ComboFix 08-09-10.02 - Admin 2008-09-11 7:48:23.2 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1031.18.704 [GMT 2:00] ausgeführt von:: C:\Dokumente und Einstellungen\Admin\Desktop\ComboFix.exe [color=red][b]Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !![/b][/color] . (((((((((((((((((((((((((((((((((((( Weitere L”schungen )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Dokumente und Einstellungen\Admin\Desktop\Error Cleaner.url C:\Dokumente und Einstellungen\Admin\Desktop\Privacy Protector.url C:\Dokumente und Einstellungen\Admin\Desktop\Spyware&Malware Protection.url C:\Dokumente und Einstellungen\Admin\Favoriten\Error Cleaner.url C:\Dokumente und Einstellungen\Admin\Favoriten\Privacy Protector.url C:\Dokumente und Einstellungen\Admin\Favoriten\Spyware&Malware Protection.url C:\WINDOWS\system32\HPqsutwa.ini C:\WINDOWS\system32\HPqsutwa.ini2 C:\Programme\PCHealthCenter\sc.html . . . . Nicht in der Lage zu löschen . ((((((((((((((((((((((( Dateien erstellt von 2008-08-11 bis 2008-09-11 )))))))))))))))))))))))))))))) . 2008-09-11 07:51 . 2008-09-11 07:51 d-------- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TmpRecentIcons 2008-09-11 06:42 . 2008-09-11 06:42 d-------- C:\Programme\CCleaner 2008-09-11 06:33 . 2008-09-11 06:33 d-------- C:\Programme\CleanUp! 2008-09-11 06:32 . 2008-09-11 06:32 d-------- C:\cyberJack Base Components 2008-09-10 22:38 . 2008-09-10 22:38 d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2008-09-10 18:46 . 2008-09-10 18:46 d-------- C:\WINDOWS\system32\NtmsData 2008-09-10 17:51 . 2008-09-10 17:51 322,048 --a------ C:\WINDOWS\system32\awtusqPH.dll 2008-09-10 17:50 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\system32\2.ico 2008-09-10 17:47 . 2008-09-10 17:47 88,878 --a------ C:\WINDOWS\system32\casino3.ico 2008-09-10 17:47 . 2008-09-10 17:47 88,878 --a------ C:\WINDOWS\system32\casino2.ico 2008-09-10 17:46 . 2008-09-10 17:47 88,878 --a------ C:\WINDOWS\system32\casino1.ico 2008-09-10 17:46 . 2008-09-08 17:32 3,262 --a------ C:\WINDOWS\system32\1.ico 2008-09-10 17:45 . 2008-09-10 17:46 d-------- C:\Programme\PCHealthCenter 2008-09-10 17:45 . 2008-09-10 15:51 385,024 --a------ C:\WINDOWS\vmgspntbofv.dll 2008-09-10 17:45 . 2008-09-10 15:51 294,912 --a------ C:\WINDOWS\dtseqrxk.dll 2008-09-10 17:45 . 2008-09-10 15:51 204,800 --a------ C:\WINDOWS\mgxfebsq.dll 2008-09-10 17:45 . 2008-09-10 15:51 188,416 --a------ C:\WINDOWS\fqbewlna.dll 2008-09-10 17:45 . 2008-09-10 15:51 94,208 --a------ C:\WINDOWS\mqgldfvo.exe 2008-09-10 17:45 . 2008-09-08 17:32 31,232 --a------ C:\x 2008-08-14 08:10 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-08-14 08:02 . 2008-06-24 18:42 74,240 --------- C:\WINDOWS\system32\dllcache\mscms.dll 2008-08-14 08:01 . 2008-07-07 22:26 253,952 --------- C:\WINDOWS\system32\dllcache\es.dll 2008-08-14 08:00 . 2008-06-26 10:12 1,499,136 --------- C:\WINDOWS\system32\dllcache\shdocvw.dll 2008-08-14 08:00 . 2008-06-26 10:12 620,544 --------- C:\WINDOWS\system32\dllcache\urlmon.dll 2008-08-14 08:00 . 2008-05-01 16:34 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-11 05:33 9,550 ----a-w C:\WINDOWS\system32\Fxxplfnt.tmp 2008-09-10 16:32 90,112 ----a-w C:\WINDOWS\DUMP3641.tmp 2008-08-05 12:25 --------- d-----w C:\Programme\Sun 2008-08-05 12:24 --------- d-----w C:\Programme\Java 2008-08-05 12:21 --------- d-----w C:\Programme\Gemeinsame Dateien\Java 2008-07-27 18:53 --------- d-----w C:\Programme\Google 2008-07-27 18:53 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2008-07-21 19:04 --------- d-----w C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\T-Online 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-17 13:41 --------- d-----w C:\Programme\StarMoney 6.0 2008-07-16 21:47 --------- d-----w C:\Programme\REINER SCT 2008-07-16 21:47 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cyberJack Base Components 2008-07-16 21:19 --------- d-----w C:\Programme\MSXML 4.0 2008-07-16 21:18 --------- d-----w C:\Programme\StarMoney 4.0 S-Edition 2008-07-15 09:57 --------- d-----w C:\Programme\Siemens Data Suite 2008-07-15 09:57 --------- d-----w C:\Programme\Gemeinsame Dateien\XCPCSync 2008-07-15 09:57 --------- d-----w C:\Programme\Gemeinsame Dateien\Siemens AG Shared 2008-07-14 16:56 --------- d-----w C:\Programme\Acer 2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:10 671,744 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-23 15:10 671,744 ------w C:\WINDOWS\system32\dllcache\wininet.dll 2008-06-23 15:10 3,088,384 ------w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:46 247,296 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-06-14 17:32 273,024 ------w C:\WINDOWS\system32\dllcache\bthport.sys 2000-01-07 09:53 696,320 ----a-w C:\Programme\Gemeinsame Dateien\XCMHook.dll 2000-01-06 13:57 24,576 ----a-w C:\Programme\Gemeinsame Dateien\XCPCMenu.exe . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8FB78543-B4AE-40C9-8366-4FE59CBA3288}] 2008-09-10 17:51 322048 --a------ C:\WINDOWS\system32\awtusqPH.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA3AF6A4-8AAE-468C-AE0C-FE212D350913}] 2008-09-10 15:51 385024 --a------ C:\WINDOWS\vmgspntbofv.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{A00C7A68-87B7-4CAE-9470-6B7CD75E4F23}"= "C:\WINDOWS\fqbewlna.dll" [2008-09-10 188416] [HKEY_CLASSES_ROOT\clsid\{a00c7a68-87b7-4cae-9470-6b7cd75e4f23}] [HKEY_CLASSES_ROOT\fqbewlna.1] [HKEY_CLASSES_ROOT\TypeLib\{F17AB739-89CD-4039-A7FC-7DE4903992CD}] [HKEY_CLASSES_ROOT\fqbewlna] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) "NoDispCPL"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoToolbarCustomize"= 1 (0x1) "StartMenuLogoff"= 1 (0x1) "NoStartMenuMorePrograms"= 1 (0x1) "NoSetFolders"= 1 (0x1) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "dtseqrxk"= {7CC35352-E8FA-4E3B-ACF3-C1ECA13989BB} - C:\WINDOWS\dtseqrxk.dll [2008-09-10 294912] "mgxfebsq"= {493C46BF-ECAC-49BC-9AB6-685053BBFE11} - C:\WINDOWS\mgxfebsq.dll [2008-09-10 204800] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\System32\\FXSCLNT.exe"= R1 bizVSerial;Franson VSerial;C:\WINDOWS\system32\drivers\bizVSerialNT.sys [2007-05-31 14949] R1 SMBHC;Microsoft SM Bus-Hostcontrollertreiber;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 6784] R2 AVM BT Connection Service;AVM BT Connection Service;C:\Programme\avmclient\avmbtservice.exe [2004-05-27 299087] R2 AvmObexService;AVM BT OBEX Service;C:\Programme\avmclient\AvmObexService.exe [2004-05-27 172032] R2 cjpcsc;cyberJack PC/SC COM Service ;C:\WINDOWS\system32\cjpcsc.exe [2008-01-07 652592] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-09-02 78208] R3 AVMBTPARALLEL;AVM Bluetooth Druckeranschluss;C:\WINDOWS\system32\DRIVERS\avmbtpar.sys [2004-05-27 60032] R3 AVMBTSERIAL;AVM Bluetooth Kommunikationsanschluss;C:\WINDOWS\system32\DRIVERS\avmbtser.sys [2004-05-27 61056] R3 AVMBTSND;AVM Bluetooth Audio Driver;C:\WINDOWS\system32\drivers\avmbtsnd.sys [2004-05-27 49664] R3 cjusb;REINER SCT cyberJack pinpad/e-com USB;C:\WINDOWS\system32\DRIVERS\cjusb.sys [2007-05-31 23040] R3 SMBBATT;Microsoft Smart Battery-Treiber;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2008-04-13 16000] S2 AVM BT PAN Service;AVM BT PAN Service;C:\Programme\avmclient\panapp.exe [2004-05-27 135229] S3 AVMCOWAN;AVM ISDN CoNDIS WAN CAPI Treiber;C:\WINDOWS\system32\DRIVERS\avmcowan.sys [2004-05-27 53120] S3 AVMWAN;AVM NDIS WAN CAPI-Treiber;C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 37568] S3 bfhubase;BlueFRITZ! USB 2.5(WinXP/2000);C:\WINDOWS\system32\DRIVERS\bfhubase.sys [2004-05-27 796192] S3 CAPI_CIP;AVM Bluetooth CAPI-Controller;C:\WINDOWS\system32\DRIVERS\capi_cip.sys [2004-05-27 374144] S3 fpcmbase;AVM ISDN-Controller FRITZ!Card PCMCIA;C:\WINDOWS\system32\DRIVERS\fpcmbase.sys [2001-08-17 441728] S3 NETBFPAN;AVM Bluetooth Netzwerkadapter;C:\WINDOWS\system32\DRIVERS\netbfpan.sys [2004-05-27 35914] S3 NETFRITZ;AVM FRITZ!web PPP over ISDN;C:\WINDOWS\system32\DRIVERS\NETFRITZ.SYS [ ] S3 NETFWDSL;AVM FRITZ!web DSL PPP;C:\WINDOWS\system32\DRIVERS\NETFWDSL.SYS [ ] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS [2003-09-22 179712] . . ------- Zus„tzlicher Scan ------- . FireFox -: Profile - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\7ruh001h.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://de.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-11 07:51:53 Windows 5.1.2600 Service Pack 3 FAT NTAPI Scanne versteckte Prozesse... Scanne versteckte Autostart Eintr„ge... Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC] "ImagePath"="system32\DRIVERS\ACPIEC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440] "ImagePath"="system32\DRIVERS\agp440.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\anbmService] "ImagePath"="C:\Acer\eManager\anbmServ.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Arp1394] "ImagePath"="system32\DRIVERS\arp1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller] "ImagePath"="%SystemRoot%\system32\Ati2evxx.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag] "ImagePath"="system32\DRIVERS\ati2mtag.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVM BT Connection Service] "ImagePath"="C:\Programme\avmclient\avmbtservice.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVM BT PAN Service] "ImagePath"="C:\Programme\avmclient\panapp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMBTPARALLEL] "ImagePath"="system32\DRIVERS\avmbtpar.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMBTSERIAL] "ImagePath"="system32\DRIVERS\avmbtser.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMBTSND] "ImagePath"="system32\drivers\avmbtsnd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMCOWAN] "ImagePath"="system32\DRIVERS\avmcowan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AvmObexService] "ImagePath"="C:\Programme\avmclient\AvmObexService.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVMWAN] "ImagePath"="system32\DRIVERS\avmwan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\b57w2k] "ImagePath"="system32\DRIVERS\b57xp32.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bcm4sbxp] "ImagePath"="system32\DRIVERS\bcm4sbxp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDFsDrv] "ImagePath"="\??\C:\Programme\Softwin\BitDefender10\bdfsdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BDRsDrv] "ImagePath"="\??\C:\Programme\Softwin\BitDefender10\bdrsdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bfhubase] "ImagePath"="system32\DRIVERS\bfhubase.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS] "ServiceDll"="%systemroot%\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bizVSerial] "ImagePath"="System32\drivers\bizVSerialNT.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Brother XP spl Service] "ImagePath"="C:\WINDOWS\system32\brsvc01a.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthEnum] "ImagePath"="system32\DRIVERS\BthEnum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthPan] "ImagePath"="system32\DRIVERS\bthpan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHPORT] "ImagePath"="System32\Drivers\BTHport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BthServ] "ServiceDll"="%SystemRoot%\System32\bthserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BTHUSB] "ImagePath"="System32\Drivers\BTHUSB.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CAMCAUD] "ImagePath"="system32\drivers\camcaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CAMCHALA] "ImagePath"="system32\drivers\camchal.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CAPI_CIP] "ImagePath"="system32\DRIVERS\capi_cip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme] "ImagePath"="\??\C:\DOKUME~1\Admin\LOKALE~1\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cjpcsc] "ImagePath"="C:\WINDOWS\system32\cjpcsc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cjusb] "ImagePath"="system32\DRIVERS\cjusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt] "ImagePath"="system32\DRIVERS\compbatt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp] "ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DKbFltr] "ImagePath"="System32\Drivers\DKbFltr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc] "ServiceDll"="%SystemRoot%\System32\dot3svc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost] "ServiceDll"="%SystemRoot%\System32\eapsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EpmPsd] "ImagePath"="\??\C:\WINDOWS\system32\drivers\epm-psd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EpmShd] "ImagePath"="\??\C:\WINDOWS\system32\drivers\epm-shd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem] "ServiceDll"="C:\WINDOWS\system32\es.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax] "ImagePath"="%systemroot%\system32\fxssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr] "ImagePath"="system32\drivers\fltmgr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fpcmbase] "ImagePath"="system32\DRIVERS\fpcmbase.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc] "ImagePath"="\"C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc] "ServiceDll"="%SystemRoot%\System32\kmsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWICH] "ImagePath"="system32\DRIVERS\HSFHWICH.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DP] "ImagePath"="system32\DRIVERS\HSF_DP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService] "ImagePath"="%systemroot%\system32\imapi.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde] "ImagePath"="system32\DRIVERS\intelide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm] "ImagePath"="system32\DRIVERS\intelppm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw] "ImagePath"="system32\drivers\ip6fw.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irda] "ImagePath"="system32\DRIVERS\irda.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Irmon] "ServiceDll"="%SystemRoot%\System32\irmon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid] "ImagePath"="system32\DRIVERS\kbdhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk] "ImagePath"="system32\DRIVERS\mdmxsdk.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc] "ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC] "ImagePath"="C:\WINDOWS\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer] "ImagePath"="%systemroot%\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent] "ServiceDll"="%SystemRoot%\System32\qagentrt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi] "ImagePath"="system32\DRIVERS\ndistapi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio] "ImagePath"="system32\DRIVERS\ndisuio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan] "ImagePath"="system32\DRIVERS\ndiswan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETBFPAN] "ImagePath"="system32\DRIVERS\netbfpan.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS] "ImagePath"="system32\DRIVERS\netbios.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT] "ImagePath"="system32\DRIVERS\netbt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32\netdde.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETFRITZ] "ImagePath"="system32\DRIVERS\NETFRITZ.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETFWDSL] "ImagePath"="system32\DRIVERS\NETFWDSL.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman] "ServiceDll"="%SystemRoot%\System32\netman.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIC1394] "ImagePath"="system32\DRIVERS\nic1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSCIRDA] "ImagePath"="system32\DRIVERS\nscirda.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIDrvr] "ImagePath"="system32\DRIVERS\NTIDrvr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS\nwlnkflt.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS\nwlnkfwd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose] "ImagePath"="\"C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE\"" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia] "ImagePath"="system32\DRIVERS\pcmcia.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pfc] "ImagePath"="system32\drivers\pfc.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport] "ImagePath"="system32\DRIVERS\raspptp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd] "ImagePath"="system32\DRIVERS\rasacd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32\rasauto.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasirda] "ImagePath"="system32\DRIVERS\rasirda.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp] "ImagePath"="system32\DRIVERS\rasl2tp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan] "ServiceDll"="%SystemRoot%\System32\rasmans.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe] "ImagePath"="system32\DRIVERS\raspppoe.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti] "ImagePath"="system32\DRIVERS\raspti.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss] "ImagePath"="system32\DRIVERS\rdbss.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr] "ImagePath"="C:\WINDOWS\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook] "ImagePath"="system32\DRIVERS\redbook.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RFCOMM] "ImagePath"="system32\DRIVERS\rfcomm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM] "ImagePath"="System32\Drivers\RootMdm.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs] "ServiceDll"="%SystemRoot%\System32\rpcss.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP] "ImagePath"="%SystemRoot%\system32\rsvp.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rtl8180] "ImagePath"="system32\DRIVERS\RTL8180.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort] "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMBBATT] "ImagePath"="system32\DRIVERS\SMBBATT.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMBHC] "ImagePath"="system32\DRIVERS\SMBHC.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice] "ServiceDll"="C:\WINDOWS\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv] "ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{608C8C61-E63D-400F-93F9-B81BE21A1F4D}" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP] "ImagePath"="system32\DRIVERS\SynTP.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32\tapisrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip] "ImagePath"="system32\DRIVERS\tcpip.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD] "ImagePath"="system32\DRIVERS\termdd.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService] "ServiceDll"="%SystemRoot%\System32\termsrv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tifm21] "ImagePath"="system32\drivers\tifm21.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32\trkwks.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usb] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci] "ImagePath"="system32\DRIVERS\usbuhci.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VxD] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w29n51] "ImagePath"="system32\DRIVERS\w29n51.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time] "ServiceDll"="%systemroot%\system32\w32time.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WHL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsf] "ImagePath"="system32\DRIVERS\HSF_CNXT.sys" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN] "ServiceDll"="C:\WINDOWS\system32\mspmsnsv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv] "ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv] "ServiceDll"="C:\WINDOWS\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{25AE98B2-8471-4A9A-913D-7D2A624E2F01}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{6B12240F-AF03-4FA2-B5F3-5BDFD6554391}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{86E354CB-6F94-4931-B1CF-AAB046E3F9AA}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{8BA1B0BE-954C-4C4D-AF37-E1E7FC44DB9D}] [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{D49138D6-31E3-4F51-90C0-795F024AD21A}] . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- Prozess: C:\WINDOWS\explorer.exe -> ?:\WINDOWS\system32\msi.dll . ------------------------ Weitere, laufende Prozesse ------------------------ . C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE C:\WINDOWS\SYSTEM32\BRSS01A.EXE C:\WINDOWS\SYSTEM32\SCARDSVR.EXE C:\PROGRAMME\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRAMME\SYNAPTICS\SYNTP\SYNTPLPR.EXE C:\PROGRAMME\SYNAPTICS\SYNTP\SYNTPENH.EXE C:\PROGRAM FILES\ARCADE\PCMSERVICE.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRAMME\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE C:\ACER\EPM\EPM-DM.EXE C:\PROGRAMME\LAUNCH MANAGER\QTZGACER.EXE C:\PROGRAMME\FREEPDF_XP\FPASSIST.EXE C:\PROGRAMME\ADOBE\READER 8.0\READER\READER_SL.EXE C:\PROGRAMME\AVMCLIENT\BLUEFRITZ.EXE C:\PROGRAMME\AVMCLIENT\AVMOBEX.EXE C:\PROGRAMME\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE C:\PROGRAMME\AVMCLIENT\AVMOBEX.EXE C:\Programme\Adobe\Acrobat 6.0\Distillr\acrotray.exe . ************************************************************************** . Zeit der Fertigstellung: 2008-09-11 7:54:57 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2008-09-11 05:54:54 ComboFix2.txt 2008-09-11 05:39:56 Pre-Run: 14 Verzeichnis(se), 16,593,944,576 Bytes frei Post-Run: 39 Verzeichnis(se), 16,578,609,152 Bytes frei 761 --- E O F --- 2008-08-14 07:12:54