-502318CB4EC2}]
2012-08-08 09:36        274000        -c--a-w-        c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_ERROR]
@="{851C758E-C636-4045-B323-059931A3A331}"
[HKEY_CLASSES_ROOT\CLSID\{851C758E-C636-4045-B323-059931A3A331}]
2012-08-08 09:36        274000        -c--a-w-        c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_INSYNC]
@="{580030D3-492E-45EA-A1C9-A0AC525BEB26}"
[HKEY_CLASSES_ROOT\CLSID\{580030D3-492E-45EA-A1C9-A0AC525BEB26}]
2012-08-08 09:36        274000        -c--a-w-        c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_REFRESH]
@="{FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2}"
[HKEY_CLASSES_ROOT\CLSID\{FEBF62C8-B6B3-43B7-BEC4-1A9CD61BDCD2}]
2012-08-08 09:36        274000        -c--a-w-        c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CloudIcon_UPLOAD]
@="{EBED3602-8915-43F9-81F7-CAA6FC4F70D6}"
[HKEY_CLASSES_ROOT\CLSID\{EBED3602-8915-43F9-81F7-CAA6FC4F70D6}]
2012-08-08 09:36        274000        -c--a-w-        c:\program files\COMPUTERBILD-Cloud\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-09 7466600]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2011-09-18 3993416]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: mswsock.dll
TCP: Interfaces\{69A327D4-606B-4460-B9AA-BB5B6720D3DE}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{9B7C749D-BFEA-44D0-8F5C-B66DE8703934}: NameServer = 139.7.30.125 139.7.30.126
TCP: Interfaces\{A407B695-E2BF-488A-B03C-130443C2510D}: NameServer = 139.7.30.125 139.7.30.126
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NET Memory Cache 4.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\1394ohci]
"ImagePath"="system32\DRIVERS\1394ohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ACPI]
"ImagePath"="system32\drivers\ACPI.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AcpiPmi]
"ImagePath"="\SystemRoot\system32\drivers\acpipmi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdK8]
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AmdPPM]
"ImagePath"="\SystemRoot\system32\drivers\amdppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsata]
"ImagePath"="\SystemRoot\system32\drivers\amdsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdsbs]
"ImagePath"="\SystemRoot\system32\drivers\amdsbs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\amdxata]
"ImagePath"="system32\drivers\amdxata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppID]
"ImagePath"="\SystemRoot\system32\drivers\appid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppIDSvc]
"ServiceDll"="%SystemRoot%\System32\appidsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ASP.NET_4.0.30319]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AxInstSV]
"ServiceDll"="%SystemRoot%\System32\AxInstSV.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b06bdrv]
"ImagePath"="\SystemRoot\system32\drivers\bxvbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\b57nd60a]
"ImagePath"="system32\DRIVERS\b57nd60a.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BCMH43XX]
"ImagePath"="system32\DRIVERS\bcmwlhigh664.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BDESVC]
"ServiceDll"="%SystemRoot%\System32\bdesvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BITS]
"ServiceDll"="%SystemRoot%\System32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\blbdrive]
"ImagePath"="system32\DRIVERS\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\BrFiltLo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\BrFiltUp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Brserid]
"ImagePath"="\SystemRoot\System32\Drivers\Brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrSerWdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrSerWdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbMdm]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbMdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BrUsbSer]
"ImagePath"="\SystemRoot\System32\Drivers\BrUsbSer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BthEnum]
"ImagePath"="\SystemRoot\system32\drivers\BthEnum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BthPan]
"ImagePath"="system32\DRIVERS\bthpan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHPORT]
"ImagePath"="\SystemRoot\System32\Drivers\BTHport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\bthserv]
"ServiceDll"="%SystemRoot%\system32\bthserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\BTHUSB]
"ImagePath"="\SystemRoot\System32\Drivers\BTHUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CmBatt]
"ImagePath"="\SystemRoot\system32\drivers\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CNG]
"ImagePath"="System32\Drivers\cng.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Compbatt]
"ImagePath"="\SystemRoot\system32\drivers\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CompositeBus]
"ImagePath"="system32\DRIVERS\CompositeBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crcdisk]
"ImagePath"="\SystemRoot\system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\defragsvc]
"ServiceDll"="%Systemroot%\System32\defragsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcore.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\discache]
"ImagePath"="System32\drivers\discache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Dokan]
"ImagePath"="\??\c:\windows\system32\drivers\dokan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DokanMounter]
"ImagePath"="c:\program files\COMPUTERBILD-Cloud\Data\Tools\mounter.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"ImagePath"="system32\DRIVERS\dtsoftbus01.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ebdrv]
"ImagePath"="\SystemRoot\system32\drivers\evbda.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EFS]
"ImagePath"="%SystemRoot%\System32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ewusbmbb]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ew_hwusbdev]
"ImagePath"="system32\DRIVERS\ew_hwusbdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ew_usbenumfilter]
"ImagePath"="system32\DRIVERS\ew_usbenumfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdc]
"ImagePath"="\SystemRoot\system32\drivers\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\flpydisk]
"ImagePath"="\SystemRoot\system32\drivers\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\FsDepends]
"ImagePath"="System32\drivers\FsDepends.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fvevol]
"ImagePath"="System32\DRIVERS\fvevol.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GenericMount]
"ImagePath"="system32\DRIVERS\GenericMount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GenericMount Helper Service]
"ImagePath"="\"c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GenericMountService]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcmon]
"ImagePath"="\??\c:\windows\system32\drivers\hcmon.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hcw85cir]
"ImagePath"="\SystemRoot\system32\drivers\hcw85cir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBatt]
"ImagePath"="\SystemRoot\system32\drivers\HidBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupListener]
"ServiceDll"="%SystemRoot%\system32\ListSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HomeGroupProvider]
"ServiceDll"="%SystemRoot%\system32\provsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HpSAMD]
"ImagePath"="\SystemRoot\system32\drivers\HpSAMD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_cdcacm]
"ImagePath"="system32\DRIVERS\ew_jucdcacm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_enumerator]
"ImagePath"="system32\DRIVERS\ew_jubusenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_ext_ctrl]
"ImagePath"="system32\DRIVERS\ew_juextctrl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_update]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\huawei_wwanecm]
"ImagePath"="system32\DRIVERS\ew_juwwanecm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwdatacard]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\HWDeviceService64.exe]
"ImagePath"="\"c:\programdata\DatacardService\HWDeviceService64.exe\" -/service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwpolicy]
"ImagePath"="System32\drivers\hwpolicy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hwusbdev]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\i8042prt]
"ImagePath"="\SystemRoot\system32\drivers\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iaStorV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHD64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelide]
"ImagePath"="\SystemRoot\system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPHLPSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\IPMIDrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IPNAT]
"ImagePath"="System32\drivers\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\iScsiPrt]
"ImagePath"="\SystemRoot\system32\drivers\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\jswpsapi]
"ImagePath"="c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\JSWPSLWF]
"ImagePath"="system32\DRIVERS\jswpslwfx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSecPkg]
"ImagePath"="System32\Drivers\ksecpkg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KSS]
"ImagePath"="\"c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe\" -r"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LGBusEnum]
"ImagePath"="system32\drivers\LGBusEnum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LGSHidFilt]
"ImagePath"="system32\DRIVERS\LGSHidFilt.Sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LGVirHid]
"ImagePath"="system32\drivers\LGVirHid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LiveUpdate]
"ImagePath"="\"c:\progra~2\Symantec\LIVEUP~1\LUCOMS~1.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SAS2]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MBfilt]
"ImagePath"="system32\drivers\MBfilt64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\MegaSR.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEIx64]
"ImagePath"="system32\DRIVERS\HECIx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mountmgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MozillaMaintenance]
"ImagePath"="\"c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mshidkmdf]
"ImagePath"="\SystemRoot\System32\drivers\mshidkmdf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSI_MSIBIOS_010507]
"ImagePath"="\??\c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MTConfig]
"ImagePath"="\SystemRoot\system32\drivers\MTConfig.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisCap]
"ImagePath"="system32\DRIVERS\ndiscap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetBT]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetMsmqActivator]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe\" -NetMsmqActivator"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetPipeActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpActivator]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NLNdisMP]
"ImagePath"="system32\DRIVERS\nlndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NLNdisPT]
"ImagePath"="system32\DRIVERS\nlndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nlsvc]
"ImagePath"="\"c:\program files\NetLimiter 3\nlsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nltdi]
"ImagePath"="\??\c:\program files\NetLimiter 3\nltdi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Ghost]
"ImagePath"="c:\program files (x86)\Norton Ghost\Agent\VProSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTIOLib_1_0_1]
"ImagePath"="\??\c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTIOLib_1_0_2]
"ImagePath"="\??\c:\program files (x86)\MSI\ControlCenter\NTIOLib_X64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTIOLib_1_0_4]
"ImagePath"="\??\c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTIOLib_1_0_6]
"ImagePath"="\??\c:\program files (x86)\Setup Files\Ms7673v1J0\NTIOLib_X64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3hub]
"ImagePath"="system32\DRIVERS\nusb3hub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nusb3xhc]
"ImagePath"="system32\DRIVERS\nusb3xhc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NVHDA]
"ImagePath"="system32\drivers\nvhda64v.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvlddmkm]
"ImagePath"="system32\DRIVERS\nvlddmkm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvsvc]
"ImagePath"="c:\windows\system32\nvvsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
"ImagePath"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ohci1394]
"ImagePath"="\SystemRoot\system32\drivers\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OODBS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\OODefragAgent]
"ImagePath"="\"c:\program files\OO Software\Defrag\oodag.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pciide]
"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pcw]
"ImagePath"="System32\drivers\pcw.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\pnrpauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\pnrpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Power]
"ServiceDll"="%SystemRoot%\system32\umpo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Psched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAgileVpn]
"ImagePath"="system32\DRIVERS\AgileVpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdpbus]
"ImagePath"="\SystemRoot\system32\drivers\rdpbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPREFMP]
"ImagePath"="system32\drivers\rdprefmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPUDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RdpVideoMiniport]
"ImagePath"="System32\drivers\rdpvideominiport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rdyboost]
"ImagePath"="System32\drivers\rdyboost.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RFCOMM]
"ImagePath"="system32\DRIVERS\rfcomm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcEptMapper]
"ServiceDll"="%SystemRoot%\System32\RpcEpMap.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTCore64]
"ImagePath"="\??\c:\program files (x86)\MSI Afterburner\RTCore64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\RTL8167]
"ImagePath"="system32\DRIVERS\Rt64win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\scfilter]
"ImagePath"="System32\DRIVERS\scfilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCMNdisP]
"ImagePath"="system32\DRIVERS\scmndisp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDScannerService]
"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDUpdateService]
"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SDWSCService]
"ImagePath"="c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SensrSvc]
"ServiceDll"="%SystemRoot%\system32\sensrsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\SiSRaid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SkypeUpdate]
"ImagePath"="\"c:\program files (x86)\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\speedfan]
"ImagePath"="SysWOW64\speedfan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppsvc]
"ImagePath"="%SystemRoot%\system32\sppsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sppuinotify]
"ServiceDll"="%SystemRoot%\system32\sppuinotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Stereo Service]
"ImagePath"="c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stexstor]
"ImagePath"="\SystemRoot\system32\drivers\stexstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Symantec SymSnap VSS Provider]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{BD2874F5-0EF9-49BE-890B-CFA1602D9405}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\symsnap]
"ImagePath"="system32\DRIVERS\symsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIP6TUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TCPIPTUNNEL]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\teamviewervpn]
"ImagePath"="system32\DRIVERS\teamviewervpn.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Themes]
"ServiceDll"="%SystemRoot%\system32\themeservice.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbFlt]
"ImagePath"="system32\drivers\tsusbflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TsUsbGD]
"ImagePath"="\SystemRoot\system32\drivers\TsUsbGD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UmPass]
"ImagePath"="\SystemRoot\system32\drivers\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbehci]
"ImagePath"="\SystemRoot\system32\drivers\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbprint]
"ImagePath"="\SystemRoot\system32\drivers\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usbuhci]
"ImagePath"="\SystemRoot\system32\drivers\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\usb_rndisx]
"ImagePath"="system32\DRIVERS\usb8023x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\V2iMount]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VaultSvc]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vdrvroot]
"ImagePath"="system32\drivers\vdrvroot.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vhdmp]
"ImagePath"="\SystemRoot\system32\drivers\vhdmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Virtual Router]
"ImagePath"="\"c:\program files (x86)\Virtual Router\VirtualRouterService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMAuthdService]
"ImagePath"="\"c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vmci]
"ImagePath"="system32\DRIVERS\vmci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMnetAdapter]
"ImagePath"="system32\DRIVERS\vmnetadapter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMnetBridge]
"ImagePath"="system32\DRIVERS\vmnetbridge.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMnetDHCP]
"ImagePath"="c:\windows\system32\vmnetdhcp.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMnetuserif]
"ImagePath"="\??\c:\windows\system32\drivers\vmnetuserif.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMUSBArbService]
"ImagePath"="\"c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMware]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMware NAT Service]
"ImagePath"="c:\windows\system32\vmnat.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VMwareHostd]
"ImagePath"="\"c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe\" -u \"c:\programdata\VMware\hostd\config.xml\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vmx86]
"ImagePath"="\??\c:\windows\system32\drivers\vmx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VProEventMonitor]
"ImagePath"="system32\DRIVERS\vproeventmonitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsmraid]
"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsock]
"ImagePath"="system32\drivers\vsock.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vsserv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vstor2-mntapi10-shared]
"ImagePath"="SysWOW64\drivers\vstor2-mntapi10-shared.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifibus]
"ImagePath"="system32\DRIVERS\vwifibus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwififlt]
"ImagePath"="system32\DRIVERS\vwififlt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\vwifimp]
"ImagePath"="system32\DRIVERS\vwifimp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WANARP]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wbengine]
"ImagePath"="\"%systemroot%\system32\wbengine.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WbioSrvc]
"ServiceDll"="%SystemRoot%\System32\wbiosrvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wd]
"ImagePath"="\SystemRoot\system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WfpLwf]
"ImagePath"="system32\DRIVERS\wfplwf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WimFltr]
"ImagePath"="system32\DRIVERS\wimfltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WIMMount]
"ImagePath"="system32\drivers\wimmount.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Windows Workflow Foundation 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WMPNetworkSvc]
"ImagePath"="\"%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSWNA1100]
"ImagePath"="c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WSWNA3100]
"ImagePath"="c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WwanSvc]
"ServiceDll"="%SystemRoot%\System32\wwansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{24A6E9CC-DD53-4110-9293-58B717DF8074}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{36B4A137-9A5E-4ECA-B401-CFD59EA402A3}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{3C461169-83B7-4324-8D00-40F1CD4FA4EB}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{4E8D8C56-1D33-45CC-AFB4-5F7B4C849838}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{52EEF90D-729D-4F4D-971C-9BD3211D79C7}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{59887344-EAEC-46A9-A5A7-C2764BDFA533}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{69A327D4-606B-4460-B9AA-BB5B6720D3DE}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{7FAAAE7D-C086-433C-8545-9C6222A56674}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{9B7C749D-BFEA-44D0-8F5C-B66DE8703934}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{A407B695-E2BF-488A-B03C-130443C2510D}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{A5EC0672-084C-418A-92D2-34D84CDD3D6D}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B351AFA8-129C-4C65-A39B-7E5A6C34E5BC}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{DA24B0B0-30F1-4428-985E-7DE3D4391EEA}]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG15.00.00.01PROFESSIONAL"="E21018FC9D5312EF8FBEB1942EE50A73DA10E61CC44615A1113FC2380C8E011E086B772FA50BE5CAB9DD047003FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6171C11EC38DE3DC038D530D6EB34525D575E7D6A3B9808608C7FCD14E80286F15268634A9B3691B07D2DDE39716C6F398A53244E60079ABE8A404D606ECC2BA6BBDA3E7A587B307FB980C573C1999DBC3CCA53D9832EC5CA68213425FB3660E92B20EBC6F7F12AE6A64E927B2B058C94371E48F8B25ED79EFAC339E230F88E2A76D92C156B65BFCA3B542D3B0C25F3B631C935BAE05CA166D980F36BB0C9BDEAB55A221B2914D2A0320460EE4EE72EB1A57A2D828461186660E3E366264E9BC0C72C53E8AA326AF588025C295B2C3D26549429869A9AD3F0AEAB6852BD1FFBD6CB8A295EEDE5B1E801A834D021C5444640AC05D123A81270A9CB49FB27CB53EBA8E7F3AE734BF7AC2184DE9E93FC8ADA300F02C2A0A03362F96D2E8918D53C5187E6E464C270AE09B3D8B921290FFCC1AF39440C9A0B3DD78AE825F04833F3ECD36013DB63586D58471A81B85B2AAA698D5DD4B59EE5D7758CD19EFEF44D5CB93FE1F6C564F96F8BAC715A9CA974C7575D631E19B922517673E77152DD84FB46412BF127D7C114247ABD4DD597042CA37664F26502A319A577A55660C9A7FB358F30C4D7528CDC3A8B0FC342A96554F9F2AF851E8DC4C5E51634EA6F7EFE2CBB2A1A1606EDAE7279FD2B8E136D185F9B3348EF98F7520EAB0D75311CCAC37B25D0C57131C76F9D21340D60CFEE12115B59632E81618CD081617A8C56FEA3814E0843C2AE82094F04D1E0CF50C139D2A34D6C9FD56EA90E825C0DC7E16EC1F8AA9AD7DDA6C22B9988C4875A437CEA2E6EB9020A694551E96189A610557333BD40157AF897B278332BB819DD2BBAF6554C0E7595E212A12FE3B878F71E690253294859AF508007F57B9F5C1EDC99219A637CCFCD3D84AB49627E6572FA322D5F9349D4FD76DCE4631C3150C2823D21F6EAFDC824C650724ACA32845B003226AAC2717FC8837E8D9CC46725D698CAA306AECC506C22AD72E59D71226E15D0D1248B5E2454439DF5E83FFEC2C972EDC8068FE709DE46579575719B3D4EF47C8CDD59EF3FCC56F80533ECFBC0EEB5D423DD8192C918FD0CBEF5ED54897EB124A18DA9CC7FBFB2D1160BBFA2ED7DDBB23C930DD31B98689142085184EDEAACBD568C8F5ECA1F20EDF522BF7EC992B23E1053CD77BD45772FE8726C57875F1FC05D5930CF39423B966A4F085D8B2B5B310E6DF58B2465732FF09AA43EA50E942BE295C6131863F51A2A8EC6519DAC4C4B1B5547E3F22775E20A10F36CC98B6C7C8407A1DEE6A013CADDFEC1B09ADC50CD0E239B9706986D1C5A83E65A2D"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\program files (x86)\RocketDock\RocketDock.exe
c:\users\Micha\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
c:\program files (x86)\Samsung\Kies\Kies.exe
c:\program files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe
c:\program files (x86)\AVG\AVG2013\avgui.exe
c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe
c:\program files (x86)\Norton Ghost\Agent\VProTray.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe
c:\program files (x86)\MSI\Live Update 5\LU5.exe
c:\program files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-21  13:38:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-21 12:38
ComboFix2.txt  2013-01-21 10:22
.
Vor Suchlauf: 19 Verzeichnis(se), 32.247.554.048 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 31.789.834.240 Bytes frei
.
- - End Of File - - 6CEE141EA99CA4FF62E884009F9192EB

cosinus 21.01.2013 14:30
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
File::
C:\pendmoves.exe
C:\movefile.exe
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:16 Uhr.

Copyright ©2000-2026, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58