Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: AVAST findet Bootkit?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.03.2011, 14:52   #1
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Hallo liebes TB-Team,
Ich habe vor ca. 1 Stunde von AVAST folgende Meldung erhalten

Weitere Logs sind im Anhang!
Bisher habe ich noch nix gelöscht, weder von AVAST noch von MBAM.
LG
Edit:
Vor ca. einer Minute kam noch folgendes:

Alt 07.03.2011, 19:00   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Hi,

die Funde von MBAM bitte alle löschen.
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________

__________________

Alt 07.03.2011, 19:15   #3
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



gut, gelöscht!
Weitere Logs:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5810

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19.02.2011 18:52:21
mbam-log-2011-02-19 (18-52-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 183739
Laufzeit: 38 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{2bd77c37-4540-43db-8d2f-bac58e7cfea4}\RP24\A0007094.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
         
und
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5831

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

21.02.2011 21:32:17
mbam-log-2011-02-21 (21-32-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 189690
Laufzeit: 41 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 760
Infizierte Registrierungswerte: 32
Infizierte Dateiobjekte der Registrierung: 7
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVWEBGRD.EXE (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe  (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[1].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[2].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[3].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[4].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install[5].exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MPFSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrt.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msfwsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MsMpEng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msseces.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OcHealthMon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexplorerv1.0.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\system32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winss.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssnotify.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WinSSUI.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Internet Security Essentials (Rogue.InternetSecurityEssentials) -> Value: Internet Security Essentials -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://findgala.com/?&uid=284&q={searchTerms}) Good: (hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\Matthias\anwendungsdaten\fqollm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{2bd77c37-4540-43db-8d2f-bac58e7cfea4}\RP28\A0008830.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Matthias\Desktop\internet security essentials.lnk (Rogue.InternetSecurityEssentials) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Matthias\anwendungsdaten\microsoft\internet explorer\quick launch\internet security essentials.lnk (Rogue.InternetSecurityEssentials) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Matthias\startmenü\programme\internet security essentials.lnk (Rogue.InternetSecurityEssentials) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\Matthias\startmenü\internet security essentials.lnk (Rogue.InternetSecurityEssentials) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\6177b3\is617_284.exe (Rogue.InternetSecurityEssentials) -> Quarantined and deleted successfully.
         
Bin dann nach der Anleitung vorgegangen: http://www.trojaner-board.de/82597-s...entfernen.html
Hatte danach auch keine Probleme mehr.
Der Post war 3000 Zeichen zu lang, deswegen habe ich den 2. MBAM-Log ein bisschen gekürzt.

Aber seit 1-2 Tagen werde ich manchmal auf andere Webseiten umgeleitet, hier ein paar Beispiele:
hxxp://img508.imageshack.us/i/20110307181543.png/
hxxp://img42.imageshack.us/i/20110307181822.png/
hxxp://img850.imageshack.us/i/20110307182332.png/
hxxp://img18.imageshack.us/i/20110307191030.png/
Was soll ich mit der Meldung von AVAST machen?
Grüße,
Matthias
__________________

Alt 07.03.2011, 20:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Zitat:
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
TuneUp zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de


Wie ich auch sehe, hast du letztens, vor ca. 3 Wochen, combofix ausgeführt. Bitte das Log auch posten.

Anschließend:
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25495
[2011.03.06 22:56:44 | 000,127,190 | ---- | M] () -- C:\WINDOWS\System32\-_r9S8AmgmTL6C.exe
[2011.02.24 20:53:50 | 002,115,584 | ---- | M] () -- C:\WINDOWS\System32\K-__ZMqu8ar.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.03.2011, 20:30   #5
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Zitat:
Zitat von cosinus Beitrag anzeigen
TuneUp zieht sich - warum auch immer - fast durchgängig durch alle Logs hier, warum weiß ich nicht, denn TuneUp ist eigentlich der letzte Schrott
Kommt immer drauf an, was man damit macht
ComboFix:
Code:
ATTFilter
ComboFix 11-03-06.01 - Matthias 06.03.2011  23:50:01.3.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1100 [GMT 1:00]
ausgeführt von:: c:\downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20110227.txt
c:\dokumente und einstellungen\Matthias\Lokale Einstellungen\Temporary Internet Files\CHaL_ND
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-06 bis 2011-03-06  ))))))))))))))))))))))))))))))
.
.
2011-02-16 14:40 . 2008-05-21 11:19	1048576	----a-w-	C:\T20.BIN
2011-02-16 14:37 . 2011-02-16 14:37	--------	d-----w-	C:\Intel
2011-02-16 13:50 . 2011-03-06 22:31	--------	d-----w-	C:\Downloads
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 17:56 . 2008-12-08 20:07	219136	----a-w-	c:\windows\system32\uxtheme.dll
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\system32\MASetupCleaner.exe
2011-01-29 16:00 . 2011-01-29 16:00	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00	974848	----a-w-	c:\windows\system32\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00	81920	----a-w-	c:\windows\system32\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	65536	----a-w-	c:\windows\system32\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\system32\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	569344	----a-w-	c:\windows\system32\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00	491520	----a-w-	c:\windows\system32\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00	49152	----a-w-	c:\windows\system32\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\system32\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\system32\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\system32\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\system32\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00	352256	----a-w-	c:\windows\system32\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00	258048	----a-w-	c:\windows\system32\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	245760	----a-w-	c:\windows\system32\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	200704	----a-w-	c:\windows\system32\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00	155648	----a-w-	c:\windows\system32\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	143360	----a-w-	c:\windows\system32\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00	135168	----a-w-	c:\windows\system32\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00	131072	----a-w-	c:\windows\system32\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	122880	----a-w-	c:\windows\system32\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00	118784	----a-w-	c:\windows\system32\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00	110592	----a-w-	c:\windows\system32\muzmp4sp.ax
2011-01-21 14:44 . 2003-04-02 11:00	8503296	----a-w-	c:\windows\system32\shell32_original.dll
2011-01-21 14:44 . 2003-04-02 11:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 11:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 11:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 11:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-02 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-02 11:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-02 11:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 22:14 . 2010-12-20 22:14	81920	------w-	c:\windows\system32\ieencode.dll
2010-12-20 17:25 . 2003-04-02 11:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2003-04-02 11:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2003-04-02 11:00	2195072	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2002-08-29 03:41	2071680	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2003-04-02 11:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
.
.
------- Sigcheck -------
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot_2011-02-23_18.08.15   )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 00:19 . 2007-11-07 00:19	54272              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	46592              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90kor.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	47104              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90jpn.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	59392              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90ita.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	60416              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90fra.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	59392              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esp.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	59392              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90esn.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	54272              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90enu.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	60928              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90deu.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	41984              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90cht.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	41472              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_11f3ea3a\mfc90chs.dll
+ 2007-11-06 21:51 . 2007-11-06 21:51	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90u.dll
+ 2007-11-06 21:51 . 2007-11-06 21:51	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfcm90.dll
+ 2011-03-06 22:45 . 2011-03-06 22:45	16384              c:\windows\Temp\Perflib_Perfdata_1ac.dat
+ 2011-02-26 20:22 . 2011-02-18 12:05	29504              c:\windows\system32\uxtuneup.dll
- 2011-02-19 18:24 . 2010-12-14 13:00	29504              c:\windows\system32\uxtuneup.dll
+ 2011-02-19 18:24 . 2011-02-18 12:10	31552              c:\windows\system32\TURegOpt.exe
- 2011-02-19 18:24 . 2010-12-14 13:05	31552              c:\windows\system32\TURegOpt.exe
+ 2011-03-03 20:01 . 2010-12-14 17:51	41984              c:\windows\system32\ReinstallBackups\0001\DriverFiles\usbaapl.sys
- 2003-04-02 11:00 . 2011-02-16 12:47	75660              c:\windows\system32\perfc009.dat
+ 2003-04-02 11:00 . 2011-03-06 13:36	75660              c:\windows\system32\perfc009.dat
+ 2011-03-03 20:01 . 2011-02-18 15:36	41984              c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaapl.sys
- 2011-02-15 20:02 . 2010-12-14 17:51	41984              c:\windows\system32\drivers\usbaapl.sys
+ 2011-02-15 20:02 . 2011-02-18 15:36	41984              c:\windows\system32\drivers\usbaapl.sys
+ 2010-04-12 08:44 . 2010-04-12 08:44	59388              c:\windows\system32\drivers\scdemu.sys
+ 2011-02-24 20:08 . 2011-02-23 14:55	49240              c:\windows\system32\drivers\aswTdi.sys
+ 2011-02-24 20:08 . 2011-02-23 14:55	25432              c:\windows\system32\drivers\aswRdr.sys
+ 2011-02-24 20:08 . 2011-02-23 14:55	96344              c:\windows\system32\drivers\aswmon.sys
+ 2011-02-24 20:08 . 2011-02-23 14:54	19544              c:\windows\system32\drivers\aswFsBlk.sys
+ 2011-02-24 20:08 . 2011-02-23 14:54	30680              c:\windows\system32\drivers\aavmker4.sys
+ 2010-12-14 13:00 . 2010-12-14 13:00	29504              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\uxtuneupx86.dll
+ 2010-12-14 13:00 . 2010-12-14 13:00	11584              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\tux64thk.exe
+ 2010-12-14 13:05 . 2010-12-14 13:05	57664              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUUnInstallHelper.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	59712              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TURatingSynch.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	85824              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUMessages.exe
+ 2010-12-14 13:01 . 2010-12-14 13:01	29504              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\SDShelEx86.dll
+ 2010-12-14 13:06 . 2010-12-14 13:06	15680              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RegistryDefragHelper.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	33088              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\PMLauncher.exe
+ 2010-12-14 13:01 . 2010-12-14 13:01	25920              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\DseShExtx86.dll
+ 2010-12-14 13:05 . 2010-12-14 13:05	31552              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\C_TURegOpt.exe
+ 2010-12-14 13:00 . 2010-12-14 13:00	21312              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\authuitu_x86.dll
+ 2011-02-24 20:08 . 2011-02-23 15:04	40648              c:\windows\avastSS.scr
+ 2011-03-01 21:07 . 2001-08-18 03:53	8192              c:\windows\system32\kbdkor.dll
+ 2011-03-01 21:07 . 2001-08-18 03:53	8704              c:\windows\system32\kbdjpn.dll
+ 2011-03-01 21:07 . 2008-04-14 06:50	6144              c:\windows\system32\kbd106.dll
+ 2011-03-01 21:07 . 2001-08-17 13:55	5632              c:\windows\system32\kbd103.dll
+ 2011-03-01 21:07 . 2001-08-17 13:55	6144              c:\windows\system32\kbd101c.dll
+ 2011-03-01 21:07 . 2001-08-17 13:55	6144              c:\windows\system32\kbd101b.dll
+ 2011-02-27 13:56 . 2011-02-27 13:56	7168              c:\windows\system32\drivers\uti3ndu1.sys
+ 2011-03-01 21:07 . 2001-08-18 03:53	8192              c:\windows\system32\dllcache\kbdkor.dll
+ 2011-03-01 21:07 . 2001-08-18 03:53	8704              c:\windows\system32\dllcache\kbdjpn.dll
+ 2011-03-01 21:07 . 2008-04-14 06:50	6144              c:\windows\system32\dllcache\kbd106.dll
+ 2011-03-01 21:07 . 2001-08-17 13:55	5632              c:\windows\system32\dllcache\kbd103.dll
+ 2011-03-01 21:07 . 2001-08-17 13:55	6144              c:\windows\system32\dllcache\kbd101c.dll
+ 2011-03-01 21:07 . 2001-08-17 13:55	6144              c:\windows\system32\dllcache\kbd101b.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	161784              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_312cf0e9\atl90.dll
+ 2003-04-02 11:00 . 2011-03-06 13:36	472566              c:\windows\system32\perfh009.dat
- 2003-04-02 11:00 . 2011-02-16 12:47	472566              c:\windows\system32\perfh009.dat
+ 2003-04-02 11:00 . 2011-03-06 13:36	517066              c:\windows\system32\perfh007.dat
- 2003-04-02 11:00 . 2011-02-16 12:47	517066              c:\windows\system32\perfh007.dat
+ 2003-04-02 11:00 . 2011-03-06 13:36	100516              c:\windows\system32\perfc007.dat
- 2003-04-02 11:00 . 2011-02-16 12:47	100516              c:\windows\system32\perfc007.dat
+ 2011-03-02 17:53 . 2011-03-02 17:53	235168              c:\windows\system32\Macromed\Flash\FlashUtil10n_Plugin.exe
+ 2011-03-01 21:09 . 2011-03-01 21:09	234656              c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
+ 2011-03-01 21:09 . 2011-03-01 21:09	311456              c:\windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.dll
+ 2011-02-24 20:08 . 2011-02-23 14:56	301528              c:\windows\system32\drivers\aswSP.sys
+ 2011-02-24 20:08 . 2011-02-23 14:56	371544              c:\windows\system32\drivers\aswSnx.sys
+ 2011-02-24 20:08 . 2011-02-23 14:55	102232              c:\windows\system32\drivers\aswmon2.sys
+ 2011-02-24 20:08 . 2011-02-23 15:04	190016              c:\windows\system32\aswBoot.exe
+ 2011-03-06 21:56 . 2011-03-06 21:56	127190              c:\windows\system32\-_r9S8AmgmTL6C.exe
+ 2011-03-01 21:00 . 2011-03-01 21:00	228352              c:\windows\Installer\f377e8.msi
+ 2011-03-04 15:29 . 2011-03-04 15:29	970240              c:\windows\Installer\859ddd.msi
+ 2011-02-18 12:17 . 2011-02-18 12:17	747520              c:\windows\Installer\147e6ba.msp
+ 2011-03-03 20:01 . 2011-03-03 20:01	811520              c:\windows\Installer\1437365.msi
+ 2011-03-03 20:04 . 2011-03-03 20:04	380928              c:\windows\Installer\{1B343C8C-F170-4829-8481-E163317C5830}\iTunesIco.exe
+ 2010-12-14 13:07 . 2010-12-14 13:07	370712              c:\windows\Installer\$PatchCache$\Managed\AA06C4D56E48A1E4A8869679D083B71E\10.0.3000\ProductInfo.dat
+ 2010-12-14 13:06 . 2010-12-14 13:06	922944              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\WinStyler.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	256320              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\UpdateWizard.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	253760              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\UninstallManager.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	191296              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\Undelete.exe
+ 2010-12-14 13:05 . 2010-12-14 13:05	544064              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUSqlDB32.dll
+ 2010-12-14 13:06 . 2010-12-14 13:06	113984              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TurboConfig.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	241984              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TuneUpSystemStatusCheck.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	214848              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUInstallHelper.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	163648              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUAutoUpdateCheck.exe
+ 2010-12-14 13:05 . 2010-12-14 13:05	179008              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUAnalyzeInfo.dll
+ 2010-12-14 13:06 . 2010-12-14 13:06	271680              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\SystemInformation.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	104256              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\SystemControl.exe
+ 2010-12-14 13:05 . 2010-12-14 13:05	123200              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\Stiderc.dll
+ 2010-12-14 13:06 . 2010-12-14 13:06	488768              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\StartupOptimizer.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	317248              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\StartUpManager.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	135488              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\Shredder.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	227136              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\ShortcutCleaner.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	168256              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RescueCenter.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	127808              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\Report.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	131904              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RepairWizard.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	137024              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RegWiz.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	298816              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RegistryEditor.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	173376              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RegistryDefrag.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	289088              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\RegistryCleaner.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	325952              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\ProgramDeactivator.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	347968              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\ProcessManager.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	528192              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\PerformanceOptimizer.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	140096              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\OneClickStarter.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	584512              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\OneClick.exe
+ 2010-12-14 13:05 . 2010-12-14 13:05	177472              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\MsStyles.dll
+ 2010-12-14 13:06 . 2010-12-14 13:06	211264              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\LiveOptimizer.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	238912              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\DriveDefrag.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	416576              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\DiskExplorer.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	120640              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\DiskDoctor.exe
+ 2007-11-07 00:19 . 2007-11-07 00:19	1162744              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90u.dll
+ 2007-11-07 00:19 . 2007-11-07 00:19	1156600              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_a173767a\mfc90.dll
+ 2011-02-15 20:02 . 2011-02-18 15:36	4184352              c:\windows\system32\usbaaplrc.dll
- 2011-02-15 20:02 . 2010-12-14 17:51	4184352              c:\windows\system32\usbaaplrc.dll
+ 2011-03-03 20:01 . 2010-12-14 17:51	4184352              c:\windows\system32\ReinstallBackups\0001\DriverFiles\usbaaplrc.dll
- 2011-02-16 14:46 . 2011-02-16 14:46	6053536              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-02-16 14:46 . 2011-03-02 17:53	6053536              c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2011-02-24 19:53 . 2011-02-24 19:53	2115584              c:\windows\system32\K-__ZMqu8ar.dll
+ 2011-03-03 20:01 . 2011-02-18 15:36	4184352              c:\windows\system32\DRVSTORE\usbaapl_05A32DBD3911A2EF4222EF5BE7BB535FAB37D6C4\usbaaplrc.dll
+ 2011-02-25 19:25 . 2011-02-25 19:25	1094656              c:\windows\Installer\dda95f.msi
+ 2011-02-18 12:17 . 2011-02-18 12:17	1092096              c:\windows\Installer\147e5cf.msp
+ 2011-03-03 20:04 . 2011-03-03 20:04	6247424              c:\windows\Installer\1437c57.msi
+ 2011-03-03 20:01 . 2011-03-03 20:01	3085312              c:\windows\Installer\14373b2.msi
+ 2010-12-14 13:06 . 2010-12-14 13:06	1132864              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\SilentUpdater.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	1049920              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\Integrator.exe
+ 2010-12-14 13:06 . 2010-12-14 13:06	11563663              c:\windows\Installer\$PatchCache$\Managed\65263042BDFB3DC4EBA83A6D61F0E261\10.0.3000\TUData.dat
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10af03d2-2f08-f172-4e03-cc9ffd152314}]
2011-02-24 19:53	2115584	----a-w-	c:\windows\system32\K-__ZMqu8ar.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04	122512	----a-w-	c:\programme\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\programme\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-11-06 14:39	69632	----a-w-	c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46	166912	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46	134656	----a-w-	c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-03-01 20:45	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\programme\Samsung\Kies\KiesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\programme\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46	135680	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2010-04-12 08:40	180224	----a-w-	c:\programme\PowerISO\PWRISOVM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-06 14:40	16384512	----a-w-	c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-06 14:40	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [24.02.2011 21:08 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.02.2011 21:08 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.02.2011 21:08 19544]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [16.02.2011 18:38 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [16.02.2011 18:38 389120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.02.2011 13:08 1517376]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2011 15:35 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
S0 lgca;lgca;c:\windows\system32\drivers\wfpjwgg.sys --> c:\windows\system32\drivers\wfpjwgg.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [16.02.2011 18:28 474880]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [16.02.2011 19:32 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [16.02.2011 19:32 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [16.02.2011 19:32 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [16.02.2011 19:32 100352]
S3 uti3ndu1;AVZ Kernel Driver;c:\windows\system32\drivers\uti3ndu1.sys [27.02.2011 14:56 7168]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 12:00 14336]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]
S4 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25495
FF - ProfilePath - c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Mignet Assistant Service: {83b63cbd-cea5-49e9-5583-baf19ba6c61c} - c:\programme\Mozilla Firefox\extensions\{83b63cbd-cea5-49e9-5583-baf19ba6c61c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
FF - Ext: avast! WebRep: wrc@avast.com - c:\programme\AVAST Software\Avast\WebRep\FF
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-07 00:29
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: FUJITSU_ rev.0040 -> Harddisk0\DR0 -> \Device\Ide\iaStor0 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: TUKERNEL.EXE catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8981C439]<< 
c:\dokume~1\Matthias\LOKALE~1\Temp\catchme.sys  
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x898227b8]; MOV EAX, [0x89822834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 TUKERNEL!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x89868868]
3 CLASSPNP[0xF7637FD7] -> TUKERNEL!IofCallDriver[0x804E37D5] -> \Device\00000072[0x8980A9E8]
5 ACPI[0xF75AD620] -> TUKERNEL!IofCallDriver[0x804E37D5] -> [0x89833028]
\Driver\iaStor[0x89895F38] -> IRP_MJ_CREATE -> 0x8981C439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskFUJITSU_MHW2080BH_PL____________________0040001D#4&18a8a25f&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!! 
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-03-07  00:43:56
ComboFix-quarantined-files.txt  2011-03-06 23:43
ComboFix2.txt  2011-02-23 18:11
ComboFix3.txt  2011-02-17 15:27
.
Vor Suchlauf: 9 Verzeichnis(se), 56.437.260.288 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 56.506.015.744 Bytes frei
.
- - End Of File - - 78EB7EDD5403D19FB8E48F4DA49C7135
         
OTL wird auch gleich gemacht.
Jetzt habe ich aber immernoch dieses blöde Avast-fenster offen, was soll damit gemacht werden? -erstmal ignorieren?
Schonmal danke für deine Hilfe!
LG
EDIT:
OTL-Log
Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\WINDOWS\system32\-_r9S8AmgmTL6C.exe moved successfully.
C:\WINDOWS\system32\K-__ZMqu8ar.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: Matthias
->Temp folder emptied: 41208 bytes
->Temporary Internet Files folder emptied: 1676860 bytes
->Java cache emptied: 37326 bytes
->FireFox cache emptied: 91826347 bytes
->Flash cache emptied: 1849 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 63772186 bytes
->Flash cache emptied: 28867 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1119649 bytes
%systemroot%\System32 .tmp files removed: 2833287 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41955 bytes
RecycleBin emptied: 1178892 bytes
 
Total Files Cleaned = 155,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 03072011_203243

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLV6XNRQ\search[3].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLV6XNRQ\search[5].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\SLV6XNRQ\search[6].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AS8OOOZ5\search[1].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5M40BWAL\search[2].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\5M40BWAL\search[4].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4H12S6QI\search[3].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0BOV5QA6\search[4].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0BOV5QA6\search[5].txt moved successfully.
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\0BOV5QA6\search[6].txt moved successfully.
File move failed. C:\WINDOWS\System32\tmp.tmp scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\_asw_aisI.tm~a06568\setup.lok not found!

Registry entries deleted on Reboot...
         


Geändert von matthias2619 (07.03.2011 um 20:37 Uhr)

Alt 07.03.2011, 20:48   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Zitat:
ComboFix 11-03-06.01 - Matthias 06.03.2011 23:50:01.3.1 - x86
Wieso ist denn das von gestern wo du CF offensichtlich schon Mitte Februar ausgeührt hast?
__________________
--> AVAST findet Bootkit?

Alt 07.03.2011, 20:59   #7
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



wenn man CF ein weiteres ausführt überschreibt er den Log vom vorigen Scan.
Kann man den ersten Log noch irgendwo herbekomen?

oh ok seh grad im ordner qoobox sind noch logs.

16. februar
Code:
ATTFilter
ComboFix 11-02-16.05 - Matthias 17.02.2011  16:19:43.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1116 [GMT 1:00]
ausgeführt von:: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\programme\facemoods.com
c:\programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoods.crx
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoods.png
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsApp.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsEng.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
c:\programme\facemoods.com\facemoods\1.4.17.5\uninstall.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\pthreadVC.dll

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-17 bis 2011-02-17  ))))))))))))))))))))))))))))))
.

2011-02-16 14:40 . 2008-05-21 11:19	1048576	----a-w-	C:\T20.BIN
2011-02-16 14:37 . 2011-02-16 14:37	--------	d-----w-	C:\Intel
2011-02-16 13:50 . 2011-02-17 15:07	--------	d-----w-	C:\Downloads

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2003-04-02 11:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 11:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 11:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 11:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-02 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-02 11:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-02 11:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 22:14 . 2010-12-20 22:14	81920	------w-	c:\windows\system32\ieencode.dll
2010-12-20 17:25 . 2003-04-02 11:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2003-04-02 11:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2003-04-02 11:00	2195072	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2002-08-29 03:41	2071680	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2003-04-02 11:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3qfe\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3gdr\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-02 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-11-06 14:39	69632	----a-w-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46	166912	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46	134656	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\programme\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\programme\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46	135680	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-06 14:40	16384512	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-06 14:40	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44	248552	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.02.2011 14:50 135336]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [16.02.2011 18:38 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [16.02.2011 18:38 389120]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [16.02.2011 18:28 474880]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2011 15:35 342784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\programme\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll
MSConfigStartUp-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe
AddRemove-facemoods - c:\programme\facemoods.com\facemoods\1.4.17.5\uninstall.exe
AddRemove-01_Simmental - c:\programme\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\programme\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\programme\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\programme\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\programme\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\programme\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\programme\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\programme\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\programme\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\programme\Samsung\USB Drivers\25_escape\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-17 16:25
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-02-17  16:27:55
ComboFix-quarantined-files.txt  2011-02-17 15:27

Vor Suchlauf: 9 Verzeichnis(se), 62.229.905.408 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 62.498.902.016 Bytes frei

WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

- - End Of File - - 94F64D78A3504CDAFD1C85E1AAAC5321
         
23. februar
Code:
ATTFilter
ComboFix 11-02-23.01 - Matthias 23.02.2011  19:02:44.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1527.1019 [GMT 1:00]
ausgeführt von:: c:\downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CFLog
c:\cflog\CrashLog_20110221.txt
c:\cflog\CrashLog_20110223.txt
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\4356.mof
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\5242bc9f8153e3f61c50ea1d26214bb5.ocx
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\ISE.ico
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\ISESys\VDAI.ntf
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\mozcrt19.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\rgzvbd7tm9q01g8z6gi1u8v7tm9q01ungcvn.dll
c:\dokumente und einstellungen\All Users\Anwendungsdaten\6177b3\sqlite3.dll
c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Internet Security Essentials
c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Internet Security Essentials\Instructions.ini

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-23 bis 2011-02-23  ))))))))))))))))))))))))))))))
.

2011-02-23 17:10 . 2011-02-23 17:24	--------	d-----w-	C:\pebuilder3110a
2011-02-16 14:40 . 2008-05-21 11:19	1048576	----a-w-	C:\T20.BIN
2011-02-16 14:37 . 2011-02-16 14:37	--------	d-----w-	C:\Intel
2011-02-16 13:50 . 2011-02-23 17:51	--------	d-----w-	C:\Downloads

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 17:56 . 2008-12-08 20:07	219136	----a-w-	c:\windows\system32\uxtheme.dll
2011-01-21 14:44 . 2003-04-02 11:00	8503296	----a-w-	c:\windows\system32\shell32_original.dll
2011-01-21 14:44 . 2003-04-02 11:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2003-04-02 11:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2010-12-31 14:03 . 2003-04-02 11:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2003-04-02 11:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2003-04-02 11:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2003-04-02 11:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2003-04-02 11:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 22:14 . 2010-12-20 22:14	81920	------w-	c:\windows\system32\ieencode.dll
2010-12-20 17:25 . 2003-04-02 11:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2003-04-02 11:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2003-04-02 11:00	2195072	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 15:13 . 2002-08-29 03:41	2071680	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 14:29 . 2003-04-02 11:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2010-11-29 16:38 . 2010-11-29 16:38	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38	69632	----a-w-	c:\windows\system32\QuickTime.qts
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3qfe\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3gdr\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2003-04-02 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
.
(((((((((((((((((((((((((((((   SnapShot@2011-02-17_15.25.35   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-06 06:13 . 2006-11-06 06:13	98304              c:\windows\twain_32\MX310 series\softfare.dll
+ 2006-01-12 04:22 . 2006-01-12 04:22	73728              c:\windows\twain_32\MX310 series\RSTCOL.DLL
+ 2007-04-06 01:03 . 2007-04-06 01:03	39232              c:\windows\twain_32\MX310 series\IPM.DAT
+ 2006-07-31 05:17 . 2006-07-31 05:17	53248              c:\windows\twain_32\MX310 series\IJFSHLIB.DLL
+ 2006-04-13 05:43 . 2006-04-13 05:43	53248              c:\windows\twain_32\MX310 series\HSL.DLL
+ 2007-03-08 00:23 . 2007-03-08 00:23	49224              c:\windows\twain_32\MX310 series\CNC310P.DAT
+ 2007-02-02 07:31 . 2007-02-02 07:31	86016              c:\windows\twain_32\MX310 series\CAPS.DLL
+ 2005-04-15 05:34 . 2005-04-15 05:34	57344              c:\windows\twain_32\MX310 series\BaLCo.dll
+ 2006-11-29 04:39 . 2006-11-29 04:39	73728              c:\windows\twain_32\MX310 series\AG.DLL
+ 2011-02-23 18:00 . 2011-02-23 18:00	16384              c:\windows\Temp\Perflib_Perfdata_1a4.dat
+ 2011-02-19 18:24 . 2010-12-14 13:00	29504              c:\windows\system32\uxtuneup.dll
+ 2011-02-19 18:24 . 2010-12-14 13:05	31552              c:\windows\system32\TURegOpt.exe
+ 2011-02-20 20:39 . 2007-04-15 19:00	69632              c:\windows\system32\spool\prtprocs\w32x86\CNMPP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	27136              c:\windows\system32\spool\prtprocs\w32x86\CNMPD8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMW38Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	13824              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMVS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	76288              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	44032              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSQ8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 22:18	17496              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSE8Z.EXE
+ 2011-02-20 20:39 . 2007-04-15 19:00	47616              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSD8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	12288              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMPI8Z.DLL
+ 2011-02-20 20:39 . 2000-12-12 07:09	30320              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMP28Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	27140              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMP18Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	23280              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMP08Z.DAT
+ 2011-02-20 20:39 . 2007-04-15 19:00	27136              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMOP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	10240              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMFU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	98816              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMCP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMBU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	33280              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMBS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMBM8Z.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdUS.DLL
+ 2007-04-27 23:19 . 2007-04-27 23:19	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdTR.DLL
+ 2007-04-28 00:42 . 2007-04-28 00:42	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdTH.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdRU.DLL
+ 2007-05-14 06:09 . 2007-05-14 06:09	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdPL.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdNL.DLL
+ 2007-04-28 00:13 . 2007-04-28 00:13	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdKR.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	69632              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdIT.DLL
+ 2007-04-28 22:55 . 2007-04-28 22:55	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdHU.DLL
+ 2007-05-11 03:46 . 2007-05-11 03:46	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdGR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdFR.DLL
+ 2007-05-11 01:31 . 2007-05-11 01:31	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	77824              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdCZ.DLL
+ 2007-04-27 07:16 . 2007-04-27 07:16	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	73728              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFCdAR.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	37376              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCF2Ud.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	24064              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCF2Md.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	38912              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCF2Gd.DLL
+ 2007-04-25 09:03 . 2007-04-25 09:03	98304              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAABd.EXE
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\3\CNMW38Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	13824              c:\windows\system32\spool\drivers\w32x86\3\CNMVS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	76288              c:\windows\system32\spool\drivers\w32x86\3\CNMSR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	44032              c:\windows\system32\spool\drivers\w32x86\3\CNMSQ8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 22:18	17496              c:\windows\system32\spool\drivers\w32x86\3\CNMSE8Z.EXE
+ 2011-02-20 20:39 . 2007-04-15 19:00	47616              c:\windows\system32\spool\drivers\w32x86\3\CNMSD8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	12288              c:\windows\system32\spool\drivers\w32x86\3\CNMPI8Z.DLL
+ 2011-02-20 20:39 . 2000-12-12 07:09	30320              c:\windows\system32\spool\drivers\w32x86\3\CNMP28Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	27140              c:\windows\system32\spool\drivers\w32x86\3\CNMP18Z.DAT
+ 2011-02-20 20:39 . 2000-12-12 01:10	23280              c:\windows\system32\spool\drivers\w32x86\3\CNMP08Z.DAT
+ 2011-02-20 20:39 . 2007-04-15 19:00	27136              c:\windows\system32\spool\drivers\w32x86\3\CNMOP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	10240              c:\windows\system32\spool\drivers\w32x86\3\CNMFU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	98816              c:\windows\system32\spool\drivers\w32x86\3\CNMCP8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\3\CNMBU8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	33280              c:\windows\system32\spool\drivers\w32x86\3\CNMBS8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	11264              c:\windows\system32\spool\drivers\w32x86\3\CNMBM8Z.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdUS.DLL
+ 2007-04-27 23:19 . 2007-04-27 23:19	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdTR.DLL
+ 2007-04-28 00:42 . 2007-04-28 00:42	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdTH.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdRU.DLL
+ 2007-05-14 06:09 . 2007-05-14 06:09	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdPL.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdNL.DLL
+ 2007-04-28 00:13 . 2007-04-28 00:13	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdKR.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	69632              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdIT.DLL
+ 2007-04-28 22:55 . 2007-04-28 22:55	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdHU.DLL
+ 2007-05-11 03:46 . 2007-05-11 03:46	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdGR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdFR.DLL
+ 2007-05-11 01:31 . 2007-05-11 01:31	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	77824              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdCZ.DLL
+ 2007-04-27 07:16 . 2007-04-27 07:16	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	73728              c:\windows\system32\spool\drivers\w32x86\3\CNCFCdAR.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	37376              c:\windows\system32\spool\drivers\w32x86\3\CNCF2Ud.dll
+ 2007-04-25 09:09 . 2007-04-25 09:09	24064              c:\windows\system32\spool\drivers\w32x86\3\CNCF2Md.DLL
+ 2007-04-25 09:09 . 2007-04-25 09:09	38912              c:\windows\system32\spool\drivers\w32x86\3\CNCF2Gd.dll
+ 2007-04-25 09:03 . 2007-04-25 09:03	98304              c:\windows\system32\spool\drivers\w32x86\3\CNCAABd.EXE
+ 2011-02-22 14:20 . 2008-04-14 06:52	28160              c:\windows\system32\irmon.dll
+ 2011-02-20 20:38 . 2008-04-13 23:15	15104              c:\windows\system32\drivers\usbscan.sys
+ 2011-02-20 20:38 . 2008-04-13 23:17	25856              c:\windows\system32\drivers\usbprint.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12288              c:\windows\system32\drivers\sscewhnt.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12288              c:\windows\system32\drivers\sscewh.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	14848              c:\windows\system32\drivers\sscemdfl.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12416              c:\windows\system32\drivers\sscecmnt.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	12416              c:\windows\system32\drivers\sscecm.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	98560              c:\windows\system32\drivers\sscebus.sys
+ 2011-02-20 20:38 . 2008-04-13 23:15	15104              c:\windows\system32\dllcache\usbscan.sys
+ 2011-02-20 20:38 . 2008-04-13 23:17	25856              c:\windows\system32\dllcache\usbprint.sys
+ 2011-02-22 14:20 . 2008-04-14 06:52	28160              c:\windows\system32\dllcache\irmon.dll
+ 2007-03-23 06:29 . 2007-03-23 06:29	98304              c:\windows\system32\CNC310I.DLL
+ 2011-02-19 18:23 . 2011-02-19 18:23	26112              c:\windows\Installer\189aaa.msi
+ 2011-02-20 11:44 . 2010-02-03 12:04	95344              c:\windows\Auslogics Disk Defrag Screensaver\helper.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	33392              c:\windows\Auslogics Disk Defrag Screensaver\DiskDefragCpp.dll
+ 2007-01-26 05:44 . 2007-01-26 05:44	4608              c:\windows\twain_32\MX310 series\USDRESUS.DLL
+ 2007-04-27 23:39 . 2007-04-27 23:39	4608              c:\windows\twain_32\MX310 series\USDRESTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	4608              c:\windows\twain_32\MX310 series\USDRESTR.DLL
+ 2007-05-31 06:17 . 2007-05-31 06:17	4608              c:\windows\twain_32\MX310 series\USDRESTH.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	4608              c:\windows\twain_32\MX310 series\USDRESSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	5120              c:\windows\twain_32\MX310 series\USDRESRU.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESPL.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	4608              c:\windows\twain_32\MX310 series\USDRESNL.DLL
+ 2007-04-28 00:28 . 2007-04-28 00:28	4608              c:\windows\twain_32\MX310 series\USDRESKR.DLL
+ 2007-01-26 05:44 . 2007-01-26 05:44	4096              c:\windows\twain_32\MX310 series\USDRESJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESIT.DLL
+ 2007-04-28 01:36 . 2007-04-28 01:36	4608              c:\windows\twain_32\MX310 series\USDRESID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESHU.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESGR.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESFR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	5120              c:\windows\twain_32\MX310 series\USDRESFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	4608              c:\windows\twain_32\MX310 series\USDRESES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	4608              c:\windows\twain_32\MX310 series\USDRESDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	4608              c:\windows\twain_32\MX310 series\USDRESDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	4608              c:\windows\twain_32\MX310 series\USDRESCZ.DLL
+ 2007-04-28 03:29 . 2007-04-28 03:29	4608              c:\windows\twain_32\MX310 series\USDRESCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	4608              c:\windows\twain_32\MX310 series\USDRESAR.DLL
+ 2011-02-22 14:20 . 2008-04-14 06:52	8192              c:\windows\system32\wshirda.dll
+ 2011-02-20 20:39 . 2007-04-15 19:00	9216              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMLH8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	9216              c:\windows\system32\spool\drivers\w32x86\3\CNMLH8Z.DLL
+ 2011-02-22 14:20 . 2008-04-14 06:52	8192              c:\windows\system32\dllcache\wshirda.dll
+ 2007-04-25 09:06 . 2007-04-25 09:06	3584              c:\windows\system32\CNCFLdUS.DLL
+ 2007-04-27 23:19 . 2007-04-27 23:19	3584              c:\windows\system32\CNCFLdTW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	3584              c:\windows\system32\CNCFLdTR.DLL
+ 2007-04-28 00:42 . 2007-04-28 00:42	3584              c:\windows\system32\CNCFLdTH.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdSE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdRU.DLL
+ 2007-05-14 06:09 . 2007-05-14 06:09	3584              c:\windows\system32\CNCFLdPT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdPL.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdNO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdNL.DLL
+ 2007-04-28 00:13 . 2007-04-28 00:13	3584              c:\windows\system32\CNCFLdKR.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	3072              c:\windows\system32\CNCFLdJP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdIT.DLL
+ 2007-04-28 22:55 . 2007-04-28 22:55	3584              c:\windows\system32\CNCFLdID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdHU.DLL
+ 2007-05-11 03:46 . 2007-05-11 03:46	3584              c:\windows\system32\CNCFLdGR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdFR.DLL
+ 2007-05-11 01:31 . 2007-05-11 01:31	3584              c:\windows\system32\CNCFLdFI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	3584              c:\windows\system32\CNCFLdES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdDK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	3584              c:\windows\system32\CNCFLdDE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	3584              c:\windows\system32\CNCFLdCZ.DLL
+ 2007-04-27 07:16 . 2007-04-27 07:16	3584              c:\windows\system32\CNCFLdCN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	3584              c:\windows\system32\CNCFLdAR.DLL
+ 2007-02-06 11:00 . 2007-02-06 11:00	258048              c:\windows\twain_32\MX310 series\USIP.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	524288              c:\windows\twain_32\MX310 series\TPM.DLL
+ 2005-02-02 08:34 . 2005-02-02 08:34	118784              c:\windows\twain_32\MX310 series\SCRPRMV.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	147456              c:\windows\twain_32\MX310 series\SCANINTF.DLL
+ 2006-12-13 01:28 . 2006-12-13 01:28	122880              c:\windows\twain_32\MX310 series\MC2.DLL
+ 2004-06-07 02:58 . 2004-06-07 02:58	290816              c:\windows\twain_32\MX310 series\libBLC.dll
+ 2004-08-26 07:07 . 2004-08-26 07:07	114688              c:\windows\twain_32\MX310 series\ITLIB32.DLL
+ 2007-04-18 22:57 . 2007-04-18 22:57	135168              c:\windows\twain_32\MX310 series\IPM.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	184320              c:\windows\twain_32\MX310 series\IOP.DLL
+ 2007-03-19 04:06 . 2007-03-19 04:06	143360              c:\windows\twain_32\MX310 series\CUBS.DLL
+ 2005-08-24 05:51 . 2005-08-24 05:51	126976              c:\windows\twain_32\MX310 series\CFine2.dll
+ 2011-02-15 19:50 . 2008-04-13 23:05	199680              c:\windows\system32\xpsp1res_original.dll
+ 2011-02-20 20:39 . 2007-04-15 19:00	361472              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMUR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	310272              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMUB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	428544              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSM8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	816128              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMSB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	102400              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMPV8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	145408              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMLR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	545792              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMDR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	221184              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMD58Z.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	139264              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFIMd.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	524288              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCFDLd.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	196608              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAWSd.DLL
+ 2007-04-25 09:03 . 2007-04-25 09:03	512000              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAPFd.EXE
+ 2007-04-25 09:06 . 2007-04-25 09:06	278528              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAMGd.DLL
+ 2007-04-25 09:05 . 2007-04-25 09:05	561152              c:\windows\system32\spool\drivers\w32x86\canonmx310_series_fa4204\CNCAAId.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	361472              c:\windows\system32\spool\drivers\w32x86\3\CNMUR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	310272              c:\windows\system32\spool\drivers\w32x86\3\CNMUB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	428544              c:\windows\system32\spool\drivers\w32x86\3\CNMSM8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	816128              c:\windows\system32\spool\drivers\w32x86\3\CNMSB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	102400              c:\windows\system32\spool\drivers\w32x86\3\CNMPV8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	145408              c:\windows\system32\spool\drivers\w32x86\3\CNMLR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	545792              c:\windows\system32\spool\drivers\w32x86\3\CNMDR8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	221184              c:\windows\system32\spool\drivers\w32x86\3\CNMD58Z.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	139264              c:\windows\system32\spool\drivers\w32x86\3\CNCFIMd.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	524288              c:\windows\system32\spool\drivers\w32x86\3\CNCFDLd.DLL
+ 2007-04-25 09:06 . 2007-04-25 09:06	196608              c:\windows\system32\spool\drivers\w32x86\3\CNCAWSd.DLL
+ 2007-04-25 09:03 . 2007-04-25 09:03	512000              c:\windows\system32\spool\drivers\w32x86\3\CNCAPFd.EXE
+ 2007-04-25 09:06 . 2007-04-25 09:06	278528              c:\windows\system32\spool\drivers\w32x86\3\CNCAMGd.DLL
+ 2007-04-25 09:05 . 2007-04-25 09:05	561152              c:\windows\system32\spool\drivers\w32x86\3\CNCAAId.DLL
+ 2011-02-15 19:36 . 2009-03-14 11:55	311296              c:\windows\system32\sndvol32.exe
+ 2011-02-17 20:18 . 2011-02-02 20:40	157472              c:\windows\system32\javaws.exe
- 2011-02-16 18:22 . 2011-02-16 18:22	145184              c:\windows\system32\javaw.exe
+ 2011-02-17 20:18 . 2011-02-02 20:40	145184              c:\windows\system32\javaw.exe
- 2011-02-16 18:22 . 2011-02-16 18:22	145184              c:\windows\system32\java.exe
+ 2011-02-17 20:18 . 2011-02-02 20:40	145184              c:\windows\system32\java.exe
+ 2011-02-22 14:20 . 2008-04-14 06:52	153088              c:\windows\system32\irftp.exe
+ 2011-02-15 19:31 . 2011-02-19 19:04	103824              c:\windows\system32\FNTCACHE.DAT
+ 2011-02-16 18:32 . 2010-12-21 05:55	100352              c:\windows\system32\drivers\ssceserd.sys
+ 2011-02-16 18:32 . 2010-12-21 05:55	123648              c:\windows\system32\drivers\sscemdm.sys
+ 2011-02-15 19:50 . 2008-04-13 23:05	199680              c:\windows\system32\dllcache\sprs0407.dll
+ 2011-02-15 19:36 . 2009-03-14 11:55	311296              c:\windows\system32\dllcache\sndvol32.exe
+ 2003-04-02 11:00 . 2008-04-14 06:52	142336              c:\windows\system32\dllcache\sfc_os.dll
+ 2011-02-22 14:20 . 2008-04-14 06:52	153088              c:\windows\system32\dllcache\irftp.exe
- 2011-02-16 18:22 . 2011-02-16 18:22	472808              c:\windows\system32\deployJava1.dll
+ 2011-02-16 18:22 . 2011-02-02 20:40	472808              c:\windows\system32\deployJava1.dll
+ 2011-02-20 20:39 . 2007-04-15 19:00	215040              c:\windows\system32\CNMLM8Z.DLL
+ 2007-04-25 09:02 . 2007-04-25 09:02	106496              c:\windows\system32\CNCFMSd.EXE
+ 2007-04-25 09:09 . 2007-04-25 09:09	151552              c:\windows\system32\CNCF2Ld.DLL
+ 2007-03-15 04:12 . 2007-03-15 04:12	188416              c:\windows\system32\CNC310O.DLL
+ 2007-03-19 00:39 . 2007-03-19 00:39	200704              c:\windows\system32\CNC310L.DLL
+ 2011-02-19 18:24 . 2011-02-19 18:24	428544              c:\windows\Installer\189aae.msi
+ 2011-02-17 20:19 . 2011-02-17 20:19	180224              c:\windows\Installer\11183ff.msi
+ 2011-02-17 20:15 . 2011-02-17 20:15	970240              c:\windows\Installer\11183e8.msi
+ 2011-02-19 19:02 . 2008-04-14 06:52	142336              c:\windows\Driver Cache\i386\sfc_os.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	164464              c:\windows\Auslogics Disk Defrag Screensaver\localizer.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	132208              c:\windows\Auslogics Disk Defrag Screensaver\DiskDefrag.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	750704              c:\windows\aus_ddss.scr
+ 2011-02-19 19:14 . 2011-02-19 19:14	362496              c:\windows\assembly\NativeImages_v2.0.50727_32\QTAddressBar\202e5307289215a0cf4574dfe43cd0c7\QTAddressBar.ni.dll
+ 2011-02-19 19:14 . 2011-02-19 19:14	312320              c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.SHDocVw\a927c4e1a8d45d44a88691184e937711\Interop.SHDocVw.ni.dll
+ 2011-02-19 19:14 . 2011-02-19 19:14	122880              c:\windows\assembly\GAC_MSIL\QTAddressBar\1.0.0.0__78a0cde69b47ca25\QTAddressBar.dll
+ 2011-02-19 19:14 . 2011-02-19 19:14	126976              c:\windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__78a0cde69b47ca25\Interop.SHDocVw.dll
+ 2007-04-18 22:57 . 2007-04-18 22:57	1175552              c:\windows\twain_32\MX310 series\SGUI.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	1040384              c:\windows\twain_32\MX310 series\SGRES_US.DLL
+ 2007-04-27 23:39 . 2007-04-27 23:39	1040384              c:\windows\twain_32\MX310 series\SGRES_TW.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	1040384              c:\windows\twain_32\MX310 series\SGRES_TR.DLL
+ 2007-04-28 00:51 . 2007-04-28 00:51	1040384              c:\windows\twain_32\MX310 series\SGRES_TH.DLL
+ 2007-05-10 00:42 . 2007-05-10 00:42	1044480              c:\windows\twain_32\MX310 series\SGRES_SE.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1044480              c:\windows\twain_32\MX310 series\SGRES_RU.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1048576              c:\windows\twain_32\MX310 series\SGRES_PT.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1048576              c:\windows\twain_32\MX310 series\SGRES_PL.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1040384              c:\windows\twain_32\MX310 series\SGRES_NO.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1052672              c:\windows\twain_32\MX310 series\SGRES_NL.DLL
+ 2007-04-28 00:28 . 2007-04-28 00:28	1040384              c:\windows\twain_32\MX310 series\SGRES_KR.DLL
+ 2007-04-18 22:56 . 2007-04-18 22:56	1011712              c:\windows\twain_32\MX310 series\SGRES_JP.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1056768              c:\windows\twain_32\MX310 series\SGRES_IT.DLL
+ 2007-04-28 01:36 . 2007-04-28 01:36	1044480              c:\windows\twain_32\MX310 series\SGRES_ID.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1048576              c:\windows\twain_32\MX310 series\SGRES_HU.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1056768              c:\windows\twain_32\MX310 series\SGRES_GR.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1052672              c:\windows\twain_32\MX310 series\SGRES_FR.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1040384              c:\windows\twain_32\MX310 series\SGRES_FI.DLL
+ 2007-05-10 00:41 . 2007-05-10 00:41	1056768              c:\windows\twain_32\MX310 series\SGRES_ES.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1044480              c:\windows\twain_32\MX310 series\SGRES_DK.DLL
+ 2007-05-10 00:40 . 2007-05-10 00:40	1052672              c:\windows\twain_32\MX310 series\SGRES_DE.DLL
+ 2007-05-10 00:39 . 2007-05-10 00:39	1044480              c:\windows\twain_32\MX310 series\SGRES_CZ.DLL
+ 2007-04-28 03:29 . 2007-04-28 03:29	1040384              c:\windows\twain_32\MX310 series\SGRES_CN.DLL
+ 2007-05-10 00:38 . 2007-05-10 00:38	1040384              c:\windows\twain_32\MX310 series\SGRES_AR.DLL
+ 2006-11-30 23:24 . 2006-11-30 23:24	1159168              c:\windows\twain_32\MX310 series\SGCFLTR.DLL
+ 2007-03-08 23:05 . 2007-03-08 23:05	3724256              c:\windows\twain_32\MX310 series\CNC310.DAT
+ 2011-02-19 18:25 . 2011-02-19 18:25	2334848              c:\windows\system32\TUKernel.exe
+ 2011-02-20 20:39 . 2007-04-15 19:00	1907200              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMUI8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	1600000              c:\windows\system32\spool\drivers\w32x86\canonmx310_seriesf395\CNMCB8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	1907200              c:\windows\system32\spool\drivers\w32x86\3\CNMUI8Z.DLL
+ 2011-02-20 20:39 . 2007-04-15 19:00	1600000              c:\windows\system32\spool\drivers\w32x86\3\CNMCB8Z.DLL
+ 2003-04-02 11:00 . 2008-04-14 06:52	1005568              c:\windows\system32\msgina_original.dll
+ 2003-04-02 11:00 . 2008-04-14 06:52	1462784              c:\windows\system32\msgina.dll
+ 2003-04-02 11:00 . 2004-08-03 22:45	8837632              c:\windows\system32\logonui.exe
+ 2003-04-02 11:00 . 2008-04-14 06:52	1462784              c:\windows\system32\dllcache\msgina.dll
+ 2007-03-23 06:30 . 2007-03-23 06:30	1400832              c:\windows\system32\CNC310C.DLL
+ 2011-02-15 19:49 . 2008-04-14 06:52	1462784              c:\windows\ServicePackFiles\i386\msgina.dll
+ 2011-02-15 19:49 . 2004-08-03 22:45	8837632              c:\windows\ServicePackFiles\i386\logonui.exe
+ 2011-02-19 17:54 . 2008-11-27 16:18	1634816              c:\windows\Resources\Themes\SevenVG Black\Shell\NormalColor\Shellstyle.dll
+ 2011-02-19 17:54 . 2009-03-14 16:07	1550848              c:\windows\Resources\Themes\SevenVG Black\Shell\NormalColor\noob.dll
+ 2011-02-19 17:54 . 2008-11-27 16:18	1634816              c:\windows\Resources\Themes\SevenVG Black\Shell\Aero48\Shellstyle.dll
+ 2011-02-20 11:44 . 2010-02-03 12:04	1745712              c:\windows\Auslogics Disk Defrag Screensaver\RepLibrary.dll
+ 2003-04-02 11:00 . 2011-01-21 14:44	25854464              c:\windows\system32\shell32.dll
+ 2003-04-02 11:00 . 2011-01-21 14:44	25854464              c:\windows\system32\dllcache\shell32.dll
+ 2011-02-15 19:49 . 2011-01-21 14:44	25854464              c:\windows\ServicePackFiles\i386\shell32.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"UnlockerAssistant"="c:\programme\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Matthias\Startmen\Programme\Autostart\
Locate32 Autorun.lnk - c:\programme\Locate\Locate32.exe [2007-7-1 970752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVer HID Receiver.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVer HID Receiver.lnk
backup=c:\windows\pss\AVer HID Receiver.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^AVerQuick.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\AVerQuick.lnk
backup=c:\windows\pss\AVerQuick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2007-11-06 14:39	69632	----a-w-	c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-01-13 10:46	166912	----a-w-	c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-01-13 10:46	134656	----a-w-	c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08	421160	----a-w-	c:\programme\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesHelper]
2011-01-29 22:11	888120	----a-w-	c:\programme\Samsung\Kies\KiesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-29 22:11	3372856	----a-w-	c:\programme\Samsung\Kies\KiesTrayAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-01-13 10:46	135680	----a-w-	c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38	421888	----a-w-	c:\programme\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-11-06 14:40	16384512	----a-w-	c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2007-11-06 14:40	1826816	----a-w-	c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 13:49	249064	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows-Remoteverwaltung 

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [16.02.2011 14:50 135336]
R2 AVerRemote;AVerRemote;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe [16.02.2011 18:38 344064]
R2 AVerScheduleService;AVerScheduleService;c:\programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe [16.02.2011 18:38 389120]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [14.12.2010 14:03 1517376]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\drivers\AVerAF35.sys [16.02.2011 18:28 474880]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54 MBit/s USB 2.0 Netzwerkadapter;c:\windows\system32\drivers\RTL8187B.sys [16.02.2011 15:35 342784]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 19:27 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.03.2010 13:16 130384]
S3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\drivers\sscebus.sys [16.02.2011 19:32 98560]
S3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\drivers\sscemdfl.sys [16.02.2011 19:32 14848]
S3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\drivers\sscemdm.sys [16.02.2011 19:32 123648]
S3 ssceserd;SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM);c:\windows\system32\drivers\ssceserd.sys [16.02.2011 19:32 100352]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [02.04.2003 12:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.03.2010 13:16 753504]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25495
FF - ProfilePath - c:\dokumente und einstellungen\Matthias\Anwendungsdaten\Mozilla\Firefox\Profiles\hv5g430i.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\programme\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-02-23 19:08
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Zeit der Fertigstellung: 2011-02-23  19:10:59
ComboFix-quarantined-files.txt  2011-02-23 18:10
ComboFix2.txt  2011-02-17 15:27

Vor Suchlauf: 10 Verzeichnis(se), 54.307.381.248 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 54.434.807.808 Bytes frei

- - End Of File - - 2C373CD3974B6AE9724E734BAA75C766
         
So, das wars
hoffe konnte dir weiterhelfen.
LG

Alt 08.03.2011, 09:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Wer hat dich eigentlich angewiesen combofix auszuführen? Auf eigene Faust solltest du das nicht tun, denn CF ist KEIN Spielzeug!

Bitte den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.

Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2011, 10:49   #9
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Zitat:
Zitat von cosinus Beitrag anzeigen
Wer hat dich eigentlich angewiesen combofix auszuführen? Auf eigene Faust solltest du das nicht tun, denn CF ist KEIN Spielzeug!
Ok, werde ich mir merken.

Das ist das Ergebnis vom Bootkit Remover

Zitat:
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
LG

Alt 08.03.2011, 11:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Hast Du noch andere Betriebssystem außer WinXP drauf?

Wenn nicht, also WinXP das einzige installierte System ist: Starte den Rechner neu und wähle im Bootmenü die Wiederherstellungskonsole aus.
Tipp dort den Befehl fixmbr ein (dann Enter, mit j bestätigen) danach den Befehl fixboot (dann Enter, mit j bestätigen)
Mit exit (dann enter drücken) wird der Rechner neu gestartet. Führe im normalen Windowsmodus MBRCheck nochmals aus und poste das neue Log.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2011, 11:51   #11
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Erledigt!
Meinst du Bootkit_Remover oder MBRCheck?
Hier bootkit_remover:
Zitat:
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...
LG

Alt 08.03.2011, 12:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2011, 13:17   #13
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



OSAM:
OSAM Logfile:
OSAM Logfile:
OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 13:15:59 on 08.03.2011

OS: Windows XP Professional Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 3.6.14

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"sysdm.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswFsBlk.sys
"aswMon2" (aswMon2) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswMon2.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswSP.sys
"avast! Asynchronous Virus Monitor" (Aavmker4) - "AVAST Software" - C:\WINDOWS\system32\drivers\Aavmker4.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\WINDOWS\system32\drivers\aswTdi.sys
"AVZ Kernel Driver" (uti3ndu1) - ? - C:\WINDOWS\system32\Drivers\uti3ndu1.sys
"catchme" (catchme) - ? - C:\DOKUME~1\Matthias\LOKALE~1\Temp\catchme.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"lgca" (lgca) - ? - C:\WINDOWS\System32\drivers\wfpjwgg.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"SCDEmu" (SCDEmu) - "PowerISO Computing, Inc." - C:\WINDOWS\system32\drivers\SCDEmu.sys
"TCP/IP-Protokolltreiber" (Tcpip) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\tcpip.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys
"ugnyqpod" (ugnyqpod) - ? - C:\DOKUME~1\Matthias\LOKALE~1\Temp\ugnyqpod.sys  (Hidden registry entry, rootkit activity | File not found)
"VMware Virtual Ethernet Adapter Driver" (VMnetAdapter) - ? - C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)
"XDva382" (XDva382) - ? - C:\WINDOWS\system32\XDva382.sys  (File not found)
"XDva383" (XDva383) - ? - C:\WINDOWS\system32\XDva383.sys  (File not found)

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
{89820200-ECBD-11cf-8B85-00AA005B4340} "Windows Desktop-Update" - ? - regsvr32.exe /s /n /i:U shell32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{0D2E74C4-3C34-11d2-A27E-00C04FC30871} "{0D2E74C4-3C34-11d2-A27E-00C04FC30871}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{24F14F01-7B1C-11d1-838f-0000F80461CF} "{24F14F01-7B1C-11d1-838f-0000F80461CF}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{24F14F02-7B1C-11d1-838f-0000F80461CF} "{24F14F02-7B1C-11d1-838f-0000F80461CF}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{66742402-F9B9-11D1-A202-0000F81FEDEE} "{66742402-F9B9-11D1-A202-0000F81FEDEE}" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{733AC4CB-F1A4-11d0-B951-00A0C90312E1} "WebView MIME Filter" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "URL Exec Hook" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)
{56F9679E-7826-4C84-81F3-532071A8BCC5} "Windows Desktop Search Namespace Manager" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Programme\AVAST Software\Avast\ashShell.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{32683183-48a0-441b-a342-7c2a440a9478} "Media Band" - ? -   (File not found | COM-object registry key not found)
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "PowerISO" - "PowerISO Computing, Inc." - C:\Programme\PowerISO\PWRISOSH.DLL
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\XCShInfo.dll
{5B043439-4F53-436E-8CFE-28F80934DBE6} "PXCPreviewHandlerXP Class" - "Tracker Software Products Ltd." - C:\Programme\Tracker Software\Shell Extensions\PXCPrevHost.exe
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - c:\WINDOWS\system32\dfshim.dll
{0DF44EAA-FF21-4412-828E-260A8728E7F1} "Taskleiste und Startmenü" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
{13E7F612-F261-4391-BEA2-39DF4F3FA311} "Windows Desktop Search" - "Microsoft Corporation" - C:\Programme\Windows Desktop Search\msnlExt.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Programme\WinRAR\rarext.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----
{7849596a-48ea-486e-8937-a2a3009f31a9} "PostBootReminder object" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)
{fbeb8a05-beee-4442-804e-409d6c4515e9} "ShellFolder for CD Burning" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} "File Search Explorer Band" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
{32683183-48a0-441b-a342-7c2a440a9478} "{32683183-48a0-441b-a342-7c2a440a9478}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Links" - ? - C:\WINDOWS\system32\SHELL32.dll  (File found, but it contains no detailed information)
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_24" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_24.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Macromed\Flash\Flash10n.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - ? - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll
{af83e43c-dd2b-4787-826b-31b17dee52ed} "QT Breadcrumbs Address Bar" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - ? - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jp2ssv.dll
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
{10af03d2-2f08-f172-4e03-cc9ffd152314} "mignet" - ? - C:\WINDOWS\system32\K-__ZMqu8ar.dll  (File not found)

[Known DLLs]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs )-----
"shell32" - ? - C:\WINDOWS\system32\shell32.dll  (File found, but it contains no detailed information)

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders )-----
"SecurityProviders" - "Ctckmlr Software" - C:\WINDOWS\system32\mltsihgy.dll

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Matthias\Startmenü\Programme\Autostart\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Programme\AVAST Software\Avast\avastUI.exe" /nogui

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Programme\AVAST Software\Avast\AvastSvc.exe
"AVerRemote" (AVerRemote) - "AVerMedia" - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerRemote.exe
"AVerScheduleService" (AVerScheduleService) - ? - C:\Programme\Gemeinsame Dateien\AVerMedia\Service\AVerScheduleService.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"TuneUp Designerweiterung" (UxTuneUp) - "TuneUp Software" - C:\WINDOWS\System32\uxtuneup.dll
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"UIHost" - "Microsoft Corporation" - C:\WINDOWS\system32\logonui.exe
"VmApplet" - "Microsoft Corporation" - C:\WINDOWS\system32\sysdm.cpl
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"WgaLogon" - "Microsoft Corporation" - C:\WINDOWS\system32\WgaLogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---
--- --- ---
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]
Gmer stützt immer ab.
Danke für deine Hilfe!
MBRCheck findet Windows XP Boot Code!
LG

Geändert von matthias2619 (08.03.2011 um 13:30 Uhr)

Alt 08.03.2011, 16:40   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Code:
ATTFilter
"lgca" (lgca) - ? - C:\WINDOWS\System32\drivers\wfpjwgg.sys  (File not found)
"XDva382" (XDva382) - ? - C:\WINDOWS\system32\XDva382.sys  (File not found)
"XDva383" (XDva383) - ? - C:\WINDOWS\system32\XDva383.sys  (File not found)
         
Bitte mit OSAM deaktivieren und löschen (delete from storage, siehe Anleitung zu OSAM).
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.03.2011, 17:19   #15
matthias2619
 
AVAST findet Bootkit? - Standard

AVAST findet Bootkit?



Zitat:
Zitat von cosinus Beitrag anzeigen
Bitte mit OSAM deaktivieren und löschen (delete from storage, siehe Anleitung zu OSAM).
Fertig!
was kommt als nöchstes?
LG

Antwort

Themen zu AVAST findet Bootkit?
anhang, avast, bootkit, erhalte, folge, folgende, meldung, stunde




Ähnliche Themen: AVAST findet Bootkit?


  1. WIN 7: Avast findet UninstallManager.exe und MyDeltaTB.exe
    Log-Analyse und Auswertung - 13.03.2015 (2)
  2. Avast findet Win32:Rootkit-gen
    Plagegeister aller Art und deren Bekämpfung - 05.02.2015 (5)
  3. avast findet Win32:Dropper-gen - was tun?
    Log-Analyse und Auswertung - 02.07.2014 (7)
  4. Avast findet Virus und Malwarebytes findet Viren
    Plagegeister aller Art und deren Bekämpfung - 12.03.2014 (7)
  5. Avast findet Win32.BadCap.k
    Log-Analyse und Auswertung - 04.12.2013 (13)
  6. Avast findet Win32: Evo-gen
    Plagegeister aller Art und deren Bekämpfung - 29.10.2013 (9)
  7. avast findet JS:Downloader-blr, malwarebytes findet Exploit.Drop.GSA
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (6)
  8. AVAST findet Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (20)
  9. avast! findet Rootkit - Fehlalarm?
    Plagegeister aller Art und deren Bekämpfung - 07.10.2011 (1)
  10. avast findet "giraffic.exe", danach findet malewarebytes 13 infizierte dateien..PUP.Hacktool.Patcher
    Log-Analyse und Auswertung - 26.08.2011 (5)
  11. Bootkit Remover findet anscheinend defekten MBR, was nun?
    Plagegeister aller Art und deren Bekämpfung - 10.02.2011 (4)
  12. Avast findet Win32:Malware-gen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2009 (29)
  13. HJT Logfile... Avast findet Trojaner
    Log-Analyse und Auswertung - 17.02.2009 (3)
  14. avast findet Virus Malware-gen
    Log-Analyse und Auswertung - 14.01.2009 (10)
  15. Avast findet Win32:Trojan-gen. {Other}
    Log-Analyse und Auswertung - 14.01.2008 (7)
  16. AW: Avast findet Win32:Trojan-gen. {Other}
    Mülltonne - 14.01.2008 (0)
  17. Avast findet Win32:Trojan-gen {Other}
    Plagegeister aller Art und deren Bekämpfung - 25.10.2007 (2)

Zum Thema AVAST findet Bootkit? - Hallo liebes TB-Team, Ich habe vor ca. 1 Stunde von AVAST folgende Meldung erhalten Weitere Logs sind im Anhang! Bisher habe ich noch nix gelöscht, weder von AVAST noch von - AVAST findet Bootkit?...
Archiv
Du betrachtest: AVAST findet Bootkit? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.