| |
| |||||||
Log-Analyse und Auswertung: Böser HackerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.05.2010, 17:21
| #1 |
| Gesperrt |  Böser Hacker Hallo ich habe ein Problem und zwar wollte ich vor einigen tagen ein Spiel spielen was über Steam läuft. Ich wollte mich anmelden und mir wurde gesagt mein Passwort sei falsch. Ich habe mein Passwort zurück geändert indem ich Steam kontaktierte. Am nächsten Tag habe ich ein bisschen gespielt auf einmal ist mein spiele Fenster ausgegangen und ich habe nur noch den Sound vom Spiel gehört. Auf einmal hat sich ein Chat Fenster geöffnet und ich habe mit einem Hacker geschrieben der meinen Steam Account zurück haben wollte. Er konnte meinen Bildschirm ausmachen und mein Laufwerk öffnen. Währenddessen habe ich Spyhunter laufen lassen aber er meinte es würder eh nix finden also blieb mir nix anderes übrig ich habe ihm meine Steam daten gegeben danach meinte er noch das Leben ist hart und hat das Chat fenster geschlossen.  Jetzt will ich natürlich nicht das er ihrgendeine scheisse mit meinem System macht. Ausserdem habe ich das Problem , dass ich Antivira ,AVG ,Kaspersky nicht mehr öffnen und Kaspersky nicht installieren kann. Ich habe nur Spyhunter. Antivira kann ich nur manuell benutzen indem ich auf ein Ordner klicke und dann scanne. Er hat gesagt er hat mein system gehackt indem er eine Datei in meinen System32 Ordner getan hat. Hier mein HijackThis Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:30, on 17.05.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Application Updater\ApplicationUpdater.exe C:\Windows\system32\svchost.exe C:\Program Files\FRITZ!DSL\IGDCTRL.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe C:\Windows\explorer.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Microsoft LifeChat\LifeChat.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehtray.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\FRITZ!DSL\StCenter.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Windows\system32\taskeng.exe C:\Program Files\WinRAR\WinRAR.exe C:\Users\hannes\AppData\Local\Temp\Rar$EX00.288\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O1 - Hosts: ::1 localhost O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe" O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [HKCU] C:\Windows\java\java.exe O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\java\java.exe O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\java\java.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User 'Default user') O4 - Startup: FRITZ!DSL Internet.lnk = C:\Program Files\FRITZ!DSL\FritzDsl.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://download.divx.com/player/DivXBrowserPlugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D59A61CF-2D8B-4DE7-B383-8AD9D9114525}: NameServer = 213.73.91.35,62.2.100.201 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file) O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\Users\hannes\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe (file missing) O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 12331 bytes  ? |
|
17.05.2010, 17:27
| #2 |
| |  Böser Hacker Lösche die Datei!
__________________ |
|
17.05.2010, 19:49
| #3 |
| /// Helfer-Team  | Böser Hacker @fckoeln: wie, wenn er nicht weiß welche?
__________________@bugbugbug: Kannst Du Malwarebytes installieren und ausführen? Oder wird das auch unterbunden? Wenn möglich bitte damit Deinen PC scannen. Danach bitte mit OTL.exe Dein System scannen und die beiden Logfiles hier posten. Führe von diesem Rechner bitte kein Online-Banking/E-Mailing mehr durch. Da liest höchstwahrscheinlich jemand mit!
__________________ |
|
17.05.2010, 20:25
| #4 |
| Gesperrt | Böser Hacker Hier mein OTL Log: OTL logfile created on: 17.05.2010 21:07:32 - Run 1 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 20,55 Gb Free Space | 7,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll () MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirUpgradeService) -- File not found SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH) DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com|gametrailers.com|ofdb.de|newzleech.com|kino.to|g-stream.in|hxxp://www.tvspielfilm.de/tv-programm/tv-sender/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {780044d1-e8c0-488f-8059-4522ddbfc2ea}:1.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.3.20080730 FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.stopzilla.com/Results.aspx?u=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.07.17 01:33:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 01:17:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] [2010.04.16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.04.16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.05.17 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions [2009.07.17 01:51:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.17 01:51:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.07.19 13:46:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com [2009.07.18 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com-trash [2009.07.17 01:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com [2009.07.17 01:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com [2010.04.17 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml [2009.07.19 13:46:14 | 000,002,399 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml [2010.05.17 17:29:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.15 18:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.12.02 10:31:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.02 10:31:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.02 10:31:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.02 10:31:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.02 10:31:53 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.12.19 01:25:54 | 000,000,068 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKCU] C:\Windows\java\java.exe File not found O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\java\java.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: Policies = C:\Windows\java\java.exe File not found O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O27 - HKLM IFEO\_avp32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\_avpcc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\_avpm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~1.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\~2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\a.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aAvgApi.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AAWTray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\About.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ackwin32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\adaware.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Ad-Aware.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\advxdwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AdwarePrj.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agentsvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\agentw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\alertsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\alevir.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\alogserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AlphaAV.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AluSchedulerSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\amon9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntispywarXP2009.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\anti-trojan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Anti-Virus Professional.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\antivirus.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntiVirus_Pro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPlus.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusPro_2010.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AntivirusXP.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\antivirusxppro2009.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ants.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\apimonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aplica32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\apvxdwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\arr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Arrakis3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashAvast.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashBug.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashChest.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashCnsnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashDisp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashLogV.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashMaiSv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashPopWz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashQuick.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashServ.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSimp2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSimpl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSkPcc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashSkPck.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashUpd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ashWebSv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswChLic.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswRegSvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswRunDll.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aswUpdSv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atcon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atro55en.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atupdater.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\atwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\au.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\aupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\autodown.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\auto-protect.nav80try.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\autotrace.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\autoupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\av360.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avadmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVCare.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avcenter.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avciman.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avconfig.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avconsol.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ave32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVENGINE.EXE: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgcc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgchk.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgcmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgcsrvx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgdumpx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgemc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgiproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgnsx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgrsx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgscanx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgserv9.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgsrmax.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgtray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avgwdsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkpop.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkservice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avkwctl9.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avltmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avmailc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avmcdlg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avnotify.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avp32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avpcc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avpdos32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avpm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avptc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avpupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avsched32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avsynmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avupgsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\AVWEBGRD.EXE: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwin95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwinnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwsc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwupd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avwupsrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avxmonitor9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avxmonitornt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\avxquar.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\b.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\backweb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bargains.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bd_professional.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdfvcl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdfvwiz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\BDInProcPatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdmcon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\BDMsnScan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdreinit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdsubwiz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\BDSurvey.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdtkexec.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bdwizreg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\beagle.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\belt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bidef.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bidserver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bipcp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bipcpevalsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bisp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\blackd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\blackice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\blink.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\blss.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bootconf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bootwarn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\borg2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bpc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brasil.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\brw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bs120.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bspatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bundle.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\bvt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\c.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cavscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccevtmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccpxysvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ccSvcHst.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cdp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfgwiz.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfiadmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfiaudit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfinet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfinet32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfpconfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfplogvw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cfpupdat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Cl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\claw95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\claw95cf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\clean.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cleaner.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cleaner3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cleanIELow.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cleanpc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\click.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmdagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmesys.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmgrdian.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cmon016.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\connectionmonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\control: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cpd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cpf9x206.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cpfnt206.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\crashrep.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\csc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cssconfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cssupdat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cssurf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cwnb181.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\cwntdwmo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\d.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\datemanager.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dcomx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\defalert.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\defscangui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\defwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\deloeminfs.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\deputy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\divx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dllcache.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dllreg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\doors.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dop.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dpf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dpfsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dpps2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\driverctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\drwatson.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\drweb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\drwebupw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dssagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dvp95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\dvp95_0.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ecengine.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\efpeadm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\egui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ekrn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\emsw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\esafe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\escanhnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\escanv95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\espwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ethereal.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\etrustcipe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\evpn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\exantivirus-cnet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\exe.avxw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\expert.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\explore.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fact.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\f-agnt95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fameh32.exe: Debugger - svchost.exe (Microsoft Corporation) |
|
17.05.2010, 20:26
| #5 |
| Gesperrt | Böser Hacker zweiter teil vom ersten: O27 - HKLM IFEO\fast.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fch32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fih32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\findviru.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\firewall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fixcfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fixfp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fnrb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fprot.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\f-prot.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\f-prot95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fp-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fp-win_trial.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\frmwrk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\frw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsaa.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav530stbyb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav530wtbyb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsav95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsgk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsm32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsma32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\fsmb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\f-stopw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gator.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbmenu.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbn976rl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gbpoll.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\generics.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\gmt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\guard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\guarddog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\guardgui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hacktracersetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hbinst.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hbsrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\History.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\homeav2010.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hotactio.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hotpatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\htlog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\htpatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hwpe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hxdl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\hxiul.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iamapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iamserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iamstats.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ibmasn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ibmavsp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\icload95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\icloadnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\icmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\icsupp95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\icsuppnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Identity.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\idle.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iedll.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iedriver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\IEShow.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iface.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ifw2000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\inetlnfo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\infus.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\infwin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\init.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\init32.exe : Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\install.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\intdel.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\intren.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\iomon98.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\istsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\jammer.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\jdbgmrg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\jedi.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\JsRcGen.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kavlite40eng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kavpers40eng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kavpf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kazza.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\keenvalue.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kerio-pf-213-en-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kerio-wrl-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\kerio-wrp-421-en-win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\killprocesssetup161.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\launcher.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldnetmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldpro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldpromenu.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ldscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\licmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\livesrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lnetinfo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\loader.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\localnet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lockdown.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lockdown2000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lookout.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lordpe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luau.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\lucomserver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luinit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\luspt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MalwareRemoval.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mapisvc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcmnhdlr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcmscsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcnasvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\McSACore.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcshell.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcshield.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcsysmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mctool.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcvsrte.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mcvsshld.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\md.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mfin32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mfw2en.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mfweng3.02d30.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mgavrtcl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mgavrte.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mghtml.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mgui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\minilog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mmod.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\monitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\moolive.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mostat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mpfagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mpfservice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MPFSrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mpftray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mrflux.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msa.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\MSASCui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msbb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msblast.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mscache.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msccn32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mscman.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msconfig: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msdm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msdos.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msiexec16.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mslaugh.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msmgt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msmsgri32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mssmmc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mssys.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\msvxd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mu0311ad.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\mwatch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\n32scanw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navap.navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navapsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navapw32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navdx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navlu32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navstub.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navw32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\navwnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nc2000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ncinst4.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ndd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\neomonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\neowatchlog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netarmor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netd32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netinfo.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netscanpro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netspyhunter-1.2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\netutils.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nisserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nisum.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nod32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\normist.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\norton_internet_secu_3.0_407.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\notstart.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npf40_tw_98_nt_me_2k.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npfmessenger.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nprotect.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npscheck.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\npssvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nsched32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nssys32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nstask32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nsupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ntrtscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ntvdm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ntxconfig.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nupgrade.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nvarch16.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nvc95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nvsvc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nwinst4.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nwservice.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\nwtool16.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\OAcat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\OAhlp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\OAReg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\oasrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\oaui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\oaview.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ODSW.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ollydbg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\onsrvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\optimize.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ostronet.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\otfix.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\outpost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\outpostinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\outpostproinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ozn695m5.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\padmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\panixk.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\patch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavcl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PavFnSvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavprsrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavsched.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavsrv51.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pavw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PC_Antispyware2010.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pccwin98.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pcfwallicon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pcip10117_0.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pcscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsAuxs.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsGui.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pctsTray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pdfndr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pdsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PerAvir.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\periscope.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\persfw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\personalguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\perswf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pf2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pfwadmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pgmonitr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pingscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\platin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pop3trap.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\poproxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\popscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\portdetective.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\portmonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\powerscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ppinupdt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pptbc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ppvstop.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\prizesurfer.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\prmt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\prmvr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\procdump.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\processmonitor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\procexplorerv1.0.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\programauditor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\proport.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\protector.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\protectx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSANCU.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSANHost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSANToManager.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PsCtrls.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PsImSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PskSvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\pspf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\PSUNMain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\purge.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qconsole.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qh.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\qserver.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Quick Heal.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\QuickHealCleaner.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rapapp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rav7.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rav7win.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rav8win32eng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rb32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rcsync.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\realmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\reged.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\regedt32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rescue.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rescue32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rrguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rscdwld.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rshell.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rtvscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rtvscn95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rulaunch.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\rwg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SafetyKeeper.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\safeweb.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sahagent.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Save.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveArmor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveDefense.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SaveKeep.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\savenow.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sbserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\scam32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\scan32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\scan95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\scanpm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\scrscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\seccenter.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Secure Veteran.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\secureveteran.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\Security Center.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SecurityFighter.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\securitysoldier.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\serv95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\setloadorder.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\setup_flowprotector_us.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\setupvameeval.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sgssfw32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sh.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\shellspyinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\shield.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\shn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\showbehind.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\signcheck.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smart.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smartprotector.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smrtdefp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sms.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\smss32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\snetcfg.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\soap.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sofi.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\SoftSafeness.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sperm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spf.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sphinx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spoler.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spoolcv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spoolsv32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spywarexpguard.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\spyxx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\srexe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\srng.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ss3edit.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ssg_4104.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\ssgrate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\st2.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\start.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\stcloader.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\supftrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\support.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\supporter5.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svchostc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svchosts.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\svshost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sweep95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sweepnet.sweepsrv.sys.swnetsup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\symlcsvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\symproxysvc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\symtray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\system.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\system32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\sysupd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tapinstall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\taskmgr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\taumon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tbscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tca.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tcm.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tds2-98.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tds2-nt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tds-3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\teekids.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tfak.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tfak5.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tgbob.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\titanin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\titaninxp.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\TPSrv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trickler.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trjscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trjsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\trojantrap3.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\TrustWarrior.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tsadbot.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tsc.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tvmd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\tvtmd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\uiscan.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\undoboot.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\updat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\upgrad.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\upgrepl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\utpost.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbcmserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbcons.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbust.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbwin9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vbwinntw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vcsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vet32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vet95.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vettray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vfsetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vir-help.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\virusmdpersonalfirewall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\VisthAux.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\VisthLic.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\VisthUpd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vnlan300.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vnpc3000.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vpc32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vpc42.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vpfw30s.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vptray.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vscan40.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vscenu6.02d30.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsched.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsecomr.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vshwin32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsisetup.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsmon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsserv.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vsstat.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vswin9xe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vswinntse.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\vswinperse.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\w32dsm89.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\W3asbas.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\w9x.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\watchdog.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\webdav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\WebProxy.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\webscanx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\webtrap.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wfindv32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\whoswatchingme.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wimmun32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\win32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\win32us.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winactive.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\win-bugsfix.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windll32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\window.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windows Police Pro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\windows.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wininetd.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wininitx.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winlogin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winmain.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winppr32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winrecon.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winservn.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winssk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winstart.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winstart001.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wintsk32.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\winupdate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wkufind.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wnad.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wnt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wradmin.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wrctrl.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wsbgate.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wscfxas.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wscfxav.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wscfxfw.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wsctool.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wupdater.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wupdt.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\wyvernworksfirewall.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xp_antispyware.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xpdeluxe.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\xpf202en.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zapro.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zapsetup3001.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zatutor.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zonalm2601.exe: Debugger - svchost.exe (Microsoft Corporation) O27 - HKLM IFEO\zonealarm.exe: Debugger - svchost.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.17 21:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.05.17 20:57:57 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.05.17 20:51:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.05.17 20:51:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.17 20:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.17 20:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.17 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.17 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\ForceField Shared Files [2010.05.17 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\CheckPoint [2010.05.17 20:45:36 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.05.17 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.05.17 17:52:00 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.05.17 17:52:00 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.05.17 17:51:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.05.17 17:51:58 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.05.17 17:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.17 17:27:12 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker [2010.05.17 17:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.05.17 17:23:00 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.05.04 19:26:18 | 000,000,000 | ---D | C] -- C:\Programme\Cain [2010.05.02 15:12:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\widestream [2010.05.02 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\WideStream [2010.05.02 15:11:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\OfferBox [2010.05.02 15:11:33 | 000,000,000 | ---D | C] -- C:\Programme\OfferBox [2010.04.29 03:00:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.24 12:26:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PokerStars [2010.04.24 12:25:58 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.17 21:10:41 | 008,912,896 | -HS- | M] () -- C:\Users\*****\ntuser.dat [2010.05.17 21:09:39 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.17 21:09:39 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.17 21:09:39 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.17 21:09:39 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.17 21:09:39 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.17 21:05:44 | 000,053,294 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.17 21:05:44 | 000,053,294 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.17 21:03:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.17 21:03:22 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.17 21:03:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.17 21:03:20 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.17 21:03:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.17 21:03:16 | 3487,686,656 | -HS- | M] () -- C:\hiberfil.sys [2010.05.17 21:01:59 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.17 21:01:59 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.17 21:01:40 | 003,965,720 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.05.17 20:58:31 | 000,254,686 | -H-- | M] () -- C:\Users\*****\AppData\Roaming\logs.dat [2010.05.17 20:57:58 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.05.17 20:51:16 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.17 20:35:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.17 20:00:00 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - *****.job [2010.05.17 17:52:07 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\antivira.lnk [2010.05.17 17:27:12 | 000,000,941 | ---- | M] () -- C:\Users\*****\Desktop\eBay.lnk [2010.05.17 17:27:03 | 000,243,204 | ---- | M] () -- C:\Users\*****\Desktop\unlocker1.8.7.exe [2010.05.17 03:43:28 | 000,060,416 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.16 20:56:00 | 001,225,314 | ---- | M] () -- C:\Users\*****\Desktop\100_9124.JPG [2010.05.16 20:01:59 | 000,002,281 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2010.05.16 03:19:58 | 000,001,645 | ---- | M] () -- C:\Users\*****\Desktop\UseNeXT.lnk [2010.05.16 03:09:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.05.13 03:37:25 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.07 21:52:46 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2010.05.06 18:43:04 | 023,755,232 | ---- | M] () -- C:\Users\*****\Desktop\HOUSE MUSIC 2010- (STROMAE,RUDE BOY HOUSE MIX,TIK TOK,AKCENT) MAGIC CITY ENTERTAINMENT.MP3 [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.01 14:39:01 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 04:35:53 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.04.24 12:26:06 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk [2010.04.19 22:07:48 | 000,000,228 | ---- | M] () -- C:\Windows\System32\edacded0.dat [2010.04.19 22:07:48 | 000,000,228 | ---- | M] () -- C:\Windows\System32\bcdadac7.xml [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.17 20:51:16 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.17 17:52:07 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\antivira.lnk [2010.05.17 17:27:12 | 000,000,941 | ---- | C] () -- C:\Users\*****\Desktop\eBay.lnk [2010.05.17 17:27:02 | 000,243,204 | ---- | C] () -- C:\Users\*****\Desktop\unlocker1.8.7.exe [2010.05.16 20:52:32 | 001,225,314 | ---- | C] () -- C:\Users\*****\Desktop\100_9124.JPG [2010.05.13 03:37:25 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.07 21:52:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.05.06 18:43:02 | 023,755,232 | ---- | C] () -- C:\Users\*****\Desktop\HOUSE MUSIC 2010- (STROMAE,RUDE BOY HOUSE MIX,TIK TOK,AKCENT) MAGIC CITY ENTERTAINMENT.MP3 [2010.04.24 12:26:06 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk [2009.12.19 03:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.12.16 01:55:14 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.15 17:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys [2009.10.25 19:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.10.10 00:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.24 00:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 23:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini [2009.08.23 19:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL [2009.08.23 19:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL [2009.07.16 22:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini [2009.07.16 22:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2009.07.16 22:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.05.03 05:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.03.28 23:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll [2009.03.03 02:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.03.03 02:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.03.03 02:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.03.03 02:17:36 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.03 02:17:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.02.14 11:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini [2008.10.14 17:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.10.14 17:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.10.14 17:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.09.30 18:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.08.08 18:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys [2007.01.10 07:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP  1B5B4F1< End of report > |
|
17.05.2010, 20:27
| #6 |
| Gesperrt | Böser Hacker Und der Zweite Log (Extras): Code:
ATTFilter OTL Extras logfile created on: 17.05.2010 21:07:32 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 20,55 Gb Free Space | 7,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ****-PC
Current User Name: ****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3150804105-3559284404-3918947858-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059F915C-36DD-4900-ABDB-7C3368EB49A3}" = lport=51970 | protocol=6 | dir=in | name=51970 |
"{09B0FCC5-BA96-4AD5-819D-20426DC3861D}" = lport=3889 | protocol=6 | dir=in | name=3889 |
"{0C0F902B-BFFE-42AA-8244-63A4FEBD94A3}" = lport=6883 | protocol=6 | dir=in | name=6883 |
"{0D7DD56A-3021-4D39-914E-217C0E00CA37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1F1AE682-A9BB-4B25-90F4-EC0C353F663C}" = lport=52525 | protocol=6 | dir=in | name=52525 |
"{21922F4E-46F8-4623-BBE2-771BB2C298D4}" = lport=6886 | protocol=6 | dir=in | name=6886 |
"{2820386C-5AE1-4CD2-8AD2-0DC8E9B2FCB9}" = lport=3882 | protocol=6 | dir=in | name=3882 |
"{2D343DC1-C2BC-412C-BEE9-CC69B3A01E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{32781735-DE82-4D50-AEAD-E049A881E636}" = lport=3883 | protocol=6 | dir=in | name=3883 |
"{34FCB130-2A06-41D9-88B4-A405DDAE2757}" = lport=20843 | protocol=6 | dir=in | name=20843 |
"{372F5F79-FB58-43E9-9BB5-28C89231BB58}" = lport=6969 | protocol=6 | dir=in | name=6969 |
"{380F9240-FAB8-4FBA-A84B-D6171D08330D}" = lport=3885 | protocol=6 | dir=in | name=3885 |
"{3CED33EB-9125-46E8-87C1-401BEEF54C13}" = lport=6800 | protocol=6 | dir=in | name=sacred2 192.168.178.28 6800 |
"{475B13D6-835E-4678-B033-C7D038FEFA61}" = lport=119 | protocol=6 | dir=in | name=119 |
"{4C7479D1-286C-429B-9922-F11670B3F394}" = lport=3886 | protocol=6 | dir=in | name=3886 |
"{4F8CEA56-8CFB-444C-820D-0A7C189F735A}" = lport=119 | protocol=17 | dir=in | name=119 |
"{5414442F-CC5B-4C27-B938-DE68EC3B08B5}" = lport=3881 | protocol=6 | dir=in | name=3881 |
"{6AD82A48-3A52-45F4-82E1-5DA6797229BE}" = lport=7011 | protocol=6 | dir=in | name=7011 |
"{6E632DC8-2F4A-440D-AE49-D2BBDF5A21AF}" = lport=49152 | protocol=6 | dir=in | name=49152 |
"{73727A79-255C-4F61-A9E2-6D9CC6FB2FC2}" = lport=3884 | protocol=6 | dir=in | name=3884 |
"{84B4C29B-66C0-4BD1-8D30-99BE66E26FB0}" = lport=3887 | protocol=6 | dir=in | name=3887 |
"{89462D0C-C474-4AFD-8434-CB75BA8CCA21}" = lport=6884 | protocol=6 | dir=in | name=6884 |
"{A0671457-EAF9-4652-B620-EDA43D0AE158}" = lport=3888 | protocol=6 | dir=in | name=3888 |
"{A0836C36-3F50-4544-9824-ADE04B10F05D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2E5912A-F13E-42ED-ABC9-103AA342DA47}" = lport=6800 | protocol=17 | dir=in | name=sacred2 |
"{A7C86D55-F4B3-4F7A-A443-0F8119B41471}" = lport=6889 | protocol=6 | dir=in | name=6889 |
"{AC58AAAE-0AE3-42CA-AE06-BDD2568890DC}" = lport=443 | protocol=6 | dir=in | name=usenext |
"{B2F0C6A8-EB65-468A-84E2-8F0740D6374D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B3389A1F-52DE-4B14-A1E1-BAB24544F65F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B47CE0E3-6F06-47D6-9D89-9DD6735664D5}" = lport=6882 | protocol=6 | dir=in | name=6882 |
"{B58310DA-5D09-418D-B9F7-FE388FB267EC}" = lport=7011 | protocol=17 | dir=in | name=192.168.178.28 7011 |
"{B79271F7-F7A8-4808-81F1-18D73661435B}" = lport=6887 | protocol=6 | dir=in | name=6887 |
"{BCD222B2-4060-483E-BC76-ACC58CE3D67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C1E9DFC5-F541-4CFB-8F9F-0CAC495330C9}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C213CEB1-F984-4B8F-AE4A-0DC4FB048C4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB7B40D3-E901-4E77-A634-E671EF8AC810}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC6590F8-2002-481C-9D70-C11CC7D7E16A}" = lport=6881 | protocol=6 | dir=in | name=6881 |
"{CF3B30C8-4505-4364-992B-1DF122BE4BFE}" = lport=6888 | protocol=6 | dir=in | name=6888 |
"{DC8EC2BA-0C81-4FAC-92C1-CB8993317EED}" = lport=6885 | protocol=6 | dir=in | name=6885 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01797C0D-7CD1-452F-BED3-3CF4145E99E2}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{01FB15C3-77CC-4BB3-8056-5BE78EF4D062}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{05097E66-1213-48A9-928A-C3F80DC1F947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{052DD755-25CB-40C7-A41A-6B2D68FF6B0B}" = protocol=6 | dir=in | app=h:\fsetup.exe |
"{0C1BDEB8-8F35-43E4-BF83-FE9D24D370E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0C930D68-7D5A-4BEB-907B-CCB8778BCDBC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{0DC047B8-8FC5-4E3E-9627-10A31D42286F}" = protocol=17 | dir=in | app=c:\program files\usenext\usenext.exe |
"{0E6FBDCD-1056-49AF-975A-B5CD5BEAECCE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{0F223D9F-30EA-4920-878D-391EBC650F43}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{0F9DC035-D875-4570-8C0F-BAD3B52DF030}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{1385EAB8-3770-4FA6-8D24-787F70A04D71}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{14D574BB-20E2-4F92-842D-34044DD3125F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{177773E1-D11A-4E3E-AED6-F128B9E62A1D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1AE1DD15-9F0C-4DBC-98A1-1DAE8EBED4D3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{1CD1CE4D-DEA7-4FB1-9AD3-B4033583B122}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{1DA2158A-4CDB-4656-BFF8-FD10293E5177}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{20918BC8-ED22-4DDA-8139-7BD39214D2AD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{24E9F2B3-AA8B-4409-A73D-E397E5FBAD63}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{2DE0E0F5-E745-426E-B699-961E7C5E7107}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{2F96EAD0-9F56-436F-A705-C972A057DF5B}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe |
"{314938D5-5521-4174-81B6-3885C1CE6FEF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{392163A3-E5AA-4E59-A719-CAECE2BBB21B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{3D17F957-FAB3-484B-95CF-7639C02EB052}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{417896F0-27DA-4819-953F-FB060A68DD1B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{46833256-8126-4282-9E6A-392DD5D43FB4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47575330-50D8-4ECD-9DC9-D4B04D0941B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{48344705-46FD-4CF4-8906-9EDB572ADBE5}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe |
"{4A269245-E4C8-4FCD-B3A4-732DF659AD39}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4B218E1F-1CB2-4F99-95F9-FBD3A26C8B1C}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{4D13031E-AB13-4474-86D7-DC4E66464B5E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4E9E3A47-4516-41DB-8D45-9E53B13F514B}" = protocol=6 | dir=in | app=c:\program files\usenext\usenext.exe |
"{516B3692-9B54-4290-B4C2-51EC873F879F}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe |
"{520847CD-9EFB-4209-BB79-710C181FE644}" = protocol=17 | dir=in | app=c:\users\****\appdata\local\temp\7zs365e.tmp\symnrt.exe |
"{5561A96D-6D8F-4107-8556-C51C1B3F27E1}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe |
"{56E5AB82-C460-4042-9B80-2D823A351642}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5863ADD9-5F0A-4E5B-B7B9-489E9F313BDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5986533A-F73A-4AAE-8C2D-ADD49F7DE9D9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5DEB8D39-CF64-4DC9-A616-94F80009A37F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5F5714A0-88B7-4EE4-993E-E0DFC2084192}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5FFA1E17-2AFE-4B7F-AB79-6F33DA43FCEE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{615A4083-3442-4DB1-8B83-C7904221A603}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6677AE2E-1765-4265-834E-E26A4A415693}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{694FA893-FA3A-4E00-9F18-514B680B3222}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{6F2EF067-AAF7-46B6-B311-3F73A44C9837}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{71A86CE6-948C-40F1-BA6F-63D508910F66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{71FDC0F9-6FE4-4F4F-A665-97D5011B772C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{737D8D37-E40F-4D60-90F7-40EE3689B42F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{80709898-868C-4F14-B1ED-F6223977D370}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{81B9F5A7-E4BF-439D-B279-D406A3404A77}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{82DA41A6-FBC5-4901-A683-16773E5805C1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{84749D83-4391-40E1-84F0-8A4612E7F696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{85F9E1C8-5A40-45B2-82BB-64C0C1B603CE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{87343C82-E9EB-4C8A-A0AE-9E0E6597BFCE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{895B82C8-8962-459C-B602-7EF9A7675D0A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{8DC82DAC-F43D-44C2-8B2A-9B8CEB700E94}" = protocol=6 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe |
"{8F48CF1E-1A82-44FD-8F93-03E40D81885B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{91738D1D-B510-477E-9BAD-89400964ABBA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{94179E3B-68F7-47F2-AB44-5EF9755C6E56}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{989B908C-B249-4DBE-ABA0-676E021334C8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{99D91D7A-8D4B-4F4D-B7AF-37EB4596F852}" = protocol=17 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe |
"{9A5581AE-7C48-4A30-81C3-68628948C2A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{9C288235-2EE2-4B70-ACB5-2FCC2E38ABEB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9DA1AE38-B8BA-4B64-B2F6-7F6FC747586D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A954C762-FAFB-4F6E-B5EC-E172DB296DE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B0B80788-C5E3-4814-9C05-77461B2F8972}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B0C834B5-CF99-4D79-A7A0-E7600FECA952}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B17DC528-6E09-43B4-9F82-2C828DB22D0B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{BA217FB3-AB08-44F9-9368-EC6D871D0A2A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{BD99DB92-4FED-4A48-97D0-198266E66945}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe |
"{C16A1AB9-DC9A-43FF-88C5-5DD1DF7D98EE}" = protocol=17 | dir=in | app=h:\fsetup.exe |
"{C3573122-D9DA-4D6A-A78A-024F03574B6F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C73AF844-090D-457E-8F2D-65C4C7AA9100}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{C85E5F7F-F2A4-4A1A-BE1E-1D15F2385B30}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D0621E23-B4A2-4D49-A12A-D887FCB4CC45}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{D2ED27D8-1AF3-4067-9E97-F6149CCD1004}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D2F63111-54A2-4EF3-9E4A-C5F8149DC9BE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{D45B6BD1-B1D2-4C53-87D1-F78450D7AB77}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D645D8A6-2AD7-495E-8CE3-A425735C3426}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{D9775EDC-E3B3-4EAD-B11A-7968CB8CC321}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{DA1448AB-781E-4A48-BB58-BF0C26B70A56}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe |
"{DA745B1D-1479-47AB-AD52-931C8AF4AC12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{DC09C0AB-D335-4ECA-B51B-567085898FF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E56A9860-5886-47B3-A63C-74B84E177CA0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EEE4D6D7-5060-447C-BCA1-9BE73CC302D8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F0D5BC82-AB77-44BC-ABC0-007B30D7D333}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{F5AA772C-3E67-4C11-A7F5-D1C5D281A526}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F99A4917-42AA-4AA3-9AD3-C1CCE066A06E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{FAACD65D-192A-4D77-86A9-3D94347DF20E}" = protocol=6 | dir=in | app=c:\users\****\appdata\local\temp\7zs365e.tmp\symnrt.exe |
"{FE45AC75-B5C5-4BB4-9D6A-7EF10B1337D1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"TCP Query User{10E85D8B-931D-4F82-B6E6-34F3013CEFE2}C:\gta\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\gta\gtawin\grand theft auto.exe |
"TCP Query User{3BCD04D0-EBC2-4887-8B3C-E38ACDA98F2E}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{3E831DE0-46B3-4826-B793-048D8D785B1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3F9ADF29-51E3-4A0D-906B-C37EBD512EC6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{4181C1C6-AB2E-4D55-A83D-4D1D4C386B69}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{45781EB7-B2CF-49A8-B53B-5FABD69991B2}C:\users\****\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\****\program files\dna\btdna.exe |
"TCP Query User{5336B6CE-05A2-42B3-A0DD-2317C813BC42}C:\windows\system32\winupdateman.exe" = protocol=6 | dir=in | app=c:\windows\system32\winupdateman.exe |
"TCP Query User{6BF59FC7-C270-48FA-BFBA-821DBFAF0355}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"TCP Query User{7DB0D180-02EA-487A-A5D9-97FEC87BF2BB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{824D0ECB-AE5C-4CF8-8796-C3738B49DB26}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{8D881CE4-B387-4513-9BD0-3C99984C7DF3}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{AB9202E6-AD7F-46EC-A9C6-776BB547A68B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{CB0BD445-F604-4B15-A819-E553D7483392}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{D43E42BB-CD09-4177-B670-522B8A78BED2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{E1B034EA-EEB8-4FF6-B8CE-B0BD6C85AE18}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0534A750-77BB-49CF-9BF1-EF7C0C31A981}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"UDP Query User{1FB4E85F-4D61-40CD-B59A-B6E9B04FE08C}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{2D8672B7-6175-41C8-9CCD-8D8121A4242B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{348735B3-2C89-4C3A-AEA6-D7CF8A5719F7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{358CFED0-A205-46E7-B5E8-C4F30BB605A8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{35E469E5-1177-4013-B6B6-B73E1198A71F}C:\users\****\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\****\program files\dna\btdna.exe |
"UDP Query User{386144F2-9BA6-4D5F-AEDF-E373AF754F02}C:\windows\system32\winupdateman.exe" = protocol=17 | dir=in | app=c:\windows\system32\winupdateman.exe |
"UDP Query User{4263C516-1200-4458-8E8B-2B8DBE239016}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{6C9F507A-4A89-479D-A9FD-8A07D167DD44}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{800F7015-1309-4893-B67E-17C78B38533F}C:\gta\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\gta\gtawin\grand theft auto.exe |
"UDP Query User{8C18A901-E37E-4832-A247-D5437300A82A}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{9B82C92F-B853-4655-9928-7C13F791B09B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A33A3619-FFF2-4628-8E7B-D63FE7D9EE59}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D24DDB0B-5E7D-4855-B876-34234695230E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{F0C3F17D-8B6E-4F27-8270-05B2982B0476}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69CBBEAC-4F50-4839-A5AF-58D5D6D46D4A}_is1" = Spyhunter Compact OS 1.0b
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80B6EB72-3C0C-47BF-B337-2D46988A58C5}" = EXP Viewer 6.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98A64C75-BFD6-4212-8746-8BADC7ABA79E}" = Virtual CD v9
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A5653E98-C00B-421B-86A2-E7DA75BFD97A}" = iS3 STOPzilla Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Fraps" = Fraps
"GESO Ernährungsberater_is1" = GESO Ernährungsberater
"GIGA F-Tasten_is1" = GIGA F-Tasten v6.0
"Google Chrome" = Google Chrome
"GoogleBAE" = Google BAE
"GoogleToolbar" = Google Toolbar
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HzZ8-GXWY-ecvHD" = LoudMo Contextual Ad Assistant
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"LimeWire" = LimeWire 5.5.8
"Live-Player" = Live-Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Nero8" = Nero 8 Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OFF2k7_GE" = Microsoft® Office Home and Student 2007
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Security Task Manager" = Security Task Manager 1.7h
"SETUPMYPC_DE" = SetUp My PC
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Unlocker" = Unlocker 1.8.7
"Updator" = Packard Bell Updator
"UseNeXT_is1" = UseNeXT
"VIDEO_NVIDIA" = Video NVIDIA v174.90
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"works9" = Microsoft Works 9
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.08.2009 00:16:25 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 01.08.2009 08:28:14 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94, Prozess-ID 0xe34, Anwendungsstartzeit
01ca12a37f1b9d16.
Error - 01.08.2009 08:28:53 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94, Prozess-ID 0x970, Anwendungsstartzeit
01ca12a3a13e5276.
Error - 01.08.2009 10:39:26 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0xff8, Anwendungsstartzeit 01ca12a399e11946.
Error - 02.08.2009 14:00:13 | Computer Name = ****-PC | Source = WinMgmt | ID = 10
Description =
Error - 02.08.2009 19:50:57 | Computer Name = ****-PC | Source = Perflib | ID = 1010
Description =
Error - 02.08.2009 19:50:57 | Computer Name = ****-PC | Source = Perflib | ID = 1008
Description =
Error - 02.08.2009 19:56:44 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94, Prozess-ID 0x1458, Anwendungsstartzeit
01ca13ccd8b1545c.
Error - 02.08.2009 21:44:51 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0x1744, Anwendungsstartzeit 01ca13ccef02ad8c.
Error - 03.08.2009 14:00:38 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0xf10, Anwendungsstartzeit 01ca145885ec3d90.
[ Media Center Events ]
Error - 08.12.2009 11:26:50 | Computer Name = ****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
[ System Events ]
Error - 12.05.2010 21:00:43 | Computer Name = ****-PC | Source = DCOM | ID = 10005
Description =
Error - 12.05.2010 21:00:43 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 12.05.2010 21:00:43 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.05.2010 13:03:21 | Computer Name = ****-PC | Source = bowser | ID = 8003
Description =
Error - 16.05.2010 14:01:32 | Computer Name = ****-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 16.05.2010 um 19:50:29 unerwartet heruntergefahren.
Error - 16.05.2010 14:03:03 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 16.05.2010 14:03:26 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 17.05.2010 14:45:38 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7030
Description =
Error - 17.05.2010 15:04:37 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.05.2010 15:04:56 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
|
|
17.05.2010, 20:58
| #7 |
| /// Helfer-Team | Böser Hacker Ja, da hat jemand zugeschlagen.  Anhand der ganzen O27-Einträge werden hunderte von Anwendungen geblockt u.a. auch Antivir. Läuft Malwarebytes im Moment oder wird es auch geblockt? |
|
17.05.2010, 21:50
| #8 |
| Gesperrt | Böser Hacker Ja Malewarebytes hat funktioniert hier mal der Log: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4110 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 17.05.2010 22:35:39 mbam-log-2010-05-17 (22-35-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Durchsuchte Objekte: 287851 Laufzeit: 1 Stunde(n), 22 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 761 Infizierte Registrierungswerte: 19 Infizierte Dateiobjekte der Registrierung: 5 Infizierte Verzeichnisse: 3 Infizierte Dateien: 16 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{g1xt363l-1rds-3aep-1076-1f188h8jm437} (Generic.Bot.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\victim (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avp32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_avpm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aavgapi.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aawtray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\about.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ackwin32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ad-aware.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adaware.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\advxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adwareprj.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agentw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alertsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alevir.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alogserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aluschedulersvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\amon9x.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-trojan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirus_pro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusplus.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ants.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apimonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aplica32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashavast.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashbug.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashchest.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashcnsnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashlogv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashmaisv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashpopwz.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashquick.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimp2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashsimpl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpcc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashskpck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashwebsv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswchlic.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswregsvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswrundll.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atcon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atguard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atro55en.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atupdater.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\atwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\au.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aupdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto-protect.nav80try.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autodown.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autotrace.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoupdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcare.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avciman.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ave32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgchk.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgcsrvx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgctrl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgdumpx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgemc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgiproxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnsx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrsx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgscanx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgserv9.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgsrmax.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgtray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgwdsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkpop.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkservice.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avkwctl9.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmailc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmcdlg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnotify.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpcc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpdos32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avptc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avpupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsched32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avsynmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avupgsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwebgrd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwin95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwinnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwsc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupd32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avwupsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitor9x.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxmonitornt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avxquar.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\b.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\backweb.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bargains.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bd_professional.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvcl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdfvwiz.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinprocpatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmcon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdmsnscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsurvey.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\beagle.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\belt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidef.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bidserver.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bipcpevalsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bisp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blackice.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blink.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\blss.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootconf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bootwarn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\borg2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brasil.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bs120.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bspatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bundle.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bvt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\c.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cavscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccpxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cdp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfgwiz.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiadmin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfiaudit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfinet32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpconfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfplogvw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\claw95cf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clean.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleaner3.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanielow.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cleanpc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\click.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmesys.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmgrdian.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmon016.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\connectionmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpf9x206.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cpfnt206.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\crashrep.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssconfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssupdat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cssurf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctrl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwnb181.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cwntdwmo.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\d.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\datemanager.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dcomx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defalert.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defscangui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\defwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deloeminfs.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\deputy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllcache.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllreg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\doors.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dpps2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\driverctrl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwatson.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drweb32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dssagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dvp95_0.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ecengine.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\efpeadm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\emsw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\esafe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanhnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\escanv95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\espwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ethereal.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\etrustcipe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\evpn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exantivirus-cnet.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\exe.avxw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\expert.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explore.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-agnt95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-prot95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\f-stopw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fact.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fameh32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fast.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fch32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fih32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\findviru.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firewall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixcfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fixfp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savedefense.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fnrb32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fp-win_trial.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fprot.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsaa.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530stbyb.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav530wtbyb.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsm32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsma32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsmb32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gator.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbmenu.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbpoll.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\generics.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gmt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guarddog.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hacktracersetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbinst.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hbsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\history.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotactio.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hotpatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htlog.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htpatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hwpe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxdl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hxiul.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamapp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iamstats.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmasn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ibmavsp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icload95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icloadnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsupp95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icsuppnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\identity.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\idle.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedll.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iedriver.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ieshow.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iface.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ifw2000.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\inetlnfo.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infus.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\infwin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intdel.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\intren.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iomon98.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\istsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jammer.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jdbgmrg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jedi.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jsrcgen.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavlite40eng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpers40eng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\alphaav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antispywarxp2009.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\anti-virus professional.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antiviruspro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quickhealcleaner.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safetykeeper.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savearmor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secure veteran.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securityfighter.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\softsafeness.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trustwarrior.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows police pro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kazza.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\keenvalue.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-pf-213-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrl-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kerio-wrp-421-en-win.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\killprocesssetup161.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\launcher.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldnetmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldpromenu.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ldscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\licmgr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lnetinfo.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loader.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\localnet.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lockdown2000.exe (Security.Hijack) -> Quarantined and deleted successfully. |
|
17.05.2010, 21:50
| #9 |
| Gesperrt | Böser Hacker und der Zweite Teil des Malewarbyte Logs: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lookout.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lordpe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luau.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\lucomserver.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luinit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\luspt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\malwareremoval.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mapisvc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmnhdlr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcmscsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcnasvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcproxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsacore.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshell.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctool.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcupdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsrte.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\md.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfin32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfw2en.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mfweng3.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrtcl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgavrte.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mgui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\minilog.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmod.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\monitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\moolive.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mostat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfservice.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpfsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpftray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mrflux.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msa.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msapp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msbb.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msblast.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscache.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msccn32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscman.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msdos.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msiexec16.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mslaugh.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmgt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmsgri32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssmmc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mssys.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msvxd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mu0311ad.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mwatch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\n32scanw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navap.navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navdx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navlu32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nc2000.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ncinst4.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ndd32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neomonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\neowatchlog.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netarmor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netd32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netinfo.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netscanpro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netspyhunter-1.2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\netutils.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nisum.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\normist.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\norton_Internet_secu_3.0_407.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notstart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npf40_tw_98_nt_me_2k.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmessenger.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nprotect.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npscheck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npssvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsched32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nssys32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nstask32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nsupdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntrtscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntvdm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ntxconfig.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nupgrade.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvarch16.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvc95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvsvc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwinst4.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwservice.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nwtool16.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oacat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oahlp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oareg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaui.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oaview.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\odsw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\onsrvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\optimize.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ostronet.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\otfix.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostinstall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpostproinstall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\padmin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\panixk.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\patch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavcl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavfnsvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavproxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavprsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsched.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc_antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pccwin98.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcfwallicon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcip10117_0.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pcscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\peravir.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\periscope.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\persfw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\perswf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pf2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pfwadmin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pgmonitr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pingscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\platin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pop3trap.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\poproxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\popscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portdetective.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\portmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powerscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppinupdt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pptbc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppvstop.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prizesurfer.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prmvr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procdump.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\processmonitor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procExplorerv1.0.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\programauditor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\proport.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psancu.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psanhost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psantomanager.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psksvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pspf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psunmain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\purge.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qconsole.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qserver.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\quick heal.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rapapp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav7win.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rav8win32eng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rb32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rcsync.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\realmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\reged.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedt32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rescue32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rrguard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rscdwld.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rshell.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscn95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rulaunch.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeweb.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sahagent.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\save.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savekeep.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\savenow.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sbserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scam32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanpm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scrscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\security center.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\serv95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setloadorder.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup_flowprotector_us.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setupvameeval.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sgssfw32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sh.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellspyinstall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shield.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\showbehind.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\signcheck.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sms.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snetcfg.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\soap.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sofi.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sperm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spf.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sphinx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoler.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolcv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spoolsv32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spyxx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srexe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\srng.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ss3edit.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssg_4104.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ssgrate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\st2.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\start.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stcloader.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supftrl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\support.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\supporter5.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchostc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svchosts.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\svshost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweep95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sweepnet.sweepsrv.sys.swnetsup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symproxysvc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symtray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\System32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sysupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taumon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tca.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcm.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds-3.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-98.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tds2-nt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\teekids.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tfak5.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tgbob.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titanin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\titaninxp.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tpsrv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trickler.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjscan.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trjsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\trojantrap3.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsadbot.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvmd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tvtmd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\undoboot.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrad.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utpost.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcmserv.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbcons.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbust.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwin9x.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbwinntw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vet95.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vettray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vfsetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vir-help.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\virusmdpersonalfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthaux.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthlic.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\visthupd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnlan300.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vnpc3000.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc42.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpfw30s.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscan40.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vscenu6.02d30.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsched.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsecomr.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vshwin32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsisetup.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsmon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswin9xe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinntse.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vswinperse.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w32dsm89.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\w9x.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\watchdog.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webdav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webtrap.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wfindv32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\whoswatchingme.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wimmun32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win-bugsfix.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\win32us.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winactive.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\window.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Windows.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininetd.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wininitx.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winlogin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winmain.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winppr32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winrecon.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winservn.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winssk32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winstart001.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintsk32.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupdate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wkufind.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnad.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wnt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wradmin.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wrctrl.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsbgate.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxas.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxav.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscfxfw.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wsctool.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdater.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wupdt.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wyvernworksfirewall.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpf202en.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapsetup3001.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zatutor.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonalm2601.exe (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Backdoor.SpyNet.M) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet.M) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.SpyNet.M) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Arrakis3.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdreinit.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdsubwiz.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdtkexec.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uiscan.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upgrepl.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\seccenter.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\debugger (Security.Hijack) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://search-gala.com/?&uid=249&q={searchTerms}) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://search-gala.com/?&uid=249&q={searchTerms}) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://search-gala.com/?&uid=249&q={searchTerms}) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://search-gala.com/?&uid=249&q={searchTerms}) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (hxxp://search-gala.com/?&uid=249&q={searchTerms}) Good: (hxxp://www.Google.com/) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: C:\ProgramData\06775530 (Rogue.Multiple) -> Quarantined and deleted successfully. C:\Windows\System32\lowsec (Stolen.data) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\$WINDOWS.~Q\DATA\Windows\Temp\EvID4226Patch.exe (Malware.Tool) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully. C:\Windows\System32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully. C:\Windows\System32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\IELOGIN.abc (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\MSN.abc (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\*****\AppData\Roaming\kernel33.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\0535251103110107106.uio (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Windows\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Windows\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Windows\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Windows\srn_1247550861.exe (Worm.KoobFace) -> Quarantined and deleted successfully. |
|
18.05.2010, 00:16
| #10 |
| Gesperrt | Böser Hacker Was soll ich jetzt tun meint ihr er könnte meinen pc wieder hacken wen ich mir mein Steam account wiederhole?  |
|
18.05.2010, 13:11
| #11 |
| /// Helfer-Team | Böser Hacker Ok, sieht gut aus, die Debugger sind weg. Bitte ein neues OTL-Logfile erstellen und mit GMER nach Rootkits suchen (Reihenfolge egal) Prinzipiell kann der Hacker natürlich wieder versuchen in Deinen Rechner reinzukommen. Hier kann er unter anderem eine Sicherheitslücke in einem von Dir verwendeten veralteten Programme (z.B. Adobe Reader 8 ) entdeckt haben und diese ausnutzen. Oder aber, er jubelt Dir über FileSharing, E-Mail, ICQ udgl. einen Virus unter, den musst Du dann aber meist selbst aktiviert haben, z.B. indem Du eine unbekannte Exe ausführst oder eine jpg.scr Datei öffnest (ICQ-Virus) und so weiter. Bei Fällen, in denen hunderte von Dateien gedebuggt wurden, war bisher immer ein FakeAntivirus der Hintergrund (Security Guard, Paladin), der z.B. an eine geladene Datei z.B. bei Rapidshare angehängt war. |
|
18.05.2010, 14:45
| #12 |
| Gesperrt | Böser Hacker Hier erstmal der zweite OTL Log: OTL logfile created on: 18.05.2010 15:30:16 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 11,06 Gb Free Space | 3,86% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - I:\setup.exe File not found PRC - C:\Users\*****\AppData\Local\Temp\{29BF8B07-8A99-4689-BD1A-C44A633D777A}\setup.exe (Acresso Software Inc.) PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.) PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) PRC - C:\Programme\Unlocker\UnlockerAssistant.exe () PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.) ========== Modules (SafeList) ========== MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Programme\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll () MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirUpgradeService) -- File not found SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH) SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.) ========== Driver Services (SafeList) ========== DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.) DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH) DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com|gametrailers.com|ofdb.de|newzleech.com|kino.to|g-stream.in|hxxp://www.tvspielfilm.de/tv-programm/tv-sender/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: {780044d1-e8c0-488f-8059-4522ddbfc2ea}:1.0 FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.3.20080730 FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0 FF - prefs.js..keyword.URL: "hxxp://search.stopzilla.com/Results.aspx?u=" FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009.07.17 01:33:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 01:17:31 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.16 19:35:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.15 18:09:32 | 000,000,000 | ---D | M] [2010.04.16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.04.16 22:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2010.05.17 17:19:17 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions [2009.07.17 01:51:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009.07.17 01:51:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.07.19 13:46:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com [2009.07.18 20:34:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com-trash [2009.07.17 01:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com [2009.07.17 01:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com [2010.04.17 16:22:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com [2010.02.04 16:45:40 | 000,002,254 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml [2009.07.19 13:46:14 | 000,002,399 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml [2010.05.17 17:29:16 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.15 18:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2009.12.02 10:31:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2009.12.02 10:31:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2009.12.02 10:31:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2009.12.02 10:31:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2009.12.02 10:31:53 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.12.19 01:25:54 | 000,000,068 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (ZILLAbar Browser Helper Object) - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\1.0\youtubedownloaderToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe () O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\*****\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.05.18 01:14:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\AskToolbar [2010.05.17 22:44:03 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Virus [2010.05.17 21:05:49 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.05.17 20:57:57 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.05.17 20:51:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2010.05.17 20:51:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.05.17 20:51:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.05.17 20:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.05.17 20:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.05.17 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\ForceField Shared Files [2010.05.17 20:45:42 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\CheckPoint [2010.05.17 20:45:36 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.05.17 20:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.05.17 17:52:00 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.05.17 17:52:00 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.05.17 17:51:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2010.05.17 17:51:58 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.05.17 17:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.05.17 17:27:12 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker [2010.05.17 17:23:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.05.17 17:23:00 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager [2010.05.04 19:26:18 | 000,000,000 | ---D | C] -- C:\Programme\Cain [2010.05.02 15:12:06 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\widestream [2010.05.02 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\WideStream [2010.05.02 15:11:33 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\OfferBox [2010.05.02 15:11:33 | 000,000,000 | ---D | C] -- C:\Programme\OfferBox [2010.04.29 03:00:18 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe [2010.04.24 12:26:08 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PokerStars [2010.04.24 12:25:58 | 000,000,000 | ---D | C] -- C:\Programme\PokerStars [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.05.18 15:35:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.05.18 15:34:37 | 008,912,896 | -HS- | M] () -- C:\Users\*****\ntuser.dat [2010.05.18 14:40:54 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.05.18 14:40:54 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.05.18 00:35:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.05.17 22:48:16 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.05.17 22:48:16 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.05.17 22:48:16 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.05.17 22:48:16 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.05.17 22:48:16 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.05.17 22:41:17 | 000,053,294 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.05.17 22:41:17 | 000,053,294 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.05.17 22:40:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.05.17 22:40:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.05.17 22:40:51 | 3487,760,384 | -HS- | M] () -- C:\hiberfil.sys [2010.05.17 22:39:47 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010.05.17 22:39:47 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010.05.17 22:39:46 | 003,938,331 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.05.17 20:57:58 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2010.05.17 20:51:16 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.17 20:00:00 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - *****.job [2010.05.17 17:52:07 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\antivira.lnk [2010.05.17 17:27:03 | 000,243,204 | ---- | M] () -- C:\Users\*****\Desktop\unlocker1.8.7.exe [2010.05.17 03:43:28 | 000,060,416 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.16 20:56:00 | 001,225,314 | ---- | M] () -- C:\Users\*****\Desktop\100_9124.JPG [2010.05.16 20:01:59 | 000,002,281 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk [2010.05.16 03:19:58 | 000,001,645 | ---- | M] () -- C:\Users\*****\Desktop\UseNeXT.lnk [2010.05.16 03:09:47 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.05.13 03:37:25 | 000,002,076 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.07 21:52:46 | 000,041,872 | ---- | M] () -- C:\Windows\System32\xfcodec.dll [2010.05.06 18:43:04 | 023,755,232 | ---- | M] () -- C:\Users\*****\Desktop\HOUSE MUSIC 2010- (STROMAE,RUDE BOY HOUSE MIX,TIK TOK,AKCENT) MAGIC CITY ENTERTAINMENT.MP3 [2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2010.05.01 14:39:01 | 000,000,789 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.04.29 04:35:53 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.04.24 12:26:06 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk [2010.04.19 23:37:24 | 4059,955,199 | ---- | M] () -- C:\Users\*****\Desktop\rld-elca.iso [2010.04.19 22:07:48 | 000,000,228 | ---- | M] () -- C:\Windows\System32\edacded0.dat [2010.04.19 22:07:48 | 000,000,228 | ---- | M] () -- C:\Windows\System32\bcdadac7.xml [7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.05.18 14:49:15 | 3117,002,751 | ---- | C] () -- C:\Users\*****\Desktop\rld-elcb.iso [2010.05.18 14:40:29 | 4059,955,199 | ---- | C] () -- C:\Users\*****\Desktop\rld-elca.iso [2010.05.17 20:51:16 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.05.17 17:52:07 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\antivira.lnk [2010.05.17 17:27:02 | 000,243,204 | ---- | C] () -- C:\Users\*****\Desktop\unlocker1.8.7.exe [2010.05.16 20:52:32 | 001,225,314 | ---- | C] () -- C:\Users\*****\Desktop\100_9124.JPG [2010.05.13 03:37:25 | 000,002,076 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.05.07 21:52:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.05.06 18:43:02 | 023,755,232 | ---- | C] () -- C:\Users\*****\Desktop\HOUSE MUSIC 2010- (STROMAE,RUDE BOY HOUSE MIX,TIK TOK,AKCENT) MAGIC CITY ENTERTAINMENT.MP3 [2010.04.24 12:26:06 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk [2009.12.19 03:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2009.12.16 01:55:14 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2009.12.15 17:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys [2009.10.25 19:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2009.10.10 00:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2009.09.24 00:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.17 23:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini [2009.08.23 19:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL [2009.08.23 19:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL [2009.07.16 22:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini [2009.07.16 22:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys [2009.07.16 22:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll [2009.07.14 17:15:00 | 000,178,432 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.05.03 05:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2009.03.28 23:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll [2009.03.03 02:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll [2009.03.03 02:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.03.03 02:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.03.03 02:17:36 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2009.03.03 02:17:36 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009.02.14 11:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini [2008.10.14 17:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008.10.14 17:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008.10.14 17:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2008.09.30 18:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2007.08.08 18:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys [2007.01.10 07:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP 1B5B4F1< End of report > |
|
18.05.2010, 14:46
| #13 |
| Gesperrt | Böser Hacker und Hier die der zweiter (extras): OTL Extras logfile created on: 18.05.2010 15:30:16 - Run 2 OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\*****\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free 7,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 11,06 Gb Free Space | 3,86% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded Drive I: | 6,90 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: *****-PC Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- Reg Error: Value error. https [open] -- Reg Error: Value error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3150804105-3559284404-3918947858-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 "DoNotAllowExceptions" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{059F915C-36DD-4900-ABDB-7C3368EB49A3}" = lport=51970 | protocol=6 | dir=in | name=51970 | "{09B0FCC5-BA96-4AD5-819D-20426DC3861D}" = lport=3889 | protocol=6 | dir=in | name=3889 | "{0C0F902B-BFFE-42AA-8244-63A4FEBD94A3}" = lport=6883 | protocol=6 | dir=in | name=6883 | "{0D7DD56A-3021-4D39-914E-217C0E00CA37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{1F1AE682-A9BB-4B25-90F4-EC0C353F663C}" = lport=52525 | protocol=6 | dir=in | name=52525 | "{21922F4E-46F8-4623-BBE2-771BB2C298D4}" = lport=6886 | protocol=6 | dir=in | name=6886 | "{2820386C-5AE1-4CD2-8AD2-0DC8E9B2FCB9}" = lport=3882 | protocol=6 | dir=in | name=3882 | "{2D343DC1-C2BC-412C-BEE9-CC69B3A01E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{32781735-DE82-4D50-AEAD-E049A881E636}" = lport=3883 | protocol=6 | dir=in | name=3883 | "{34FCB130-2A06-41D9-88B4-A405DDAE2757}" = lport=20843 | protocol=6 | dir=in | name=20843 | "{372F5F79-FB58-43E9-9BB5-28C89231BB58}" = lport=6969 | protocol=6 | dir=in | name=6969 | "{380F9240-FAB8-4FBA-A84B-D6171D08330D}" = lport=3885 | protocol=6 | dir=in | name=3885 | "{3CED33EB-9125-46E8-87C1-401BEEF54C13}" = lport=6800 | protocol=6 | dir=in | name=sacred2 192.168.178.28 6800 | "{475B13D6-835E-4678-B033-C7D038FEFA61}" = lport=119 | protocol=6 | dir=in | name=119 | "{4C7479D1-286C-429B-9922-F11670B3F394}" = lport=3886 | protocol=6 | dir=in | name=3886 | "{4F8CEA56-8CFB-444C-820D-0A7C189F735A}" = lport=119 | protocol=17 | dir=in | name=119 | "{5414442F-CC5B-4C27-B938-DE68EC3B08B5}" = lport=3881 | protocol=6 | dir=in | name=3881 | "{6AD82A48-3A52-45F4-82E1-5DA6797229BE}" = lport=7011 | protocol=6 | dir=in | name=7011 | "{6E632DC8-2F4A-440D-AE49-D2BBDF5A21AF}" = lport=49152 | protocol=6 | dir=in | name=49152 | "{73727A79-255C-4F61-A9E2-6D9CC6FB2FC2}" = lport=3884 | protocol=6 | dir=in | name=3884 | "{84B4C29B-66C0-4BD1-8D30-99BE66E26FB0}" = lport=3887 | protocol=6 | dir=in | name=3887 | "{89462D0C-C474-4AFD-8434-CB75BA8CCA21}" = lport=6884 | protocol=6 | dir=in | name=6884 | "{A0671457-EAF9-4652-B620-EDA43D0AE158}" = lport=3888 | protocol=6 | dir=in | name=3888 | "{A0836C36-3F50-4544-9824-ADE04B10F05D}" = lport=2869 | protocol=6 | dir=in | app=system | "{A2E5912A-F13E-42ED-ABC9-103AA342DA47}" = lport=6800 | protocol=17 | dir=in | name=sacred2 | "{A7C86D55-F4B3-4F7A-A443-0F8119B41471}" = lport=6889 | protocol=6 | dir=in | name=6889 | "{AC58AAAE-0AE3-42CA-AE06-BDD2568890DC}" = lport=443 | protocol=6 | dir=in | name=usenext | "{B2F0C6A8-EB65-468A-84E2-8F0740D6374D}" = lport=2869 | protocol=6 | dir=in | app=system | "{B3389A1F-52DE-4B14-A1E1-BAB24544F65F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{B47CE0E3-6F06-47D6-9D89-9DD6735664D5}" = lport=6882 | protocol=6 | dir=in | name=6882 | "{B58310DA-5D09-418D-B9F7-FE388FB267EC}" = lport=7011 | protocol=17 | dir=in | name=192.168.178.28 7011 | "{B79271F7-F7A8-4808-81F1-18D73661435B}" = lport=6887 | protocol=6 | dir=in | name=6887 | "{BCD222B2-4060-483E-BC76-ACC58CE3D67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C1E9DFC5-F541-4CFB-8F9F-0CAC495330C9}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe | "{C213CEB1-F984-4B8F-AE4A-0DC4FB048C4F}" = lport=2869 | protocol=6 | dir=in | app=system | "{CB7B40D3-E901-4E77-A634-E671EF8AC810}" = lport=2869 | protocol=6 | dir=in | app=system | "{CC6590F8-2002-481C-9D70-C11CC7D7E16A}" = lport=6881 | protocol=6 | dir=in | name=6881 | "{CF3B30C8-4505-4364-992B-1DF122BE4BFE}" = lport=6888 | protocol=6 | dir=in | name=6888 | "{DC8EC2BA-0C81-4FAC-92C1-CB8993317EED}" = lport=6885 | protocol=6 | dir=in | name=6885 | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01797C0D-7CD1-452F-BED3-3CF4145E99E2}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | "{01FB15C3-77CC-4BB3-8056-5BE78EF4D062}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{05097E66-1213-48A9-928A-C3F80DC1F947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{052DD755-25CB-40C7-A41A-6B2D68FF6B0B}" = protocol=6 | dir=in | app=h:\fsetup.exe | "{0C1BDEB8-8F35-43E4-BF83-FE9D24D370E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{0C930D68-7D5A-4BEB-907B-CCB8778BCDBC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{0DC047B8-8FC5-4E3E-9627-10A31D42286F}" = protocol=17 | dir=in | app=c:\program files\usenext\usenext.exe | "{0E6FBDCD-1056-49AF-975A-B5CD5BEAECCE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{0F223D9F-30EA-4920-878D-391EBC650F43}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | "{0F9DC035-D875-4570-8C0F-BAD3B52DF030}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{1385EAB8-3770-4FA6-8D24-787F70A04D71}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{14D574BB-20E2-4F92-842D-34044DD3125F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | "{177773E1-D11A-4E3E-AED6-F128B9E62A1D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{1AE1DD15-9F0C-4DBC-98A1-1DAE8EBED4D3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{1CD1CE4D-DEA7-4FB1-9AD3-B4033583B122}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | "{1DA2158A-4CDB-4656-BFF8-FD10293E5177}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe | "{20918BC8-ED22-4DDA-8139-7BD39214D2AD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{24E9F2B3-AA8B-4409-A73D-E397E5FBAD63}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe | "{2DE0E0F5-E745-426E-B699-961E7C5E7107}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{2F96EAD0-9F56-436F-A705-C972A057DF5B}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe | "{314938D5-5521-4174-81B6-3885C1CE6FEF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "{392163A3-E5AA-4E59-A719-CAECE2BBB21B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe | "{3D17F957-FAB3-484B-95CF-7639C02EB052}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | "{417896F0-27DA-4819-953F-FB060A68DD1B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{46833256-8126-4282-9E6A-392DD5D43FB4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{47575330-50D8-4ECD-9DC9-D4B04D0941B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{48344705-46FD-4CF4-8906-9EDB572ADBE5}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe | "{4A269245-E4C8-4FCD-B3A4-732DF659AD39}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{4B218E1F-1CB2-4F99-95F9-FBD3A26C8B1C}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | "{4D13031E-AB13-4474-86D7-DC4E66464B5E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{4E9E3A47-4516-41DB-8D45-9E53B13F514B}" = protocol=6 | dir=in | app=c:\program files\usenext\usenext.exe | "{516B3692-9B54-4290-B4C2-51EC873F879F}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe | "{520847CD-9EFB-4209-BB79-710C181FE644}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs365e.tmp\symnrt.exe | "{5561A96D-6D8F-4107-8556-C51C1B3F27E1}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe | "{56E5AB82-C460-4042-9B80-2D823A351642}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{5863ADD9-5F0A-4E5B-B7B9-489E9F313BDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{5986533A-F73A-4AAE-8C2D-ADD49F7DE9D9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{5DEB8D39-CF64-4DC9-A616-94F80009A37F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{5F5714A0-88B7-4EE4-993E-E0DFC2084192}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5FFA1E17-2AFE-4B7F-AB79-6F33DA43FCEE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{615A4083-3442-4DB1-8B83-C7904221A603}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6677AE2E-1765-4265-834E-E26A4A415693}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe | "{694FA893-FA3A-4E00-9F18-514B680B3222}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe | "{6F2EF067-AAF7-46B6-B311-3F73A44C9837}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{71A86CE6-948C-40F1-BA6F-63D508910F66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{71FDC0F9-6FE4-4F4F-A665-97D5011B772C}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{737D8D37-E40F-4D60-90F7-40EE3689B42F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{80709898-868C-4F14-B1ED-F6223977D370}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe | "{81B9F5A7-E4BF-439D-B279-D406A3404A77}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys | "{82DA41A6-FBC5-4901-A683-16773E5805C1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{84749D83-4391-40E1-84F0-8A4612E7F696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{85F9E1C8-5A40-45B2-82BB-64C0C1B603CE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys | "{87343C82-E9EB-4C8A-A0AE-9E0E6597BFCE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{895B82C8-8962-459C-B602-7EF9A7675D0A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe | "{8DC82DAC-F43D-44C2-8B2A-9B8CEB700E94}" = protocol=6 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe | "{8F48CF1E-1A82-44FD-8F93-03E40D81885B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{91738D1D-B510-477E-9BAD-89400964ABBA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{94179E3B-68F7-47F2-AB44-5EF9755C6E56}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{989B908C-B249-4DBE-ABA0-676E021334C8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | "{99D91D7A-8D4B-4F4D-B7AF-37EB4596F852}" = protocol=17 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe | "{9A5581AE-7C48-4A30-81C3-68628948C2A6}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{9C288235-2EE2-4B70-ACB5-2FCC2E38ABEB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{9DA1AE38-B8BA-4B64-B2F6-7F6FC747586D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | "{A954C762-FAFB-4F6E-B5EC-E172DB296DE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{B0B80788-C5E3-4814-9C05-77461B2F8972}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | "{B0C834B5-CF99-4D79-A7A0-E7600FECA952}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{B17DC528-6E09-43B4-9F82-2C828DB22D0B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{BA217FB3-AB08-44F9-9368-EC6D871D0A2A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{BD99DB92-4FED-4A48-97D0-198266E66945}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe | "{C16A1AB9-DC9A-43FF-88C5-5DD1DF7D98EE}" = protocol=17 | dir=in | app=h:\fsetup.exe | "{C3573122-D9DA-4D6A-A78A-024F03574B6F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | "{C73AF844-090D-457E-8F2D-65C4C7AA9100}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe | "{C85E5F7F-F2A4-4A1A-BE1E-1D15F2385B30}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | "{D0621E23-B4A2-4D49-A12A-D887FCB4CC45}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys | "{D2ED27D8-1AF3-4067-9E97-F6149CCD1004}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe | "{D2F63111-54A2-4EF3-9E4A-C5F8149DC9BE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe | "{D45B6BD1-B1D2-4C53-87D1-F78450D7AB77}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{D645D8A6-2AD7-495E-8CE3-A425735C3426}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys | "{D9775EDC-E3B3-4EAD-B11A-7968CB8CC321}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe | "{DA1448AB-781E-4A48-BB58-BF0C26B70A56}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe | "{DA745B1D-1479-47AB-AD52-931C8AF4AC12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{DC09C0AB-D335-4ECA-B51B-567085898FF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{E56A9860-5886-47B3-A63C-74B84E177CA0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{EEE4D6D7-5060-447C-BCA1-9BE73CC302D8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{F0D5BC82-AB77-44BC-ABC0-007B30D7D333}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe | "{F5AA772C-3E67-4C11-A7F5-D1C5D281A526}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{F99A4917-42AA-4AA3-9AD3-C1CCE066A06E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe | "{FAACD65D-192A-4D77-86A9-3D94347DF20E}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs365e.tmp\symnrt.exe | "{FE45AC75-B5C5-4BB4-9D6A-7EF10B1337D1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe | "TCP Query User{10E85D8B-931D-4F82-B6E6-34F3013CEFE2}C:\gta\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\gta\gtawin\grand theft auto.exe | "TCP Query User{3BCD04D0-EBC2-4887-8B3C-E38ACDA98F2E}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{3E831DE0-46B3-4826-B793-048D8D785B1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{3F9ADF29-51E3-4A0D-906B-C37EBD512EC6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "TCP Query User{4181C1C6-AB2E-4D55-A83D-4D1D4C386B69}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "TCP Query User{45781EB7-B2CF-49A8-B53B-5FABD69991B2}C:\users\*****\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\*****\program files\dna\btdna.exe | "TCP Query User{5336B6CE-05A2-42B3-A0DD-2317C813BC42}C:\windows\system32\winupdateman.exe" = protocol=6 | dir=in | app=c:\windows\system32\winupdateman.exe | "TCP Query User{6BF59FC7-C270-48FA-BFBA-821DBFAF0355}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | "TCP Query User{7DB0D180-02EA-487A-A5D9-97FEC87BF2BB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{824D0ECB-AE5C-4CF8-8796-C3738B49DB26}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | "TCP Query User{8D881CE4-B387-4513-9BD0-3C99984C7DF3}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{AB9202E6-AD7F-46EC-A9C6-776BB547A68B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe | "TCP Query User{CB0BD445-F604-4B15-A819-E553D7483392}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "TCP Query User{D43E42BB-CD09-4177-B670-522B8A78BED2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{E1B034EA-EEB8-4FF6-B8CE-B0BD6C85AE18}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{0534A750-77BB-49CF-9BF1-EF7C0C31A981}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe | "UDP Query User{1FB4E85F-4D61-40CD-B59A-B6E9B04FE08C}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | "UDP Query User{2D8672B7-6175-41C8-9CCD-8D8121A4242B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | "UDP Query User{348735B3-2C89-4C3A-AEA6-D7CF8A5719F7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | "UDP Query User{358CFED0-A205-46E7-B5E8-C4F30BB605A8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{35E469E5-1177-4013-B6B6-B73E1198A71F}C:\users\*****\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\*****\program files\dna\btdna.exe | "UDP Query User{386144F2-9BA6-4D5F-AEDF-E373AF754F02}C:\windows\system32\winupdateman.exe" = protocol=17 | dir=in | app=c:\windows\system32\winupdateman.exe | "UDP Query User{4263C516-1200-4458-8E8B-2B8DBE239016}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe | "UDP Query User{6C9F507A-4A89-479D-A9FD-8A07D167DD44}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{800F7015-1309-4893-B67E-17C78B38533F}C:\gta\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\gta\gtawin\grand theft auto.exe | "UDP Query User{8C18A901-E37E-4832-A247-D5437300A82A}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe | "UDP Query User{9B82C92F-B853-4655-9928-7C13F791B09B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{A33A3619-FFF2-4628-8E7B-D63FE7D9EE59}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | "UDP Query User{D24DDB0B-5E7D-4855-B876-34234695230E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{F0C3F17D-8B6E-4F27-8270-05B2982B0476}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0 "{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar) "{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status "{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500 "{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4 "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar) "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{27197499-7680-4208-8FD8-5439CDB0FDC1}" = HPProductAssistant "{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010 "{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar) "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2 "{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5 "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{593A6CAF-E114-4e31-884F-74FF349E8E36}" = SolutionCenter "{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{69CBBEAC-4F50-4839-A5AF-58D5D6D46D4A}_is1" = Spyhunter Compact OS 1.0b "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar "{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80B6EB72-3C0C-47BF-B337-2D46988A58C5}" = EXP Viewer 6.0 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows "{98A64C75-BFD6-4212-8746-8BADC7ABA79E}" = Virtual CD v9 "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp "{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch "{A5653E98-C00B-421B-86A2-E7DA75BFD97A}" = iS3 STOPzilla Toolbar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE "{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC0E1AE3-091D-4969-B151-7AC142062C28}" = SmartWebPrinting "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D063F201-FAC4-4D5C-B10B-615058ADE5A7}" = HP Update "{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3 "{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService "{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser "{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "AC3Filter" = AC3Filter (remove only) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "AdobeReader" = Adobe Reader 8 "AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "CCleaner" = CCleaner (remove only) "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EADM" = EA Download Manager "Fraps" = Fraps "GESO Ernährungsberater_is1" = GESO Ernährungsberater "Google Chrome" = Google Chrome "GoogleBAE" = Google BAE "GoogleToolbar" = Google Toolbar "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP Imaging Device Functions" = HP Imaging Device Functions 11.0 "HP Photosmart Essential" = HP Photosmart Essential 3.0 "HP Smart Web Printing" = HP Smart Web Printing "HP Solution Center & Imaging Support Tools" = HP Solution Center 11.0 "HPExtendedCapabilities" = HP Customer Participation Program 11.0 "HzZ8-GXWY-ecvHD" = LoudMo Contextual Ad Assistant "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM) "InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines "jv16 PowerTools 2009_is1" = jv16 PowerTools 2009 "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full) "LimeWire" = LimeWire 5.5.8 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "mIRC" = mIRC "Mount&Blade Warband" = Mount&Blade Warband "Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9) "Nero8" = Nero 8 Essentials "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "OFF2k7_GE" = Microsoft® Office Home and Student 2007 "OpenAL" = OpenAL "PokerStars" = PokerStars "PunkBusterSvc" = PunkBuster Services "QuickPar" = QuickPar 0.9 "Security Task Manager" = Security Task Manager 1.7h "SETUPMYPC_DE" = SetUp My PC "Shop for HP Supplies" = Shop for HP Supplies "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008) "SystemRequirementsLab" = System Requirements Lab "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "Unlocker" = Unlocker 1.8.7 "Updator" = Packard Bell Updator "UseNeXT_is1" = UseNeXT "VIDEO_NVIDIA" = Video NVIDIA v174.90 "VLC media player" = VLC media player 0.9.6 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory "works9" = Microsoft Works 9 "Xfire" = Xfire (remove only) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "BitTorrent DNA" = DNA "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 01.08.2009 00:16:25 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 01.08.2009 08:28:14 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616, fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94, Prozess-ID 0xe34, Anwendungsstartzeit 01ca12a37f1b9d16. Error - 01.08.2009 08:28:53 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616, fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94, Prozess-ID 0x970, Anwendungsstartzeit 01ca12a3a13e5276. Error - 01.08.2009 10:39:26 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode 0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0xff8, Anwendungsstartzeit 01ca12a399e11946. Error - 02.08.2009 14:00:13 | Computer Name = *****-PC | Source = WinMgmt | ID = 10 Description = Error - 02.08.2009 19:50:57 | Computer Name = *****-PC | Source = Perflib | ID = 1010 Description = Error - 02.08.2009 19:50:57 | Computer Name = *****-PC | Source = Perflib | ID = 1008 Description = Error - 02.08.2009 19:56:44 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616, fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2, Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94, Prozess-ID 0x1458, Anwendungsstartzeit 01ca13ccd8b1545c. Error - 02.08.2009 21:44:51 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode 0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0x1744, Anwendungsstartzeit 01ca13ccef02ad8c. Error - 03.08.2009 14:00:38 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode 0xc0000374, Fehleroffset 0x000b015d, Prozess-ID 0xf10, Anwendungsstartzeit 01ca145885ec3d90. [ Media Center Events ] Error - 08.12.2009 11:26:50 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0 Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide [ System Events ] Error - 12.05.2010 21:00:43 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2010 13:03:21 | Computer Name = *****-PC | Source = bowser | ID = 8003 Description = Error - 16.05.2010 14:01:32 | Computer Name = *****-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am 16.05.2010 um 19:50:29 unerwartet heruntergefahren. Error - 16.05.2010 14:03:03 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 16.05.2010 14:03:26 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022 Description = Error - 17.05.2010 14:45:38 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7030 Description = Error - 17.05.2010 15:04:37 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.05.2010 15:04:56 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022 Description = Error - 17.05.2010 16:42:32 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7000 Description = Error - 17.05.2010 16:42:44 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > |
|
18.05.2010, 15:47
| #15 |
| /// Helfer-Team | Böser Hacker Ja, GMER neigt leider bisweilen zu Abstürzen Versuch es mal bitte mit Sophos: Rootkitscan mit Sophos Anti-Rootkit
|
|
| Themen zu Böser Hacker |
| antivir guard, ask toolbar, ask.com, auf einmal, avgnt, avira, desktop, downloader, enigma, firefox, google, gupdate, hacker, hijack, hijackthis, hijackthis log, hkus\s-1-5-18, internet, internet explorer, jusched.exe, kaspersky, local\temp, locker, nicht mehr öffnen, plug-in, problem, scheisse, security.hijack, senden, software, spielen, spigot, stopzilla, system, trojaner, viren, vista, windows, youtube downloader |
Linear-Darstellung
