|
System Defender und bestimmt noch mehr Hallo liebes trojaner-board. Ich hab seit gestern einige Problem mit meinem PC. Gestern hat er einfach diesen System Defender instaliert.... Da ich wirklich keine Ahnung von sowas habe, kann ich euch zur Zeit leider nur ein HiJackthis Log geben: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:28:52, on 03.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\csrss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\Programme\Avira\AntiVir Desktop\sched.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\WINDOWS\SOUNDMAN.EXE I:\WINDOWS\system32\RUNDLL32.EXE I:\Programme\Avira\AntiVir Desktop\avgnt.exe I:\WINDOWS\tsnp2std.exe I:\WINDOWS\ZSSnp211.exe I:\WINDOWS\Domino.exe I:\WINDOWS\system32\ctfmon.exe I:\Programme\FRITZ!DSL\IGDCTRL.EXE M:\Programme\DAEMON Tools Lite\daemon.exe I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE I:\Programme\Free Download Manager\fdm.exe I:\Programme\CDBurnerXP\NMSAccessU.exe I:\WINDOWS\system32\nvsvc32.exe I:\Dokumente und Einstellungen\*****\.COMMgr\complmgr.exe I:\WINDOWS\system32\HPZipm12.exe I:\WINDOWS\system32\PnkBstrA.exe I:\WINDOWS\system32\svchost.exe I:\Programme\Tunngle\TnglCtrl.exe I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe I:\Programme\FRITZ!DSL\StCenter.exe I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe I:\Programme\HP\Digital Imaging\bin\hpqimzone.exe I:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\WINDOWS\System32\alg.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\explorer.exe I:\WINDOWS\system32\wuauclt.exe I:\PROGRA~1\GEMEIN~1\MICROS~1\Msinfo\OFFPROV.EXE I:\Programme\Mozilla Firefox\firefox.exe I:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\rundll32.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\ping.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\ping.exe I:\WINDOWS\system32\ping.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\WINDOWS\system32\cmd.exe I:\Programme\Internet Explorer\iexplore.exe I:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe I:\Programme\CCleaner\CCleaner.exe I:\Dokumente und Einstellungen\Harms\Desktop\HiJackThis.exe I:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.flugwetter.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1 R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe ykda.sxo ukqbtms O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 w*w.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 w*w.secure-plus-payments.com O1 - Hosts: 74.125.45.100 w*w.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 w*w.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 w*w.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 w*w.secure-plus-payments.com O1 - Hosts: 74.125.45.100 w*w.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 w*w.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - I:\Programme\Free Download Manager\iefdm2.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\programme\google\googletoolbar1.dll O3 - Toolbar: (no name) - {5ACF6D00-522E-4E15-9387-733063B2D076} - (no file) O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "I:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [tsnp2std] I:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [ZSSnp211] I:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] I:\WINDOWS\Domino.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] M:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "I:\WINDOWS\is-EU68E.exe" /REG O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "M:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Free Download Manager] I:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [COM+ Manager] "I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = I:\Programme\FRITZ!DSL\StCenter.exe O4 - Startup: GM_DevUpdate.lnk = I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://I:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - h**p://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - h**p://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - h**p://www3.snapfish.de/SnapfishActivia.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - h**p://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - h**p://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/de...idstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - h**p://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - h**p://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: opnkjKaW - opnkjKaW.dll (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - I:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Apache2 - Apache Software Foundation - M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - I:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - I:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - I:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TunngleService - Tunngle.net GmbH - I:\Programme\Tunngle\TnglCtrl.exe -- End of file - 17617 bytes |
Hallo, vorab, das was ich bisher sehe auf deinem System ist schon ziemlich krass. Ich kann dir keine Garantie geben, dass wir alles entfernt kriegen, das schnellste wäre Format C. Falls du Bereinigen möchtest dann: 1.) Hole dir Gmer auf dem Desktop und lass es rennen. Wie es in der Anleitung steht. 2.) Lass Malwarebytes AntiMalware dein System scannen. Speichere die Setup so: Rechtsklick -> Ziel speichern unter -> blubb.com umbenennen. MBAM rennen lassen. Logfile heir her. 3.) RSIT das System für ein System Überblick scannen lassen. Lade es dir herunter und hänge die beiden Logs entweder an, oder lade sie bei einem Filehoster hoch. Tipps: Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de oder File-Upload.net |
Hallo, da zur Zeit die Programme noch arbeiten kam mir die idde einfach eine system wieder herstellung zu machen..... Ist danach nicht das hauptproblem mit dem system defender etc. wieder weg? Ich kann ja einfach eins von letzter woche wieder herstellen... dann hab ich ja wieder alles weg oder nicht? |
Ich glaube nicht, da du dich sonst zu dem Zeitpunkt reinfizieren könntest. |
und wenn ich eins von letzter woche oder vorletzter woche nehme? |
System Defender und Seite "safebuy" Hast du das Problem dennoch nicht los ;) |
Gmer Log: GMER 1.0.15.15252 - http://www.gmer.net Rootkit scan 2009-12-04 06:37:22 Windows 5.1.2600 Service Pack 3 Running: f7x61vno.exe; Driver: I:\DOKUME~1\Harms\LOKALE~1\Temp\uxtdqpob.sys ---- System - GMER 1.0.15 ---- SSDT BA414A66 ZwCreateKey SSDT BA414A5C ZwCreateThread SSDT BA414A6B ZwDeleteKey SSDT BA414A75 ZwDeleteValueKey SSDT splo.sys ZwEnumerateKey [0xF7454CA4] SSDT splo.sys ZwEnumerateValueKey [0xF7455032] SSDT BA414A7A ZwLoadKey SSDT splo.sys ZwOpenKey [0xF74360C0] SSDT BA414A48 ZwOpenProcess SSDT BA414A4D ZwOpenThread SSDT splo.sys ZwQueryKey [0xF745510A] SSDT splo.sys ZwQueryValueKey [0xF7454F8A] SSDT BA414A84 ZwReplaceKey SSDT BA414A7F ZwRestoreKey SSDT BA414A70 ZwSetValueKey SSDT BA414A57 ZwTerminateProcess INT 0x62 ? 8A5A6BF8 INT 0x63 ? 8A3CBF00 INT 0x73 ? 8A3CBF00 INT 0x82 ? 8A5A6BF8 INT 0x83 ? 8A3CBF00 ---- Kernel code sections - GMER 1.0.15 ---- ? lzovzmi.sys Das System kann die angegebene Datei nicht finden. ! ? splo.sys Das System kann die angegebene Datei nicht finden. ! .text USBPORT.SYS!DllUnload B96768AC 5 Bytes JMP 8A3CB4E0 .text I:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8BE6360, 0x372FAD, 0xE8000020] .text aobvsw6t.SYS B8A13386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...] .text aobvsw6t.SYS B8A133AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...] .text aobvsw6t.SYS B8A133C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH} .text aobvsw6t.SYS B8A133C9 1 Byte [30] .text aobvsw6t.SYS B8A133C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL} .text ... .text I:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6A61300, 0x22020, 0xE8000020] .text I:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF774F300, 0x1B7E, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text I:\Programme\Tunngle\TnglCtrl.exe[596] ntdll.dll!DbgBreakPoint 7C91120E 1 Byte [90] .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetCloseHandle 408BDA71 5 Bytes JMP 1318B354 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!HttpOpenRequestA 408C4339 5 Bytes JMP 13189BEC .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetConnectA 408C4992 5 Bytes JMP 13189A80 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetReadFile 408CABCC 5 Bytes JMP 1318B100 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetQueryDataAvailable 408CAE0D 5 Bytes JMP 1318AEF4 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetOpenA 408CC879 3 Bytes JMP 13189A2C .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetOpenA + 4 408CC87D 1 Byte [D2] .text I:\WINDOWS\explorer.exe[1156] WININET.dll!HttpSendRequestA 408CCD50 3 Bytes JMP 1318A500 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!HttpSendRequestA + 4 408CCD54 1 Byte [D2] .text I:\WINDOWS\explorer.exe[1156] WININET.dll!HttpSendRequestW 408E0845 5 Bytes JMP 1318A914 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetReadFileExW 408E3F18 5 Bytes JMP 1318B304 .text I:\WINDOWS\explorer.exe[1156] WININET.dll!InternetReadFileExA 408E3F50 5 Bytes JMP 1318B2B4 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A5A82D8 IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7467C4C] splo.sys IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7467CA0] splo.sys IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7437042] splo.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F743713E] splo.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74370C0] splo.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7437800] splo.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74376D6] splo.sys IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A3CB5E0 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!swprintf] 001CB286 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IofCallDriver] 001CB986 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!sprintf] 968D5140 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoStartTimer] 00002230 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ZwCreateKey] C6000000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoStartPacket] 538B0000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoFreeMdl] E8500000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeSetTimer] F6317300 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!_allmul] 74070647 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!_except_handler3] 05578A0B IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!_aulldiv] 03087408 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!strstr] 72F93B3F IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!_strupr] 8A09EBDA IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!KeTickCount] 88084B8A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!PoCallDriver] 002157E8 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!memmove] 18C48300 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!KeGetCurrentIrql] 9E880000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!KfRaiseIrql] 00001CA9 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!KfLowerIrql] 0E798366 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!HalGetInterruptVector] 74AAB000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!HalTranslateBusAddress] 8186C636 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200 IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[WMILIB.SYS!WmiSystemControl] 8800001C IAT \SystemRoot\System32\Drivers\aobvsw6t.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7446E9C] splo.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A5A51F8 Device \FileSystem\Fastfat \FatCdrom 8A1C8500 Device \Driver\usbohci \Device\USBPDO-0 8A3E3500 Device \Driver\usbohci \Device\USBPDO-1 8A3E3500 Device \Driver\usbehci \Device\USBPDO-2 8A3CD500 Device \Driver\NetBT \Device\NetBT_Tcpip_{FF72279A-108B-49CB-AC76-D2CD1C9C18A0} 89D45500 Device \Driver\PCI_PNP0748 \Device\00000057 splo.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6141F8 Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6141F8 Device \Driver\Cdrom \Device\CdRom0 8A41E1F8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6141F8 Device \Driver\Cdrom \Device\CdRom1 8A41E1F8 Device \Driver\atapi \Device\Ide\IdePort0 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdePort1 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 [F783AB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Cdrom \Device\CdRom2 8A41E1F8 Device \Driver\usbstor \Device\00000080 89D211F8 Device \Driver\usbstor \Device\00000080 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\00000081 89D211F8 Device \Driver\usbstor \Device\00000081 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\00000082 89D211F8 Device \Driver\usbstor \Device\00000082 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\NetBT \Device\NetBt_Wins_Export 89D45500 Device \Driver\sptd \Device\1917831998 splo.sys Device \Driver\NetBT \Device\NetbiosSmb 89D45500 Device \Driver\usbstor \Device\00000088 89D211F8 Device \Driver\usbstor \Device\00000088 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\00000089 89D211F8 Device \Driver\usbstor \Device\00000089 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbohci \Device\USBFDO-0 8A3E3500 Device \Driver\usbohci \Device\USBFDO-1 8A3E3500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2A01F8 Device \Driver\usbehci \Device\USBFDO-2 8A3CD500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2A01F8 Device \Driver\usbstor \Device\0000007c 89D211F8 Device \Driver\usbstor \Device\0000007c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\Ftdisk \Device\FtControl 8A6141F8 Device \Driver\usbstor \Device\0000007e 89D211F8 Device \Driver\usbstor \Device\0000007e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\0000007f 89D211F8 Device \Driver\usbstor \Device\0000007f sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\usbstor \Device\0000008c 89D211F8 Device \Driver\usbstor \Device\0000008c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\aobvsw6t \Device\Scsi\aobvsw6t1Port2Path0Target0Lun0 8A1A0500 Device \Driver\aobvsw6t \Device\Scsi\aobvsw6t1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \Driver\aobvsw6t \Device\Scsi\aobvsw6t1 8A1A0500 Device \Driver\aobvsw6t \Device\Scsi\aobvsw6t1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology) Device \FileSystem\Fastfat \Fat 8A1C8500 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs 89D8D408 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 M:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x73 0xA4 0x8A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0x72 0xCA 0x88 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0x08 0xE9 0x40 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x4B 0x9D 0x24 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFB 0x11 0xE7 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFB 0x11 0xE7 0xC9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 M:\Programme\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3F 0x73 0xA4 0x8A ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE6 0x72 0xCA 0x88 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB6 0x08 0xE9 0x40 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x4B 0x9D 0x24 0xDA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xFB 0x11 0xE7 0xC9 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xFB 0x11 0xE7 0xC9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ I:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 1.0.15 ---- |
MB Log 1. Teil: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2775 Windows 5.1.2600 Service Pack 3 04.12.2009 16:44:26 mbam-log-2009-12-04 (16-44-19).txt Scan-Methode: Vollständiger Scan (I:\|M:\|N:\|) Durchsuchte Objekte: 516242 Laufzeit: 2 hour(s), 17 minute(s), 24 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 732 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 6 Infizierte Verzeichnisse: 1 Infizierte Dateien: 3 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aAvgApi.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AAWTray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\About.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ad-Aware.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentsvr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Agentw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AluSchedulerSvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-Trojan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirus.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusPlus.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirusXP.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiVirusxppro2009.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashAvast.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashBug.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashChest.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashCnsnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashLogV.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashMaiSv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashPopWz.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashQuick.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimp2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSimpl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPcc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashSkPck.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashWebSv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswChLic.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRegSvr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswRunDll.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoTrace.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVENGINE.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDInProcPatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDMsnScan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BDSurvey.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanIELow.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssAgent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantiVirus-cnet.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hackTracersetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\History.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Identity.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> No action taken. |
Mb Log 2. Teil: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEShow.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\JsRcGen.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcAgent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McSACore.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfAgent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_Internet_secu_3.0_407.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAcat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAhlp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OAReg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ODSW.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PavFnSvr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_AntiSpyware2010.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procExplorerv1.0.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANCU.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANHost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSANToManager.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsCtrls.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PsImSvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PskSvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PSUNMain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahAgent.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\save.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Spywarexpguard.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TPSrv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojantrap3.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TSC.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Userinit.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Virusmdpersonalfirewall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthAux.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthLic.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VisthUpd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WebProxy.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken. HKEY_USERS\S-1-5-19\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken. HKEY_USERS\S-1-5-20\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken. HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://search-gala.com/?&uid=249&q={searchTerms}) Good: (http://www.Google.com/) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe ykda.sxo ukqbtms) Good: (Explorer.exe) -> No action taken. Infizierte Verzeichnisse: I:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\twain_32 (Trojan.Zbot) -> No action taken. Infizierte Dateien: I:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> No action taken. I:\WINDOWS\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C98584.exe (Backdoor.Bot) -> No action taken. I:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\twain_32\user.ds (Trojan.Zbot) -> No action taken. |
Rsit log: Logfile of random's system information tool 1.06 (written by random/random) Run by Harms at 2009-12-04 16:46:07 Microsoft Windows XP Home Edition Service Pack 3 System drive I: has 14 GB (23%) free of 59 GB Total RAM: 2047 MB (64% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:46:20, on 04.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\Explorer.exe I:\Programme\Avira\AntiVir Desktop\sched.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\Programme\FRITZ!DSL\IGDCTRL.EXE I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE I:\Programme\CDBurnerXP\NMSAccessU.exe I:\WINDOWS\system32\HPZipm12.exe I:\WINDOWS\system32\PnkBstrA.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\SOUNDMAN.EXE I:\WINDOWS\system32\RUNDLL32.EXE I:\WINDOWS\tsnp2std.exe I:\WINDOWS\ZSSnp211.exe I:\WINDOWS\Domino.exe I:\WINDOWS\system32\ctfmon.exe M:\Programme\DAEMON Tools Lite\daemon.exe I:\Programme\Free Download Manager\fdm.exe I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe I:\Programme\FRITZ!DSL\StCenter.exe I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe I:\Programme\HP\Digital Imaging\bin\hpqimzone.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe I:\WINDOWS\system32\wuauclt.exe M:\Programme\Malwarebytes' Anti-Malware\mbam.exe I:\WINDOWS\system32\rundll32.exe I:\WINDOWS\system32\wuauclt.exe I:\WINDOWS\System32\svchost.exe I:\Programme\Mozilla Firefox\firefox.exe N:\RSIT.exe I:\Dokumente und Einstellungen\Harms\Desktop\Harms.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flugwetter.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1 R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe ykda.sxo ukqbtms O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - I:\Programme\Free Download Manager\iefdm2.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\programme\google\googletoolbar1.dll O3 - Toolbar: (no name) - {5ACF6D00-522E-4E15-9387-733063B2D076} - (no file) O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "I:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [tsnp2std] I:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [ZSSnp211] I:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] I:\WINDOWS\Domino.exe O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "M:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Free Download Manager] I:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [COM+ Manager] "I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = I:\Programme\FRITZ!DSL\StCenter.exe O4 - Startup: GM_DevUpdate.lnk = I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://I:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.de/SnapfishActivia.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/plugintest/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: opnkjKaW - opnkjKaW.dll (file missing) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - I:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Apache2 - Apache Software Foundation - M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - I:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - I:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - I:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TunngleService - Tunngle.net GmbH - I:\Programme\Tunngle\TnglCtrl.exe -- End of file - 11660 bytes ======Scheduled tasks folder====== I:\WINDOWS\tasks\cylewvxr.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - i:\programme\google\googletoolbar1.dll [2008-03-15 2427968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-17 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - I:\Programme\Free Download Manager\iefdm2.dll [2009-05-23 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - i:\programme\google\googletoolbar1.dll [2008-03-15 2427968] {5ACF6D00-522E-4E15-9387-733063B2D076} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar mit Pop-Up-Blocker - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=I:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "NvCplDaemon"=I:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=I:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] "KernelFaultCheck"=I:\WINDOWS\system32\dumprep 0 -k [] "avgnt"=I:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "tsnp2std"=I:\WINDOWS\tsnp2std.exe [2006-01-16 114688] "ZSSnp211"=I:\WINDOWS\ZSSnp211.exe [2006-08-18 49152] "Domino"=I:\WINDOWS\Domino.exe [2006-08-18 49152] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=I:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DAEMON Tools Lite"=M:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Free Download Manager"=I:\Programme\Free Download Manager\fdm.exe [2009-09-14 3698735] "COM+ Manager"=I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe [2009-12-02 312832] I:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart HP Digital Imaging Monitor.lnk - I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe HP Photosmart Premier – Schnellstart.lnk - I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe I:\Dokumente und Einstellungen\Harms\Startmenü\Programme\Autostart FRITZ!DSL Startcenter.lnk - I:\Programme\FRITZ!DSL\StCenter.exe GM_DevUpdate.lnk - I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkjKaW] opnkjKaW.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 I:\WINDOWS\system32\opnnkijj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "H:\fsetup.exe"="H:\fsetup.exe:*:Enabled:AVM FSetup Application" "I:\Programme\FRITZ!DSL\IGDCTRL.EXE"="I:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe" "G:\fsetup.exe"="G:\fsetup.exe:*:Enabled:AVM FSetup Application" "I:\Programme\FRITZ!DSL\FBOXUPD.EXE"="I:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\PowerChallenge\PowerSoccer\PowerSoccer.exe"="I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer" "I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "I:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "I:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="I:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "I:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="I:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "I:\Programme\HP\Digital Imaging\bin\hposid01.exe"="I:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "I:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="I:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "I:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="I:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "I:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="I:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "I:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="I:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "I:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="I:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "I:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="I:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "I:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="I:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "I:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="I:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "I:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "I:\Programme\Internet Explorer\iexplore.exe"="I:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "I:\Programme\Xpage Internet Studio 6 Special Edition\jre\bin\javaw.exe"="I:\Programme\Xpage Internet Studio 6 Special Edition\jre\bin\javaw.exe:*:Disabled:javaw" "I:\WINDOWS\system32\dplaysvr.exe"="I:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "I:\Programme\Condor\Condor.exe"="I:\Programme\Condor\Condor.exe:*:Enabled:Condor" "I:\Programme\Condor\CondorServer.exe"="I:\Programme\Condor\CondorServer.exe:*:Enabled:CondorServer" "M:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm"="M:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm:Enabled:GameExe2" "M:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe"="M:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" "I:\WINDOWS\system32\java.exe"="I:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary" "I:\Programme\Mozilla Firefox\firefox.exe"="I:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "I:\Programme\Condor\CondorDedicated.exe"="I:\Programme\Condor\CondorDedicated.exe:*:Enabled:CondorDedicated" "I:\Dokumente und Einstellungen\Harms\temp\TeamViewer3\TeamViewer.exe"="I:\Dokumente und Einstellungen\Harms\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "I:\Dokumente und Einstellungen\Harms\temp\TeamViewer\Version4\TeamViewer.exe"="I:\Dokumente und Einstellungen\Harms\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "M:\Ds\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld.exe"="M:\Ds\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld.exe:*:Enabled:mysqld" "M:\Christian\WOW_server\diskw\usr\local\mysql\bin\mysqld-nt.exe"="M:\Christian\WOW_server\diskw\usr\local\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt" "M:\Christian\WOW_server\realmd.exe"="M:\Christian\WOW_server\realmd.exe:*:Enabled:realmd" "M:\Christian\WOW_server\mangosd.exe"="M:\Christian\WOW_server\mangosd.exe:*:Enabled:mangosd" "I:\Dokumente und Einstellungen\Harms\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="I:\Dokumente und Einstellungen\Harms\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer" "M:\Programme\Pinnacle\VideoSpin\Programs\RM.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager" "M:\Programme\Pinnacle\VideoSpin\Programs\umi.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi" "M:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin" "I:\Programme\ICQ6.5\ICQ.exe"="I:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "I:\Programme\Windows Live\Messenger\wlcsdk.exe"="I:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "I:\Dokumente und Einstellungen\Harms\Lokale Einstellungen\Anwendungsdaten\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe"="I:\Dokumente und Einstellungen\Harms\Lokale Einstellungen\Anwendungsdaten\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Chat Republic Games Player" "M:\Programme\SopCast\adv\SopAdver.exe"="M:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "M:\Programme\SopCast\SopCast.exe"="M:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe"="I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv" "I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\TSC.exe"="I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\TSC.exe:*:Enabled:TSC" "I:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe"="I:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate" "I:\Programme\Tunngle\tnglctrl.exe"="I:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service" "I:\Programme\Tunngle\tunngle.exe"="I:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client" "D:\Programme\utorrent\utorrent14458.exe"="D:\Programme\utorrent\utorrent14458.exe:*:Enabled:µTorrent" "I:\WINDOWS\system32\PnkBstrA.exe"="I:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "I:\WINDOWS\system32\PnkBstrB.exe"="I:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe"="M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen" "I:\Programme\Windows Live\Messenger\msnmsgr.exe"="I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "I:\Programme\Skype\Plugin Manager\skypePM.exe"="I:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "I:\Programme\Skype\Phone\Skype.exe"="I:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb\WSe01c.exe"="I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb\WSe01c.exe:*:Enabled:System Defender" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "M:\Programme\NCsoft\Exteel\System\Exteel.exe"="M:\Programme\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel" "I:\Programme\Windows Live\Messenger\wlcsdk.exe"="I:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe"="M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen" "I:\Programme\Windows Live\Messenger\msnmsgr.exe"="I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c934f0-f356-11dc-96ca-d02f97efaa28}] shell\AutoRun\command - O:\preinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2df83e12-f1e5-11dd-99ea-9a5b4bf7fbb6}] shell\AutoRun\command - C:\PStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{444aead8-a056-11dd-988b-000c7640ed17}] shell\AutoRun\command - L:\preinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b05438-1027-11dd-970f-a0277c61322f}] shell\AutoRun\command - K:\preinst.exe ======List of files/folders created in the last 1 months====== 2009-12-04 16:46:07 ----D---- I:\rsit 2009-12-03 15:16:18 ----D---- I:\Programme\ESET 2009-12-03 15:02:49 ----A---- I:\WINDOWS\isRS-000.tmp 2009-12-02 22:21:02 ----SHD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WSKZLSJD_APDM 2009-12-02 22:20:49 ----SHD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb 2009-12-02 22:10:19 ----A---- I:\WINDOWS\system32\YYtZL0.exe 2009-11-28 19:42:59 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\skypePM 2009-11-28 19:35:45 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Skype 2009-11-28 19:35:08 ----D---- I:\Programme\Gemeinsame Dateien\Skype 2009-11-28 19:35:03 ----RD---- I:\Programme\Skype 2009-11-28 19:34:46 ----D---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2009-11-27 16:20:45 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\FrostWire 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\ZSSnp211.EXE 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\ZS211Cap.exe 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\Domino.EXE 2009-11-24 21:03:59 ----RA---- I:\WINDOWS\system32\ZS211STI.dll 2009-11-24 21:02:03 ----A---- I:\WINDOWS\WindowsXP-KB822603-x86.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\vsnp2std.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\tsnp2std.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\snp2std.ini 2009-11-24 21:02:00 ----D---- I:\Programme\Gemeinsame Dateien\snp2std 2009-11-24 21:02:00 ----A---- I:\WINDOWS\vsnp2std.dll 2009-11-24 21:02:00 ----A---- I:\WINDOWS\system32\csnp2std.dll 2009-11-24 21:02:00 ----A---- I:\WINDOWS\rsnp2std.dll 2009-11-24 20:53:56 ----D---- I:\Programme\STV 2009-11-24 20:47:25 ----RA---- I:\WINDOWS\amcap.exe 2009-11-24 20:47:25 ----A---- I:\WINDOWS\FixCamera.exe 2009-11-24 14:23:12 ----D---- I:\Programme\Microsoft 2009-11-13 16:37:06 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Acreon ======List of files/folders modified in the last 1 months====== 2009-12-04 16:45:47 ----D---- I:\WINDOWS\Prefetch 2009-12-04 16:45:41 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Free Download Manager 2009-12-04 16:42:47 ----D---- I:\Programme\Mozilla Firefox 2009-12-04 07:32:09 ----D---- I:\WINDOWS\system32\CatRoot2 2009-12-04 07:32:05 ----D---- I:\WINDOWS\Temp 2009-12-04 07:32:04 ----D---- I:\WINDOWS 2009-12-04 07:29:02 ----A---- I:\WINDOWS\SchedLgU.Txt 2009-12-03 16:13:05 ----D---- I:\Downloads 2009-12-03 15:23:36 ----D---- I:\WINDOWS\Minidump 2009-12-03 15:16:25 ----SD---- I:\WINDOWS\Downloaded Program Files 2009-12-03 15:16:18 ----RD---- I:\Programme 2009-12-03 15:02:47 ----D---- I:\WINDOWS\system32\drivers 2009-12-03 14:53:11 ----AD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-03 14:44:34 ----D---- I:\WINDOWS\system32 2009-12-03 14:42:25 ----HD---- I:\WINDOWS\inf 2009-12-03 14:38:37 ----HD---- I:\WINDOWS\$hf_mig$ 2009-11-29 12:33:29 ----A---- I:\WINDOWS\win.ini 2009-11-28 19:35:35 ----SHD---- I:\WINDOWS\Installer 2009-11-28 19:35:35 ----HD---- I:\Config.Msi 2009-11-28 19:35:08 ----D---- I:\Programme\Gemeinsame Dateien 2009-11-27 16:20:09 ----D---- I:\Programme\Free Download Manager 2009-11-25 14:56:05 ----SD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-11-24 21:04:13 ----D---- I:\WINDOWS\twain_32 2009-11-24 21:04:03 ----RSHDC---- I:\WINDOWS\system32\dllcache 2009-11-24 21:02:00 ----HD---- I:\Programme\InstallShield Installation Information 2009-11-21 11:30:03 ----SD---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Microsoft 2009-11-05 20:00:09 ----D---- I:\Programme\Condor ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7-Prozessortreiber; I:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\I:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; I:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; I:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; I:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 atksgt;atksgt; I:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-12-07 165376] R2 avgntflt;avgntflt; I:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656] R2 lirsgt;lirsgt; I:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-12-07 18048] R2 tmcomm;tmcomm; \??\I:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); I:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 AVMUNET;AVM FRITZ!Box; I:\WINDOWS\system32\DRIVERS\avmunet.sys [2006-10-06 14976] R3 HPZid412;IEEE-1284.4 Driver HPZid412; I:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; I:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; I:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] R3 MBAMSwissArmy;MBAMSwissArmy; \??\I:\WINDOWS\system32\drivers\mbamswissarmy.sys [] R3 nv;nv; I:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; I:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB-Druckerklasse; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB-Scannertreiber; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB-Massenspeichertreiber; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 irenumm;irenumm; I:\WINDOWS\System32\drivers\irenumm.sys [] S2 PfModNT;PfModNT; \??\I:\WINDOWS\system32\PfModNT.sys [] S3 a2z3z9x7;a2z3z9x7; I:\WINDOWS\system32\drivers\a2z3z9x7.sys [] S3 CCDECODE;Untertiteldecoder; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cmuda;C-Media WDM Audio Interface; I:\WINDOWS\system32\drivers\cmuda.sys [] S3 EagleNT;EagleNT; \??\I:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GMFilter;GMFilter HID Filter Driver; I:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840] S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Microsoft HID Class-Treiber; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 IKFileSec;File Security Driver; I:\WINDOWS\system32\drivers\ikfilesec.sys [2008-11-17 40840] S3 IKSysFlt;System Filter Driver; I:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-17 66952] S3 IKSysSec;System Security Driver; I:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-17 81288] S3 mouhid;Maus-HID-Treiber; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; I:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; I:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] S3 SaiHFF52;SaiHFF52; I:\WINDOWS\system32\DRIVERS\SaiHFF52.sys [2007-05-01 132232] S3 SaiUFF52;SaiUFF52; I:\WINDOWS\system32\DRIVERS\SaiUFF52.sys [2007-05-01 28416] S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); I:\WINDOWS\system32\DRIVERS\tap0901t.sys [2008-09-18 25600] S3 teamviewervpn;TeamViewer VPN Adapter; I:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] S3 VBoxNetFlt;VBoxNetFlt Service; I:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [] S3 wip0204;Wippien Network Adapter 2.4; I:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-08-25 23480] S3 WpdUsb;WpdUsb; I:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; I:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva289;XDva289; \??\I:\WINDOWS\system32\XDva289.sys [] S3 ZSMC211;USB PC Camera (ZS0211); I:\WINDOWS\System32\Drivers\ZS211.sys [2006-08-08 391836] S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; I:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 Apache2;Apache2; M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe [2008-05-09 16896] R2 AVM IGD CTRL Service;AVM IGD CTRL Service; I:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920] R2 MDM;Machine Debug Manager; I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NMSAccessU;NMSAccessU; I:\Programme\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R2 Pml Driver HPZ12;Pml Driver HPZ12; I:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 PnkBstrA;PnkBstrA; I:\WINDOWS\system32\PnkBstrA.exe [2009-07-03 75064] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; I:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] S2 TunngleService;TunngleService; I:\Programme\Tunngle\TnglCtrl.exe [2009-04-24 664824] S3 aspnet_state;ASP.NET-Zustandsdienst; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 de_serv;AVM FRITZ!web Routing Service; I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-11-21 315392] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-17 168432] S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; I:\WINDOWS\system32\GameMon.des [2009-02-17 2736890] S3 ose;Office Source Engine; I:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; I:\Programme\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; I:\Programme\Spyware Doctor\pctsSvc.exe [2008-11-17 1079176] S3 usprserv;User Privilege Service; I:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; I:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 AntiVirService;Avira AntiVir Guard; I:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
Rsit info: info.txt logfile of random's system information tool 1.06 2009-12-04 16:46:24 ======Uninstall list====== -->I:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER -->I:\WINDOWS\IsUn0407.exe -fI:\Programme\Creative\News\CTNews.isu -->I:\WINDOWS\IsUn0407.exe -fI:\Programme\Creative\Uninstall\Installer.isu -->I:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf Adobe Acrobat 4.0-->I:\WINDOWS\ISUN0407.EXE -f"I:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"I:\Programme\Gemeinsame Dateien\Adobe\Acrobat 4.0\NT\Uninst.dll" Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{2BD2FA21-B51D-4F01-94A7-AC16737B2163} Adobe Flash Player 10 Plugin-->I:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003} Adobe Shockwave Player 11.5-->I:\WINDOWS\system32\Adobe\uninstaller.exe Adobe SVG Viewer 3.0-->I:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fI:\Programme\Gemeinsame Dateien\Adobe\SVG Viewer 3.0\Uninstall\Install.log AGEIA GAME System Software 2.8.0-->MsiExec.exe /I{5C9530C0-957F-4CC4-ADA9-A7195BD9394C} AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} ArchiCrypt System Doctor Version 1.2.3.2231-->"I:\Programme\ArchiCrypt System Doctor\unins000.exe" Avira AntiVir Personal - Free Antivirus-->I:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE AVM FRITZ!Box Dokumentation-->I:\Programme\FRITZ!Box\install.exe -d AVM FRITZ!DSL-->I:\WINDOWS\IsUn0407.exe -fI:\Programme\FRITZ!DSL\WebUnins.isu -cI:\Programme\FRITZ!DSL\Webunins.dll Call of Duty(R) 2-->I:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} CCleaner (remove only)-->"I:\Programme\CCleaner\uninst.exe" CDBurnerXP-->"I:\Programme\CDBurnerXP\unins000.exe" Condor Scenery Toolkit 1.0.1-->I:\Programme\Condor\CondorSceneryToolkit\uninst.exe Condor: The Competition Soaring Simulator 1.0.1-->I:\Programme\Condor\uninst.exe DivX Codec-->I:\Programme\DivX\DivXCodecUninstall.exe /CODEC DivX Converter-->I:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->I:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->I:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN EasternAlps Scenery 2.0-->I:\Programme\Condor\Landscapes\uninstall_EasternAlps2.0.exe EPSON-Drucker-Software-->I:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R ESET Online Scanner v3-->I:\Programme\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe Fahren Lernen 1.1-->"M:\Programme\Vogel Verlag\Fahren Lernen\unins000.exe" FLV Player 2.0, build 24-->I:\Programme\FLV Player\uninst.exe Free Audio Converter version 1.1-->"M:\Programme\DVDVideoSoft\Free Audio Converter\unins000.exe" Free Download Manager 3.0-->"I:\Programme\Free Download Manager\unins000.exe" Free Mp3 Wma Converter V 1.8.0-->"I:\Programme\Free Audio Pack\unins000.exe" Free YouTube to Mp3 Converter version 3.1-->"I:\Programme\DVDVideoSoft\Free YouTube to Mp3 Converter\unins000.exe" getPlus(R)_ocx-->rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\inf\GETPLUSo.INF, DefaultUninstall Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "i:\programme\google\googletoolbar1.dll" Grand Theft Auto San Andreas-->RunDll32 I:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "I:\Programme\InstallShield Installation Information\{086BADF8-9B1F-4E89-B207-2EDA520972D6}\setup.exe" -l0x7 -removeonly HijackThis 2.0.2-->"I:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"I:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix für Windows Internet Explorer 7 (KB947864)-->"I:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix für Windows Media Player 11 (KB939683)-->"I:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix für Windows XP (KB952287)-->"I:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix für Windows XP (KB961118)-->"I:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix für Windows XP (KB970653-v3)-->"I:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" HP Document Viewer 7.0-->I:\Programme\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat HP Imaging Device Functions 7.0-->I:\Programme\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F} HP Photosmart Premier Software 6.5-->I:\Programme\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Photosmart, Officejet and Deskjet 7.0.A-->I:\Programme\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E} HP Solution Center 7.0-->I:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat ICQ Toolbar-->regsvr32 /u /s "I:\PROGRA~1\ICQTOO~1\toolbaru.dll" ICQ6.5-->"I:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly IL-2 Sturmovik 1946-->I:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{79438F1E-DEC3-443D-9DCD-FECE2D68C605} /l1031 J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LoudMo Contextual Ad Assistant-->I:\WINDOWS\system32\YYtZL0.exe Malwarebytes' Anti-Malware-->"M:\Programme\Malwarebytes' Anti-Malware\unins000.exe" Messenger Plus! Live-->"I:\Programme\Messenger Plus! Live\Uninstall.exe" MetaFrame Presentation Server Web Client for Win32-->RunDll32 ADVPACK.DLL,LaunchINFSection I:\WINDOWS\INF\wficat.inf,DefaultUninstall Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "I:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->I:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929} Microsoft .NET Framework 3.5 SP1-->I:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Age of Empires II: The Conquerors Expansion-->"M:\Programme\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove Microsoft Age of Empires II-->"M:\Programme\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Compression Client Pack 1.0 for Windows XP-->"I:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"I:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"I:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office 2000 Premium-->MsiExec.exe /I{00000407-78E1-11D2-B60F-006097C998E7} Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170407-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83} Microsoft SQL Server Compact 3.5 SP1 (Deutsch)-->MsiExec.exe /I{FA440BE8-EC2F-4478-A01A-077DA0606501} Microsoft SQL Server Compact 3.5 SP1 Design Tools (Deutsch)-->MsiExec.exe /X{738B0934-6676-44F6-AB52-32F4E60DCA7F} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"I:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918} Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu-->MsiExec.exe /X{0E592C31-09EF-3CA1-A7DE-05D13DFCF791} Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B} Mirar-->mshta.exe http://remove.getmirar.com/ Mozilla Firefox (3.0.15)-->I:\Programme\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} NVIDIA Drivers-->I:\WINDOWS\system32\nvuninst.exe UninstallGUI OCR Software by I.R.I.S 7.0-->I:\Programme\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat OpenAL-->"I:\Programme\OpenAL\OpenALwEAX.exe" /U /S PC Inspector File Recovery-->RunDll32 I:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Programme\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x7 PdfGrabber 5.0-->MsiExec.exe /I{6D9B4C6B-7879-477A-B5EE-7DF068B91F34} Phonetik-->MsiExec.exe /I{626B7EA2-B7C2-4277-AE30-A8B452A92B6C} Pinnacle VideoSpin-->MsiExec.exe /I{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8} Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} PunkBuster Services-->I:\WINDOWS\system32\pbsvc.exe -u Realtek AC'97 Audio-->RunDll32 I:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "I:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7} Security Update for Windows Internet Explorer 7 (KB960714)-->"I:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Shop for HP Supplies-->I:\Programme\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"I:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"I:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"I:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"I:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"I:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"I:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"I:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"I:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Internet Explorer 7 (KB972260)-->"I:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB952069)-->"I:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB968816)-->"I:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player (KB973540)-->"I:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"I:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"I:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"I:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464)-->"I:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB938464-v2)-->"I:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"I:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"I:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"I:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"I:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"I:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"I:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376)-->"I:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"I:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"I:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"I:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"I:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"I:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB953839)-->"I:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954211)-->"I:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"I:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"I:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"I:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956391)-->"I:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"I:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956744)-->"I:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"I:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"I:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"I:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956844)-->"I:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957095)-->"I:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"I:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"I:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"I:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"I:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"I:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"I:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"I:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"I:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960859)-->"I:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961371-v2)-->"I:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"I:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961501)-->"I:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB968537)-->"I:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB970238)-->"I:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971557)-->"I:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971633)-->"I:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971657)-->"I:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB971961)-->"I:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973346)-->"I:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973354)-->"I:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973507)-->"I:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB973869)-->"I:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} Solid State ION Internet Explorer Plugin-->I:\WINDOWS\system32\SolidStateNetworks\SolidStateION\soliduninstall.exe /Uninstall activex SopCast 3.0.3-->M:\Programme\SopCast\uninst.exe Speed-Link Vibration Joystick-->I:\PROGRA~1\SPEED-~1\UNWISE.EXE I:\PROGRA~1\SPEED-~1\INSTALL.LOG Spyware Doctor 6.0-->I:\Programme\Spyware Doctor\unins000.exe /LOG SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490} Startup Control Panel-->MsiExec.exe /I{3DC91D8B-0C19-4D67-930B-D0AAD2009632} StrePla3-->MsiExec.exe /X{8F37126F-1106-47A3-8B0C-A73B7AF8E2EB} TeamSpeak 2 RC2-->I:\Programme\Teamspeak2_RC2\unins000.exe Tous ensemble 3 Sprachtrainer Kommunikation-->RunDll32 I:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "I:\Programme\InstallShield Installation Information\{37748016-1B4A-4FD5-891C-33720D1F1402}\setup.exe" -l0x7 -removeonly Tunngle beta 4.0-->"I:\Programme\Tunngle\unins000.exe" Uninstall 1.0.0.1-->"I:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe" Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->I:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update für Windows XP (KB951072-v2)-->"I:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"I:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"I:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"I:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"I:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update für Windows XP (KB968389)-->"I:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update für Windows XP (KB973815)-->"I:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" USB Joystick-->RunDll32 I:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "I:\Programme\InstallShield Installation Information\{DEED33EE-4357-4907-8F20-C1A50CC68A5A}\setup.exe" -l0x9 -removeonly USB2.0 PC Camera (SN9C201&202)-->RunDll32 I:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "I:\Programme\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\Setup.exe" -l0x9 VDMSound-->M:\Programme\VDMSound\uninst.exe VidShot Capturer-->"M:\Programme\GeoVid\VidShot Capturer\unins000.exe" VLC media player 0.9.2-->I:\Programme\VideoLAN\VLC\uninstall.exe Wichtiges Update für Windows Media Player 11 (KB959772)-->"I:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Windows Imaging Component-->"I:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->I:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F} Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB} Windows Live OneCare safety scanner-->RunDll32.exe "I:\Programme\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format 11 runtime-->"I:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"I:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"I:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"I:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR-->I:\Programme\WinRAR\uninstall.exe XML Paper Specification Shared Components Language Pack 1.0-->"I:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" Xpage Internet Studio 6 Special Edition-->"I:\Programme\Xpage Internet Studio 6 Special Edition\Uninstall_Xpage Internet Studio 6 Special Edition\Uninstall Xpage Internet Studio 6 Special Edition.exe" xp-AntiSpy 3.96-4-->I:\Programme\xp-AntiSpy\Uninstall.exe Yahoo! Install Manager-->I:\WINDOWS\system32\regsvr32 /u I:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Toolbar mit Pop-Up-Blocker-->I:\PROGRA~1\Yahoo!\Common\unyt.exe ======Hosts File====== 127.0.0.1 localhost 74.125.45.100 4-open-davinci.com 74.125.45.100 securitysoftwarepayments.com 74.125.45.100 privatesecuredpayments.com 74.125.45.100 secure.privatesecuredpayments.com 74.125.45.100 getantivirusplusnow.com 74.125.45.100 secure-plus-payments.com 74.125.45.100 www.getantivirusplusnow.com 74.125.45.100 www.secure-plus-payments.com 74.125.45.100 www.getavplusnow.com ======Security center information====== AV: System Defender AV: AntiVir Desktop (disabled) FW: System Defender ======System event log====== Computer Name: BUERO Event Code: 7000 Message: Der Dienst "PfModNT" wurde aufgrund folgenden Fehlers nicht gestartet: Das System kann die angegebene Datei nicht finden. Record Number: 2581631 Source Name: Service Control Manager Time Written: 20091107141129.000000+060 Event Type: Fehler User: Computer Name: BUERO Event Code: 2511 Message: Der Serverdienst konnte die Freigabe Air Conflicts nicht wiederherstellen, da das Verzeichnis M:\Programme\Frogster\Air Conflicts nicht mehr vorhanden ist. Führen Sie den Befehl "net share Air Conflicts /delete" aus, um die Freigabe zu löschen oder um das Verzeichnis M:\Programme\Frogster\Air Conflicts zu erstellen. Record Number: 2581630 Source Name: Server Time Written: 20091107141117.000000+060 Event Type: Warnung User: Computer Name: BUERO Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 2581629 Source Name: EventLog Time Written: 20091107141112.000000+060 Event Type: Informationen User: Computer Name: BUERO Event Code: 6009 Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free. Record Number: 2581628 Source Name: EventLog Time Written: 20091107141112.000000+060 Event Type: Informationen User: Computer Name: BUERO Event Code: 6006 Message: Der Ereignisprotokolldienst wurde beendet. Record Number: 2581627 Source Name: EventLog Time Written: 20091107130642.000000+060 Event Type: Informationen User: =====Application event log===== Computer Name: BUERO Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 5 Source Name: Avira AntiVir Time Written: 20090421100537.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: BUERO Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 4 Source Name: SecurityCenter Time Written: 20090420192301.000000+120 Event Type: Informationen User: Computer Name: BUERO Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 3 Source Name: Avira AntiVir Time Written: 20090420192230.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM Computer Name: BUERO Event Code: 1800 Message: Der Windows-Sicherheitscenterdienst wurde gestartet. Record Number: 2 Source Name: SecurityCenter Time Written: 20090420131855.000000+120 Event Type: Informationen User: Computer Name: BUERO Event Code: 4096 Message: Der AntiVir Dienst wurde erfolgreich gestartet! Record Number: 1 Source Name: Avira AntiVir Time Written: 20090420131830.000000+120 Event Type: Informationen User: NT-AUTORITÄT\SYSTEM ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;I:\Programme\Pinnacle\Shared Files\;M:\Programme\VDMSound "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "VDMSPath"=M:\Programme\VDMSound -----------------EOF----------------- |
Entferne alles gefunde was Malwarebytes fand. Reboote den PC. |
und jetzt? |
Anleitung Avenger (by swandog46) Lade dir das Tool Hopsassa und speichere es auf dem Desktop:
Code: Files to delete:
|
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at I:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "I:\WINDOWS\tasks\cylewvxr.job" deleted successfully. Error: folder "I:\WINDOWS\system32\opnnkijj" not found! Deletion of folder "I:\WINDOWS\system32\opnnkijj" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "a2z3z9x7.sys" Disablement of driver "a2z3z9x7.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "irenumm.sys" Disablement of driver "irenumm.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\a2z3z9x7.sys" not found! Deletion of driver "a2z3z9x7.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\irenumm.sys" not found! Deletion of driver "irenumm.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Registry key "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnkjKaW" deleted successfully. Completed script processing. ******************* Finished! Terminate. |
Neues RSIT Logfile bitte. Diesmal nur die Log.TXT |
Logfile of random's system information tool 1.06 (written by random/random) Run by Harms at 2009-12-04 18:18:49 Microsoft Windows XP Home Edition Service Pack 3 System drive I: has 14 GB (23%) free of 59 GB Total RAM: 2047 MB (67% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:19:01, on 04.12.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: I:\WINDOWS\System32\smss.exe I:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\Explorer.EXE I:\WINDOWS\system32\spoolsv.exe I:\Programme\Avira\AntiVir Desktop\sched.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\Programme\FRITZ!DSL\IGDCTRL.EXE I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE I:\WINDOWS\SOUNDMAN.EXE I:\Programme\CDBurnerXP\NMSAccessU.exe I:\WINDOWS\system32\RUNDLL32.EXE I:\WINDOWS\system32\nvsvc32.exe I:\Programme\Avira\AntiVir Desktop\avgnt.exe I:\WINDOWS\system32\HPZipm12.exe I:\WINDOWS\tsnp2std.exe I:\WINDOWS\ZSSnp211.exe I:\WINDOWS\Domino.exe I:\WINDOWS\system32\PnkBstrA.exe I:\WINDOWS\system32\ctfmon.exe I:\WINDOWS\system32\svchost.exe M:\Programme\DAEMON Tools Lite\daemon.exe I:\Programme\Free Download Manager\fdm.exe I:\Programme\Tunngle\TnglCtrl.exe I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe I:\Programme\FRITZ!DSL\StCenter.exe I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe I:\Programme\HP\Digital Imaging\bin\hpqimzone.exe M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe I:\Programme\HP\Digital Imaging\bin\hpqSTE08.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\wuauclt.exe I:\Programme\Mozilla Firefox\firefox.exe N:\RSIT.exe I:\Dokumente und Einstellungen\Harms\Desktop\Harms.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.flugwetter.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = fritz.box;192.168.178.1 R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - I:\Programme\Free Download Manager\iefdm2.dll O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\programme\google\googletoolbar1.dll O3 - Toolbar: (no name) - {5ACF6D00-522E-4E15-9387-733063B2D076} - (no file) O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "I:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [tsnp2std] I:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [ZSSnp211] I:\WINDOWS\ZSSnp211.exe O4 - HKLM\..\Run: [Domino] I:\WINDOWS\Domino.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "M:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "M:\Programme\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [Free Download Manager] I:\Programme\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [COM+ Manager] "I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: FRITZ!DSL Startcenter.lnk = I:\Programme\FRITZ!DSL\StCenter.exe O4 - Startup: GM_DevUpdate.lnk = I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Photosmart Premier – Schnellstart.lnk = I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: Alles mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlall.htm O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlselected.htm O8 - Extra context menu item: Datei mit FDM herunterladen - file://I:\Programme\Free Download Manager\dllink.htm O8 - Extra context menu item: Videos mit FDM herunterladen - file://I:\Programme\Free Download Manager\dlfvideo.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - M:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - I:\Programme\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Programme\Messenger\msmsgs.exe O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://xiah.gamescampus.com/luncher/GamesCampus.cab O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://a516.g.akamai.net/f/516/25175/7d/runaware.download.akamai.com/25175/citrix/wficat-no-eula.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - I:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.de/SnapfishActivia.cab O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} (PowerLoader Class) - http://www.powerchallenge.com/applet/PowerLoader.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/plugintest/solidstateion.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - I:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - I:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Apache2 - Apache Software Foundation - M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe O23 - Service: AVM IGD CTRL Service - AVM Berlin - I:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe O23 - Service: Google Updater Service (gusvc) - Google - I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - I:\Programme\CDBurnerXP\NMSAccessU.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - I:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - I:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - I:\Programme\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - I:\Programme\Spyware Doctor\pctsSvc.exe O23 - Service: TunngleService - Tunngle.net GmbH - I:\Programme\Tunngle\TnglCtrl.exe -- End of file - 11648 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - I:\Programme\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - I:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - i:\programme\google\googletoolbar1.dll [2008-03-15 2427968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - I:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2008-11-17 657904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}] FDMIECookiesBHO Class - I:\Programme\Free Download Manager\iefdm2.dll [2009-05-23 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - i:\programme\google\googletoolbar1.dll [2008-03-15 2427968] {5ACF6D00-522E-4E15-9387-733063B2D076} {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar mit Pop-Up-Blocker - I:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=I:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536] "NvCplDaemon"=I:\WINDOWS\system32\NvCpl.dll [2008-05-03 13529088] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=I:\WINDOWS\system32\NvMcTray.dll [2008-05-03 86016] "KernelFaultCheck"=I:\WINDOWS\system32\dumprep 0 -k [] "avgnt"=I:\Programme\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "tsnp2std"=I:\WINDOWS\tsnp2std.exe [2006-01-16 114688] "ZSSnp211"=I:\WINDOWS\ZSSnp211.exe [2006-08-18 49152] "Domino"=I:\WINDOWS\Domino.exe [2006-08-18 49152] "Malwarebytes Anti-Malware (reboot)"=M:\Programme\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=I:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "DAEMON Tools Lite"=M:\Programme\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] "Free Download Manager"=I:\Programme\Free Download Manager\fdm.exe [2009-09-14 3698735] "COM+ Manager"=I:\Dokumente und Einstellungen\Harms\.COMMgr\complmgr.exe [2009-12-02 312832] I:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart HP Digital Imaging Monitor.lnk - I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe HP Photosmart Premier – Schnellstart.lnk - I:\Programme\HP\Digital Imaging\bin\hpqthb08.exe I:\Dokumente und Einstellungen\Harms\Startmenü\Programme\Autostart FRITZ!DSL Startcenter.lnk - I:\Programme\FRITZ!DSL\StCenter.exe GM_DevUpdate.lnk - I:\Programme\Speed-Link Vibration Joystick\GM_DevUpdate.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 I:\WINDOWS\system32\opnnkijj [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "H:\fsetup.exe"="H:\fsetup.exe:*:Enabled:AVM FSetup Application" "I:\Programme\FRITZ!DSL\IGDCTRL.EXE"="I:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe" "G:\fsetup.exe"="G:\fsetup.exe:*:Enabled:AVM FSetup Application" "I:\Programme\FRITZ!DSL\FBOXUPD.EXE"="I:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\PowerChallenge\PowerSoccer\PowerSoccer.exe"="I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer" "I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe" "I:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "I:\Programme\HP\Digital Imaging\bin\hpofxm08.exe"="I:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe" "I:\Programme\HP\Digital Imaging\bin\hposfx08.exe"="I:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe" "I:\Programme\HP\Digital Imaging\bin\hposid01.exe"="I:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "I:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="I:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "I:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="I:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "I:\Programme\HP\Digital Imaging\bin\hpqCopy.exe"="I:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe" "I:\Programme\HP\Digital Imaging\bin\hpfccopy.exe"="I:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe" "I:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe"="I:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "I:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe"="I:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "I:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe"="I:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe" "I:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="I:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "I:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="I:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "I:\Programme\Internet Explorer\iexplore.exe"="I:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer" "I:\Programme\Xpage Internet Studio 6 Special Edition\jre\bin\javaw.exe"="I:\Programme\Xpage Internet Studio 6 Special Edition\jre\bin\javaw.exe:*:Disabled:javaw" "I:\WINDOWS\system32\dplaysvr.exe"="I:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "I:\Programme\Condor\Condor.exe"="I:\Programme\Condor\Condor.exe:*:Enabled:Condor" "I:\Programme\Condor\CondorServer.exe"="I:\Programme\Condor\CondorServer.exe:*:Enabled:CondorServer" "M:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm"="M:\Programme\Gameforge4D\AirRivalsDe\Launcher.atm:Enabled:GameExe2" "M:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe"="M:\Programme\Gameforge4D\AirRivalsDe\Res-Voip\SCVoIP.exe:Enabled:GameVoIP" "I:\WINDOWS\system32\java.exe"="I:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary" "I:\Programme\Mozilla Firefox\firefox.exe"="I:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox" "I:\Programme\Condor\CondorDedicated.exe"="I:\Programme\Condor\CondorDedicated.exe:*:Enabled:CondorDedicated" "I:\Dokumente und Einstellungen\Harms\temp\TeamViewer3\TeamViewer.exe"="I:\Dokumente und Einstellungen\Harms\temp\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "I:\Dokumente und Einstellungen\Harms\temp\TeamViewer\Version4\TeamViewer.exe"="I:\Dokumente und Einstellungen\Harms\temp\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "M:\Ds\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld.exe"="M:\Ds\dslan_v1.13\dslan_v1.13\mysql\bin\mysqld.exe:*:Enabled:mysqld" "M:\Christian\WOW_server\diskw\usr\local\mysql\bin\mysqld-nt.exe"="M:\Christian\WOW_server\diskw\usr\local\mysql\bin\mysqld-nt.exe:*:Enabled:mysqld-nt" "M:\Christian\WOW_server\realmd.exe"="M:\Christian\WOW_server\realmd.exe:*:Enabled:realmd" "M:\Christian\WOW_server\mangosd.exe"="M:\Christian\WOW_server\mangosd.exe:*:Enabled:mangosd" "I:\Dokumente und Einstellungen\Harms\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe"="I:\Dokumente und Einstellungen\Harms\Application Data\PowerChallenge\PowerSoccer\PowerSoccer.exe:*:Enabled:PowerSoccer" "M:\Programme\Pinnacle\VideoSpin\Programs\RM.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager" "M:\Programme\Pinnacle\VideoSpin\Programs\umi.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi" "M:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="M:\Programme\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin" "I:\Programme\ICQ6.5\ICQ.exe"="I:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6" "I:\Programme\Windows Live\Messenger\wlcsdk.exe"="I:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "I:\Dokumente und Einstellungen\Harms\Lokale Einstellungen\Anwendungsdaten\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe"="I:\Dokumente und Einstellungen\Harms\Lokale Einstellungen\Anwendungsdaten\Chat Republic Games\Superstar Racing\ChatRepublicPlayer.exe:*:Enabled:Chat Republic Games Player" "M:\Programme\SopCast\adv\SopAdver.exe"="M:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver" "M:\Programme\SopCast\SopCast.exe"="M:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application" "I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe"="I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\teeworlds_srv.exe:*:Enabled:teeworlds_srv" "I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\TSC.exe"="I:\Dokumente und Einstellungen\Harms\Desktop\teeworlds-0.5.1-win32\teeworlds-0.5.1-win32\TSC.exe:*:Enabled:TSC" "I:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe"="I:\Programme\Gemeinsame Dateien\XpressUpdate\XPressUpdate.exe:*:Enabled:XPressUpdate" "I:\Programme\Tunngle\tnglctrl.exe"="I:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service" "I:\Programme\Tunngle\tunngle.exe"="I:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client" "D:\Programme\utorrent\utorrent14458.exe"="D:\Programme\utorrent\utorrent14458.exe:*:Enabled:µTorrent" "I:\WINDOWS\system32\PnkBstrA.exe"="I:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA" "I:\WINDOWS\system32\PnkBstrB.exe"="I:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB" "M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe"="M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen" "I:\Programme\Windows Live\Messenger\msnmsgr.exe"="I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "I:\Programme\Skype\Plugin Manager\skypePM.exe"="I:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager" "I:\Programme\Skype\Phone\Skype.exe"="I:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" "I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb\WSe01c.exe"="I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb\WSe01c.exe:*:Enabled:System Defender" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "M:\Programme\NCsoft\Exteel\System\Exteel.exe"="M:\Programme\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel" "I:\Programme\Windows Live\Messenger\wlcsdk.exe"="I:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe"="M:\Programme\Vogel Verlag\Fahren Lernen\Vogel.FahrenLernenMax.exe:*:Enabled:Fahren Lernen" "I:\Programme\Windows Live\Messenger\msnmsgr.exe"="I:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02c934f0-f356-11dc-96ca-d02f97efaa28}] shell\AutoRun\command - O:\preinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2df83e12-f1e5-11dd-99ea-9a5b4bf7fbb6}] shell\AutoRun\command - C:\PStart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{444aead8-a056-11dd-988b-000c7640ed17}] shell\AutoRun\command - L:\preinst.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1b05438-1027-11dd-970f-a0277c61322f}] shell\AutoRun\command - K:\preinst.exe ======List of files/folders created in the last 1 months====== 2009-12-04 18:02:23 ----D---- I:\Avenger 2009-12-04 18:02:22 ----A---- I:\avenger.txt 2009-12-04 16:46:07 ----D---- I:\rsit 2009-12-03 15:16:18 ----D---- I:\Programme\ESET 2009-12-02 22:21:02 ----SHD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WSKZLSJD_APDM 2009-12-02 22:20:49 ----SHD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\e01c3eb 2009-12-02 22:10:19 ----A---- I:\WINDOWS\system32\YYtZL0.exe 2009-11-28 19:42:59 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\skypePM 2009-11-28 19:35:45 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Skype 2009-11-28 19:35:08 ----D---- I:\Programme\Gemeinsame Dateien\Skype 2009-11-28 19:35:03 ----RD---- I:\Programme\Skype 2009-11-28 19:34:46 ----D---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype 2009-11-27 16:20:45 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\FrostWire 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\ZSSnp211.EXE 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\ZS211Cap.exe 2009-11-24 21:04:12 ----RA---- I:\WINDOWS\Domino.EXE 2009-11-24 21:03:59 ----RA---- I:\WINDOWS\system32\ZS211STI.dll 2009-11-24 21:02:03 ----A---- I:\WINDOWS\WindowsXP-KB822603-x86.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\vsnp2std.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\tsnp2std.exe 2009-11-24 21:02:02 ----A---- I:\WINDOWS\snp2std.ini 2009-11-24 21:02:00 ----D---- I:\Programme\Gemeinsame Dateien\snp2std 2009-11-24 21:02:00 ----A---- I:\WINDOWS\vsnp2std.dll 2009-11-24 21:02:00 ----A---- I:\WINDOWS\system32\csnp2std.dll 2009-11-24 21:02:00 ----A---- I:\WINDOWS\rsnp2std.dll 2009-11-24 20:53:56 ----D---- I:\Programme\STV 2009-11-24 20:47:25 ----RA---- I:\WINDOWS\amcap.exe 2009-11-24 20:47:25 ----A---- I:\WINDOWS\FixCamera.exe 2009-11-24 14:23:12 ----D---- I:\Programme\Microsoft 2009-11-13 16:37:06 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Acreon ======List of files/folders modified in the last 1 months====== 2009-12-04 18:17:17 ----D---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Free Download Manager 2009-12-04 18:09:21 ----D---- I:\Programme\Mozilla Firefox 2009-12-04 18:03:27 ----D---- I:\WINDOWS\Temp 2009-12-04 18:03:26 ----D---- I:\WINDOWS\system32\CatRoot2 2009-12-04 18:03:04 ----D---- I:\WINDOWS 2009-12-04 18:02:23 ----SD---- I:\WINDOWS\Tasks 2009-12-04 18:02:23 ----D---- I:\WINDOWS\system32\drivers 2009-12-04 18:00:54 ----A---- I:\WINDOWS\SchedLgU.Txt 2009-12-04 18:00:13 ----D---- I:\WINDOWS\Prefetch 2009-12-04 17:45:22 ----D---- I:\WINDOWS\system32 2009-12-03 16:13:05 ----D---- I:\Downloads 2009-12-03 15:23:36 ----D---- I:\WINDOWS\Minidump 2009-12-03 15:16:25 ----SD---- I:\WINDOWS\Downloaded Program Files 2009-12-03 15:16:18 ----RD---- I:\Programme 2009-12-03 14:53:11 ----AD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP 2009-12-03 14:42:25 ----HD---- I:\WINDOWS\inf 2009-12-03 14:38:37 ----HD---- I:\WINDOWS\$hf_mig$ 2009-11-29 12:33:29 ----A---- I:\WINDOWS\win.ini 2009-11-28 19:35:35 ----SHD---- I:\WINDOWS\Installer 2009-11-28 19:35:35 ----HD---- I:\Config.Msi 2009-11-28 19:35:08 ----D---- I:\Programme\Gemeinsame Dateien 2009-11-27 16:20:09 ----D---- I:\Programme\Free Download Manager 2009-11-25 14:56:05 ----SD---- I:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-11-24 21:04:13 ----D---- I:\WINDOWS\twain_32 2009-11-24 21:04:03 ----RSHDC---- I:\WINDOWS\system32\dllcache 2009-11-24 21:02:00 ----HD---- I:\Programme\InstallShield Installation Information 2009-11-21 11:30:03 ----SD---- I:\Dokumente und Einstellungen\Harms\Anwendungsdaten\Microsoft 2009-11-05 20:00:09 ----D---- I:\Programme\Condor ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;AMD K7-Prozessortreiber; I:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\I:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; I:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 ssmdrv;ssmdrv; I:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-09 28520] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; I:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032] R2 atksgt;atksgt; I:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-12-07 165376] R2 avgntflt;avgntflt; I:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-06 55656] R2 lirsgt;lirsgt; I:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-12-07 18048] R2 tmcomm;tmcomm; \??\I:\WINDOWS\system32\drivers\tmcomm.sys [] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); I:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-01-24 4127488] R3 AVMUNET;AVM FRITZ!Box; I:\WINDOWS\system32\DRIVERS\avmunet.sys [2006-10-06 14976] R3 HPZid412;IEEE-1284.4 Driver HPZid412; I:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; I:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; I:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] R3 nv;nv; I:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-03 6554496] R3 usbccgp;Microsoft Standard-USB-Haupttreiber; I:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; I:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2-aktivierter Hub; I:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; I:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbprint;Microsoft USB-Druckerklasse; I:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB-Scannertreiber; I:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] R3 usbstor;USB-Massenspeichertreiber; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S1 irenumm;irenumm; I:\WINDOWS\System32\drivers\irenumm.sys [] S2 PfModNT;PfModNT; \??\I:\WINDOWS\system32\PfModNT.sys [] S3 a1qhn0x0;a1qhn0x0; I:\WINDOWS\system32\drivers\a1qhn0x0.sys [] S3 CCDECODE;Untertiteldecoder; I:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 cmuda;C-Media WDM Audio Interface; I:\WINDOWS\system32\drivers\cmuda.sys [] S3 EagleNT;EagleNT; \??\I:\WINDOWS\system32\drivers\EagleNT.sys [] S3 GMFilter;GMFilter HID Filter Driver; I:\WINDOWS\system32\DRIVERS\GMFilter.sys [2004-12-30 19840] S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [] S3 HidUsb;Microsoft HID Class-Treiber; I:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 IKFileSec;File Security Driver; I:\WINDOWS\system32\drivers\ikfilesec.sys [2008-11-17 40840] S3 IKSysFlt;System Filter Driver; I:\WINDOWS\system32\drivers\iksysflt.sys [2008-11-17 66952] S3 IKSysSec;System Security Driver; I:\WINDOWS\system32\drivers\iksyssec.sys [2008-11-17 81288] S3 mouhid;Maus-HID-Treiber; I:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; I:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; I:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; I:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys [] S3 NVENET;NVIDIA nForce MCP Networking Controller Driver; I:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-11-27 80896] S3 SaiHFF52;SaiHFF52; I:\WINDOWS\system32\DRIVERS\SaiHFF52.sys [2007-05-01 132232] S3 SaiUFF52;SaiUFF52; I:\WINDOWS\system32\DRIVERS\SaiUFF52.sys [2007-05-01 28416] S3 SLIP;BDA Slip De-Framer; I:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; I:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); I:\WINDOWS\system32\DRIVERS\tap0901t.sys [2008-09-18 25600] S3 teamviewervpn;TeamViewer VPN Adapter; I:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088] S3 VBoxNetFlt;VBoxNetFlt Service; I:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys [] S3 wip0204;Wippien Network Adapter 2.4; I:\WINDOWS\system32\DRIVERS\wip0204.sys [2008-08-25 23480] S3 WpdUsb;WpdUsb; I:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext-Codec; I:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; I:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S3 XDva289;XDva289; \??\I:\WINDOWS\system32\XDva289.sys [] S3 ZSMC211;USB PC Camera (ZS0211); I:\WINDOWS\System32\Drivers\ZS211.sys [2006-08-08 391836] S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; I:\Programme\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289] R2 Apache2;Apache2; M:\Ds\dslan_v1.13\dslan_v1.13\apache\bin\apache.exe [2008-05-09 16896] R2 AVM IGD CTRL Service;AVM IGD CTRL Service; I:\Programme\FRITZ!DSL\IGDCTRL.EXE [2005-11-21 81920] R2 MDM;Machine Debug Manager; I:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 NMSAccessU;NMSAccessU; I:\Programme\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096] R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\system32\nvsvc32.exe [2008-05-03 159812] R2 Pml Driver HPZ12;Pml Driver HPZ12; I:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 PnkBstrA;PnkBstrA; I:\WINDOWS\system32\PnkBstrA.exe [2009-07-03 75064] R2 TunngleService;TunngleService; I:\Programme\Tunngle\TnglCtrl.exe [2009-04-24 664824] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; I:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S3 aspnet_state;ASP.NET-Zustandsdienst; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 de_serv;AVM FRITZ!web Routing Service; I:\Programme\Gemeinsame Dateien\AVM\de_serv.exe [2005-11-21 315392] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; I:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; I:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-17 168432] S3 idsvc;Windows CardSpace; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 npggsvc;nProtect GameGuard Service; I:\WINDOWS\system32\GameMon.des [2009-02-17 2736890] S3 ose;Office Source Engine; I:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; I:\Programme\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920] S3 sdCoreService;PC Tools Security Service; I:\Programme\Spyware Doctor\pctsSvc.exe [2008-11-17 1079176] S3 usprserv;User Privilege Service; I:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; I:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S4 AntiVirService;Avira AntiVir Guard; I:\Programme\Avira\AntiVir Desktop\avguard.exe [2009-08-06 185089] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; I:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- |
Hallo, nochmal mit Avenger wie eben. Diesmal hiermit: Code: drivers to disable: |
Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at I:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: could not open driver "XDva289.sys" Disablement of driver "XDva289.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: could not open driver "a1qhn0x0.sys" Disablement of driver "a1qhn0x0.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\XDva289.sys" not found! Deletion of driver "XDva289.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\a1qhn0x0.sys" not found! Deletion of driver "a1qhn0x0.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Besonders hartnäckige Malware erkennt eine combofix.exe und würde sich vor ihr gezielt verstecken! Das Programm jedoch noch nicht starten sondern zuerst folgendes tun:
Combofix darf ausschließlich ausgeführt werden wenn ein Kompetenzler dies ausdrücklich empfohlen hat!Hinweis: Combofix verhindert die Autostart Funktion aller CD / DVD und USB - Laufwerken um so eine Verbeitung einzudämmen. Wenn es hierdurch zu Problemen kommt, diese im Thread posten. Poste alle Logfiles bitte mit Codetags umschlossen (#-Button) also so: [HTML] Code: Hier das Logfile rein! |
Code: ComboFix 09-12-04.02 - Harms 05.12.2009 11:50.1.1 - x86 |
Zitat:
|
Ich sehe den ordner da garnicht.... habe eigentlich auch verdeckte ordner aktiviert... |
Dann machen wir weiter mit Superantispyware lass es laufen und poste das Log hierher. |
Code: SUPERAntiSpyware Scan Logliegt das vll. daran das mein burder heute noch am pc während das programm lief gespielt hat? |
Zitat:
Wie geht es dem Rechner sonst? Ist er noch auffällig? Bitte stelle ein neues RSIT Log hier herein, dass ich einen Neuen Frischen Überblick über das System erhalte. |
Code: Logfile of random's system information tool 1.06 (written by random/random)aber schaus dir einfach mal an.. Leider kann ich antivir noch nich wieder starten... |
Scan mit SystemLook Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop. Download Mirror #1 - Download Mirror #2
|
Code: SystemLook v1.0 by jpshortstuff (29.08.09) |
Zitat:
|
Code: Datei 42_1Dy7.dll empfangen 2009.12.07 16:31:35 (UTC) |
Hallo, mir is grad nochein problem aufgefallen... Ich hab seit neustem Hamahi und Crossfire drauf... bevor ich hamachi hatte, konnte ich crossfire spielen aber seitedm ich jetzt hamachi drauf hab kann ich crossfire nicht mehr starten... ich kann asd spiel starten.. wenn es dann läd dann wird der bildschrim blau und da steht was von speicherbild blablabla... |
Hallo, lade mal die eine DLL Datei heir hoch wie beschrieben und packe den Virustotal Link rein: http://www.trojaner-board.de/54791-a...ner-board.html |
Irgendwie hb ich des jetzt hochgeladen aber da kommt nur haben die und die datei bekommen... |
Hallo, gehe zum Firefox unter Suchmaschinen verwalten und lösche die Fatsbrowser Search heraus. Sag mir ob dies geklappt hat. |
meinst du wenn ich firefox an habe oder meinst du wen ich in den instalations ordner gehe? |
Oben rechts im Firefox selber. |
wo den da? ich seh da nix... |
Ist nicht eine Kleine Zeile oben rechts neben der Adresszeile? Mache mal einen Screenshot deines browsers und stelle diesen hier rein. |
http://img11.imageshack.us/i/unbenanntoyw.png/ http://img11.imageshack.us/i/unbenanntoyw.png/ |
http://img710.imageshack.us/img710/6276/blubb.jpg Bei dem "HIER!" ein normalen Klick und auf "suchmaschinen verwalten" gehen und dort die Fastbrowsersearch "Entfernen". Sag ob es diesmal klappt |
jap hat jetzt eigentlich soweit geklappt... und was jetzt? |
Scripten mit Combofix
Code: http://www.trojaner-board.de/80004-system-defender-und-bestimmt-noch-mehr-3.html#post485153
Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann. |