| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus?liveupdate.exe dateien verschwindenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.04.2011, 15:46
| #1 |
 |  Virus?liveupdate.exe dateien verschwinden Hallo Ihr Lieben, ich habe ein arges Problem welches mir gerad bisschen Sorgen macht und hoffe ihr könnt mir helfen  Schätzungsweise letzte Woche habe ich ganz normal im Netz gegoogled und auf einmal schlug AntiVir bei mir Alarm, es war schon eine Tortur die Fenster wieder zu schließen die sich mir auftaten... Laut Virenprogrammen hat sich wohl irgendwas an Liveupdate.exe eingeschlichen und dieses Etwas hat mir im System32 was angerichtet (habe nicht wirklich viel Plan davon) Ich poste mal die Funde von Antivir: Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL' enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL' enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan]. In der Datei 'C:\Users\Krissy\AppData\Local\Mozilla\Firefox\Profiles\tx1u8grj.default\Cache\53FF5DCDd01' wurde ein Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware] gefunden. Ausgeführte Aktion: Zugriff erlauben (((Ich habe jdfls keinen Zugriff erlaubt, kann aber auch sein, dass jemand anderes an meinem Netbook war))) Die Datei 'C:\Users\Krissy\AppData\Local\Mozilla\Firefox\Profiles\tx1u8grj.default\Cache\53FF5DCDd01' enthielt einen Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware]. In der Datei 'C:\Users\Krissy\AppData\Local\Temp\InternetExplorerUpdate.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden. In der Datei 'C:\Users\Krissy\Downloads\VLCSetup.exe' wurde ein Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware] gefunden. Die Datei 'C:\Users\Krissy\Downloads\gamin16.rar' enthielt einen Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan]. In der Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan] gefunden Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL' enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan]. Durchgeführte Aktion(en): Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003. Die Datei konnte nicht gelöscht werden! Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen. Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '516defff.qua' verschoben! Und tagelang kommt im 10-Minuten-Takt die Meldung: In der Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL' wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Die Reportdatei  Avira AntiVir Personal Erstellungsdatum der Reportdatei: Samstag, 9. April 2011 15:59 Es wird nach 2537417 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Windowsversion : (plain) [6.1.7600] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : KRISSY-NETBOOK Versionsinformationen: BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00 AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:22:56 AVSCAN.DLL : 10.0.3.0 56168 Bytes 10.01.2011 13:23:14 LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:03 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11 VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 10:26:21 VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 19:28:46 VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 19:28:46 VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 19:28:46 VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 19:28:46 VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 19:28:47 VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 19:28:47 VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 19:28:47 VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 19:28:47 VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 19:28:47 VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 19:28:48 VBASE013.VDF : 7.11.5.235 2048 Bytes 07.04.2011 19:28:48 VBASE014.VDF : 7.11.5.236 2048 Bytes 07.04.2011 19:28:48 VBASE015.VDF : 7.11.5.237 2048 Bytes 07.04.2011 19:28:48 VBASE016.VDF : 7.11.5.238 2048 Bytes 07.04.2011 19:28:48 VBASE017.VDF : 7.11.5.239 2048 Bytes 07.04.2011 19:28:48 VBASE018.VDF : 7.11.5.240 2048 Bytes 07.04.2011 19:28:49 VBASE019.VDF : 7.11.5.241 2048 Bytes 07.04.2011 19:28:49 VBASE020.VDF : 7.11.5.242 2048 Bytes 07.04.2011 19:28:49 VBASE021.VDF : 7.11.5.243 2048 Bytes 07.04.2011 19:28:49 VBASE022.VDF : 7.11.5.244 2048 Bytes 07.04.2011 19:28:49 VBASE023.VDF : 7.11.5.245 2048 Bytes 07.04.2011 19:28:49 VBASE024.VDF : 7.11.5.246 2048 Bytes 07.04.2011 19:28:50 VBASE025.VDF : 7.11.5.247 2048 Bytes 07.04.2011 19:28:50 VBASE026.VDF : 7.11.5.248 2048 Bytes 07.04.2011 19:28:50 VBASE027.VDF : 7.11.5.249 2048 Bytes 07.04.2011 19:28:50 VBASE028.VDF : 7.11.5.250 2048 Bytes 07.04.2011 19:28:50 VBASE029.VDF : 7.11.5.251 2048 Bytes 07.04.2011 19:28:50 VBASE030.VDF : 7.11.5.252 2048 Bytes 07.04.2011 19:28:50 VBASE031.VDF : 7.11.6.19 95744 Bytes 08.04.2011 19:27:14 Engineversion : 8.2.4.206 AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51 AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 05.04.2011 06:37:44 AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49 AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:22:49 AERDL.DLL : 8.1.9.9 639347 Bytes 26.03.2011 00:58:17 AEPACK.DLL : 8.2.6.0 549237 Bytes 07.04.2011 19:30:06 AEOFFICE.DLL : 8.1.1.20 205177 Bytes 05.04.2011 06:37:42 AEHEUR.DLL : 8.1.2.97 3428726 Bytes 07.04.2011 19:29:59 AEHELP.DLL : 8.1.16.1 246134 Bytes 12.02.2011 10:26:24 AEGEN.DLL : 8.1.5.4 397684 Bytes 05.04.2011 06:37:36 AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42 AECORE.DLL : 8.1.20.2 196982 Bytes 07.04.2011 19:28:53 AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41 AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56 AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:22:55 AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53 AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:22:55 AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:22:56 AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:22:51 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:22:54 SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02 AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56 NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08 RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.01.2011 13:23:15 Konfiguration für den aktuellen Suchlauf: Job Name..............................: avguard_async_scan Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4db769ca\guard_slideup.avp Protokollierung.......................: hoch Primäre Aktion........................: reparieren Sekundäre Aktion......................: quarantäne Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: aus Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: aus Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: hoch Abweichende Gefahrenkategorien........: +PFS, Erweiterte Sucheinstellungen..........: 0x08000000 Erweiterte Sucheinstellungen..........: 0x00300002 Beginn des Suchlaufs: Samstag, 9. April 2011 15:59 Die Reparatur von Rootkits ist nur im interaktiven Modus möglich! Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avscan.exe> Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\SearchProtocolHost.exe> Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Mozilla Firefox\firefox.exe> Durchsuche Prozess 'taskmgr.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\taskmgr.exe> Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\taskhost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\iPod\bin\iPodService.exe> Durchsuche Prozess 'uTorrent.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\uTorrent\uTorrent.exe> Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Windows Sidebar\sidebar.exe> Durchsuche Prozess 'veohwebplayer.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe> Durchsuche Prozess 'PCBoostTray.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe> Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avgnt.exe> Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Windows Media Player\wmpnetwk.exe> Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\DivX\DivX Update\DivXUpdate.exe> Durchsuche Prozess 'DDMService.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe> Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Common Files\Java\Java Update\jusched.exe> Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\iTunes\iTunesHelper.exe> Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe> Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe> Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\igfxsrvc.exe> Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\igfxpers.exe> Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\wbem\WmiPrvSE.exe> Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\hkcmd.exe> Durchsuche Prozess 'AsAgent.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe> Durchsuche Prozess 'LiveUpdate.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe> Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\AsScrPro.exe> Durchsuche Prozess 'HotkeyService.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\EeePC\HotkeyService\HotkeyService.exe> Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynTPHelper.exe> Durchsuche Prozess 'HotKeyMon.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe> Durchsuche Prozess 'SynAsusAcpi.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe> Durchsuche Prozess 'SuperHybridEngine.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\EeePC\SHE\SuperHybridEngine.exe> Durchsuche Prozess 'Eee Docking.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\ASUS\Eee Docking\Eee Docking.exe> Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe> Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\SearchIndexer.exe> Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe> Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe> Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\conhost.exe> Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avshadow.exe> Durchsuche Prozess 'OberonGameConsoleService.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe> Durchsuche Prozess 'mwssvc.exe' - '1' Modul(e) wurden durchsucht Modul ist infiziert -> <C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE> [FUND] Ist das Trojanische Pferd TR/Trash.Gen Durchsuche Prozess 'AsusService.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\AsusService.exe> Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe> Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\explorer.exe> Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avguard.exe> Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\dwm.exe> Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\taskhost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\sched.exe> Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\spoolsv.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\svchost.exe> Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\lsm.exe> Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\lsass.exe> Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\services.exe> Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\winlogon.exe> Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\wininit.exe> Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\csrss.exe> Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\csrss.exe> Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Modul ist OK -> <C:\Windows\System32\smss.exe> Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL' C:\Program Files\MyWebSearch\bar\2.bin\ NPMYWEBS.DLL [FUND] Ist das Trojanische Pferd TR/Trash.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b9c78e.qua' verschoben! Beginne mit der Suche in 'C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL' C:\Program Files\MyWebSearch\bar\2.bin\ M3PLUGIN.DLL [FUND] Ist das Trojanische Pferd TR/Trash.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5133e804.qua' verschoben! Ende des Suchlaufs: Samstag, 9. April 2011 16:00 Benötigte Zeit: 00:35 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 0 Verzeichnisse wurden überprüft 72 Dateien wurden geprüft 3 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 2 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 69 Dateien ohne Befall 0 Archive wurden durchsucht 0 Warnungen 2 Hinweise Die Suchergebnisse werden an den Guard übermittelt. Zudem sind meine Eigenen Ordner "leer". Rechtsklick Eigenschaften verrät mir allerdings, dass dort meine paar GB noch abgespeichert sind aber mir wird nix angezeigt. Auch Dokumente vom Desktop sind nicht mehr sichtbar oder gelöscht, die wichtig waren...Wiederherstellungszeitpunkt gibt es nur den 1.4.2011 obwohl regelmäßig erstellt worden ist...und am 1.4.2011 trat das Problem auf...die Dateien verschwanden aber erst nach und nach. Wiederherstellung trotzdem gemacht aber mein Netbook sagt mir "Leck mich dat hat nix gebracht...."  Ich hoffe jemand kann mir anhand der Informationen helfen.... Glg Krissy |
|
11.04.2011, 15:51
| #2 |
| /// Malware-holic   | Virus?liveupdate.exe dateien verschwinden na sicher können wir :-)
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
11.04.2011, 16:56
| #3 |
| |  Virus?liveupdate.exe dateien verschwinden Erstmal danke für das rasche Feedback
__________________ Das hat mein Netbook für Euch per OTL ausgespuckt....bin gespannt :/ OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 4/11/2011 4:59:26 PM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Krissy\Downloads Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 80.00 Gb Total Space | 47.79 Gb Free Space | 59.74% Space Free | Partition Type: NTFS Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS Computer Name: KRISSY-NETBOOK | User Name: Krissy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Krissy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH) PRC - C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe (PGWARE LLC) PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC) PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe () PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe () PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe () PRC - C:\Windows\System32\AsusService.exe () PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Krissy\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe () SRV - (AsusService) -- C:\Windows\System32\AsusService.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys () DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data] IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ASUS Eee Family | Easy to Learn, Work and Play [binary data] IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyWebSearch Home Page IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "My Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: low_quality_flash@pie2k.com:0.1 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2 FF - prefs.js..extensions.enabledItems: {23D9E118-C92C-4180-80B9-61852C71662B}:1.9.1 FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=" FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/22 21:28:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/22 21:28:36 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 05:52:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 05:52:40 | 000,000,000 | ---D | M] [2010/05/03 20:58:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\mozilla\Extensions [2011/04/09 11:36:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions [2011/04/11 16:09:37 | 000,000,000 | -H-D | M] (ImTranslator) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2011/04/11 16:09:37 | 000,000,000 | -H-D | M] (Modify Headers) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe} [2011/02/20 19:54:26 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\firefox@tvunetworks.com [2011/04/11 16:09:39 | 000,000,000 | -H-D | M] (Low Quality Flash) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\low_quality_flash@pie2k.com [2011/04/11 16:09:39 | 000,000,000 | -H-D | M] (Ask Toolbar Toolbar) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com [2011/04/11 16:09:38 | 000,000,000 | -H-D | M] (YouTube to MP3) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\youtube2mp3@mondayx.de [2011/01/24 22:38:26 | 000,010,015 | -H-- | M] () -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\searchplugins\mywebsearch.xml [2011/01/14 13:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2010/10/07 14:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/12/09 03:11:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/22 21:28:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011/01/22 21:28:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2011/04/11 16:09:42 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\KRISSY\APPDATA\LOCAL\{23D9E118-C92C-4180-80B9-61852C71662B} [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010/10/07 01:07:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/10/07 01:07:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/10/07 01:07:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/10/07 01:07:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/10/07 01:07:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk () O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe () O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe () O4 - HKLM..\Run: [EEESplendidAR] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PCBoost] C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe (PGWARE LLC) O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated) O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks) O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.) ========== Files/Folders - Created Within 30 Days ========== [2011/04/05 21:25:43 | 000,000,000 | ---D | C] -- C:\windows\Prefetch [2011/04/05 21:17:43 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes [2011/04/05 21:17:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/04/05 21:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/04/05 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/04/05 21:17:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/04/05 21:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/04/05 20:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4 [2011/04/05 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.4 [2011/04/05 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2011/04/05 19:36:13 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Desktop\taskmanager [2011/04/05 16:22:52 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore [2011/04/05 16:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B} [2011/03/22 02:46:08 | 003,002,471 | -H-- | C] (MyWebSearch.com) -- C:\Users\Krissy\AppData\Local\mwsautSp.exe [2011/03/12 19:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent [2011/03/12 19:57:43 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Roaming\uTorrent [2011/03/12 19:55:43 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus [2011/03/12 19:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus [2011/03/12 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Azureus [2009/11/04 15:06:04 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/04/11 16:19:18 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/04/11 16:19:18 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/04/11 16:16:02 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/04/11 16:11:20 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/04/11 16:10:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys [2011/04/05 21:17:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/04/05 19:25:31 | 000,000,120 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\Fnehoveraxifokel.dat [2011/04/05 16:23:00 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~35446536r [2011/04/05 16:23:00 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~35446536 [2011/04/05 16:22:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\35446536 [2011/04/05 16:15:22 | 000,000,000 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\Ujowocesofih.bin [2011/03/24 09:00:22 | 000,545,677 | -H-- | M] () -- C:\Users\Krissy\Desktop\7068_wortwitz.jpg [2011/03/22 02:46:09 | 003,002,471 | -H-- | M] (MyWebSearch.com) -- C:\Users\Krissy\AppData\Local\mwsautSp.exe [2011/03/19 01:11:04 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2011/03/17 08:27:34 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys [2011/03/12 19:58:45 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/04/05 21:17:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/04/05 16:23:00 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~35446536r [2011/04/05 16:22:59 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~35446536 [2011/04/05 16:22:44 | 000,000,328 | -H-- | C] () -- C:\ProgramData\35446536 [2011/04/05 16:15:22 | 000,000,120 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Fnehoveraxifokel.dat [2011/04/05 16:15:22 | 000,000,000 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Ujowocesofih.bin [2011/03/24 08:59:58 | 000,545,677 | -H-- | C] () -- C:\Users\Krissy\Desktop\7068_wortwitz.jpg [2011/03/19 01:11:04 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk [2011/03/12 19:58:45 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2011/02/03 23:06:00 | 000,003,584 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/11/15 01:47:44 | 000,007,598 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Resmon.ResmonCfg [2010/05/21 09:31:28 | 000,017,408 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\WebpageIcons.db [2010/05/04 02:21:56 | 000,000,000 | -H-- | C] () -- C:\Users\Krissy\AppData\Roaming\wklnhst.dat [2010/05/03 21:11:47 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS [2010/01/07 00:49:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/01/07 00:14:26 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys [2010/01/07 00:14:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini [2010/01/06 23:47:03 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe [2010/01/06 23:47:03 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini [2010/01/06 23:44:46 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat [2010/01/06 23:41:30 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat [2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/07/14 06:33:53 | 000,333,280 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat ========== LOP Check ========== [2010/01/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam [2010/01/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam [2010/05/03 23:29:47 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Asus [2011/04/11 16:09:42 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\E-Cam [2010/05/04 21:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\GoBoingo [2011/04/05 20:17:25 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ICQ [2011/01/14 01:08:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Local [2011/02/22 21:57:17 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\MahJong Suite [2010/05/04 23:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Opera [2011/02/12 13:28:22 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Thinstall [2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\TVgenial [2011/04/11 17:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent [2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WebcamMax [2011/02/12 14:26:31 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ZiggyTV [2009/07/14 06:53:46 | 000,030,312 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/04/05 16:13:23 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Adobe [2010/07/10 02:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Apple Computer [2010/05/03 23:29:47 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Asus [2011/02/14 14:03:18 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Avira [2010/05/05 14:30:30 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\DivX [2011/04/11 16:09:42 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\E-Cam [2010/05/04 21:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\GoBoingo [2011/04/05 20:17:25 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ICQ [2009/07/14 06:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Identities [2010/01/06 23:39:58 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\InstallShield [2011/01/14 01:08:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Local [2010/01/06 23:55:11 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Macromedia [2011/02/22 21:57:17 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\MahJong Suite [2011/04/05 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes [2011/04/11 16:09:40 | 000,000,000 | --SD | M] -- C:\Users\Krissy\AppData\Roaming\Microsoft [2010/05/03 20:58:18 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla [2010/05/04 23:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Opera [2011/02/12 13:28:22 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Thinstall [2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\TVgenial [2011/04/11 17:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent [2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WebcamMax [2010/05/12 04:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WinRAR [2011/02/12 14:26:31 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2011/02/01 19:04:18 | 000,052,616 | ---- | M] () -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com\chrome\content\issigned.exe [2011/03/20 19:44:51 | 003,325,832 | -H-- | M] (Ask) -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys [2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll [1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 4/11/2011 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Krissy\Downloads
Starter Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 47.79 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
Computer Name: KRISSY-NETBOOK | User Name: Krissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{342281AF-B7FE-4999-BE64-29F7D6249970}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2E9BD56A-2290-46DA-869F-2EDCF0A24E8B}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDC2421D-EB66-4F32-A588-F72E62EC4E94}" = EeeSplendid
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"DivX Setup.divx.com" = DivX-Setup
"Eee Docking_is1" = Eee Docking 3.6.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"MahJong Suite_is1" = MahJong Suite 2011 v8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"PCBoost_is1" = PCBoost
"PokerStars.net" = PokerStars.net
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVgenial" = TVgenial 4.10
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WebcamMax" = WebcamMax
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/18/2011 8:42:12 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0x120 Startzeit der fehlerhaften Anwendung: 0x01cbb6b60f2458a5 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: f38761a5-2364-11e0-91d3-485b39189b38
Error - 1/20/2011 1:24:57 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 1/22/2011 5:07:00 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0xec8 Startzeit der fehlerhaften Anwendung: 0x01cbba717b7ae5c6 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 8d07b294-266b-11e0-91d3-485b39189b38
Error - 1/23/2011 12:44:33 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 1/30/2011 8:31:28 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927,
Zeitstempel: 0x4a2752ff Ausnahmecode: 0xc000000d Fehleroffset: 0x00008aa0 ID des fehlerhaften
Prozesses: 0x15dc Startzeit der fehlerhaften Anwendung: 0x01cbc0ddb5976464 Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
710b5c3f-2cd1-11e0-91d3-485b39189b38
Error - 1/30/2011 10:21:41 PM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 2/2/2011 9:45:39 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.
Error - 2/5/2011 7:40:22 PM | Computer Name = Krissy-Netbook | Source = MsiInstaller | ID = 11935
Description =
Error - 2/7/2011 2:58:11 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf928fc Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
Zeitstempel: 0x4ba9b21e Ausnahmecode: 0xc0000005 Fehleroffset: 0x00046bf0 ID des fehlerhaften
Prozesses: 0x4a8 Startzeit der fehlerhaften Anwendung: 0x01cbc5910b0bb4eb Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe Pfad
des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll Berichtskennung: 35160945-32ec-11e0-9239-485b39189b38
Error - 2/9/2011 11:48:07 PM | Computer Name = Krissy-Netbook | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
DETECT. System Error: Der angegebene Dienst ist kein installierter Dienst. .
[ System Events ]
Error - 3/20/2011 5:11:26 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 3/20/2011 5:11:45 PM | Computer Name = Krissy-Netbook | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
der Anfangsadressen verweigerte.
Error - 3/20/2011 9:14:51 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 01:59:41 unerwartet heruntergefahren.
Error - 3/21/2011 1:21:30 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 18:20:10 unerwartet heruntergefahren.
Error - 3/21/2011 2:47:31 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 19:45:34 unerwartet heruntergefahren.
Error - 3/21/2011 8:40:14 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2011 um 01:39:06 unerwartet heruntergefahren.
Error - 3/21/2011 8:41:37 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 3/21/2011 8:41:37 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 3/21/2011 8:41:39 PM | Computer Name = Krissy-Netbook | Source = DCOM | ID = 10005
Description =
Error - 3/23/2011 4:44:18 AM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst Wlansvc erreicht.
< End of report >
glg Krissy Geändert von Princess21 (11.04.2011 um 17:00 Uhr) Grund: 2. Report hinzufügen |
|
11.04.2011, 17:36
| #4 |
| /// Malware-holic | Virus?liveupdate.exe dateien verschwinden lade dir unhide.exe http://filepony.de/download-unhide/ rechtsklick, als admin starten. lass das programm durchlaufen und prüfe ob dateien sichtbar werden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.04.2011, 18:02
| #5 |
| | Virus?liveupdate.exe dateien verschwinden Ich danke dir, das hat schon einiges geholfen - jedenfalls sind die Dateien wieder sichtbar  Jedoch hat sich das ja alles so nach und nach entwickelt, mir ist ein wenig Bange, dass in den nächsten Tagen der ganze Mist von vorne losgeht weil irgendwat muss sich mein PC doch eingefangen haben, dass der so rumspukt  Hab ich keine Möglichkeit herauszufinden was es ist und wie ich's wegbekomme? Die Wirkung hab ich ja nicht anhaltend bekämpft aber die Ursache schlummert hier ja noch rum  |
|
11.04.2011, 18:09
| #6 |
| /// Malware-holic | Virus?liveupdate.exe dateien verschwinden immer mit der ruhe. poste mir bitte alle Malwarebytes logs die du hast. zu finden unter malwarebytes, logdateien.
__________________ --> Virus?liveupdate.exe dateien verschwinden |
|
11.04.2011, 18:18
| #7 |
| | Virus?liveupdate.exe dateien verschwinden Wollte dich auch nicht stressen  Der Refog Keylogger war gewollt, nicht dass du dich deswegen wunderst  Hier die Logdatei Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 6280 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 05.04.2011 21:52:59 mbam-log-2011-04-05 (21-52-59).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 156470 Laufzeit: 15 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 1 Infizierte Speichermodule: 7 Infizierte Registrierungsschlüssel: 135 Infizierte Registrierungswerte: 12 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 29 Infizierte Dateien: 565 Infizierte Speicherprozesse: c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 1388 -> Unloaded process successfully. Infizierte Speichermodule: c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal. c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal. c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal. Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> Not selected for removal. HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Onehepiguyor (Trojan.Agent.U) -> Value: Onehepiguyor -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kfujigoreyesub (Trojan.Agent.U) -> Value: Kfujigoreyesub -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\programdata\MPK (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\refog personal monitor (Refog.Keylogger) -> Quarantined and deleted successfully. c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Windows\System32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully. Infizierte Dateien: c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal. c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal. c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot. c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal. c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\programdata\35446536.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully. c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\xowermcnas.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\tmp1104.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup104210064.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup1122799688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup1616803616.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup1658197920.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup1994244452.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup2024106000.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup2485476116.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\ptu505_tmp.exe (PUP.Casino) -> Not selected for removal. c:\Users\Krissy\AppData\Local\Temp\CC96.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\D6D2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\D701.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\ocamsxewnr.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\err.log113828594 (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup4007255760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup2654415980.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup2909314912.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup3030965844.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup3292206952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup348659576.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup349743944.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup3504067900.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Local\Temp\setup3540841432.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. c:\Users\Krissy\downloads\setupcasino_957b0d_de.exe (PUP.Casino) -> Quarantined and deleted successfully. c:\Users\Krissy\downloads\smileycentralpfsetup2.3.76.6.sa.hp.znfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Users\Krissy\downloads\europasetup_9e702b_de.exe (PUP.Casino) -> Quarantined and deleted successfully. c:\Users\Krissy\downloads\europasetup_2a6cf0_de.exe (PUP.Casino) -> Quarantined and deleted successfully. c:\Users\Krissy\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal. c:\Users\Krissy\downloads\europasetup_25bd16_de.exe (PUP.Casino) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Roaming\Adobe\plugs\kb113833492.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\Users\Krissy\AppData\Roaming\Adobe\plugs\kb113833633.exe (Trojan.Agent) -> Quarantined and deleted successfully. c:\programdata\MPK\M0000 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\refog personal monitor.lnk (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\S0000 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1467941667 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1502251736 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1536971875 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1571781366 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1606416898 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1641247801 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1675862153 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1710584954 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1745307870 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1780030671 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1814753935 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1849476273 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1918922106 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1953645023 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_1988367940 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2057813542 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2092536458 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2127259375 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2161982060 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2196704977 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2231427199 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2266150810 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2300873495 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2335596644 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2370319444 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2405041667 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2439764931 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2509210301 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2543933681 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2648102199 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2682825116 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2752270833 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2786993866 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2925885069 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_2960608102 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3099499306 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3134222569 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3168945255 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3203668403 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3238391088 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3273172454 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3307835995 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3342559606 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3377282755 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3412011806 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3446728009 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3481450347 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_3550896296 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7578748843 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7613649769 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7648194444 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7682917361 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7717756944 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7752362616 (Refog.Keylogger) -> Not selected for removal. c:\programdata\MPK\1\i40573_7787566088 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_7821809028 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_7856531134 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_7891254745 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_7925976968 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_7960701389 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_7995422801 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8030145255 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8064868056 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_2023090972 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_2717548032 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_3516175926 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8099594097 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8967662384 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0564988773 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1155206944 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1953832870 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2544120949 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3759421181 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6915276736 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9580777546 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0275234954 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_1108583796 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2522098264 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3635671643 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6318910417 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8136060069 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8169037153 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8203760185 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8342651852 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8377373843 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8586256829 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8620433796 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8655157870 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8689880787 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8724602778 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8759325810 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8794048843 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8828771875 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8863494676 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8898236343 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_8932940162 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9002740162 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9037108681 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9071835532 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9106554861 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9141277315 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9176000231 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9210723032 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9246012268 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9280169213 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9315053704 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9349615509 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9384337268 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9419172107 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9453783449 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9488506829 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9523229167 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9557951389 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9592674884 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9627397685 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9662120255 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9696843056 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9731565972 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9766288657 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9801011690 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9835741667 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9870457523 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9905180440 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9939903125 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40573_9974625463 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0009348843 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0044071875 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0148586227 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0182963310 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0217686227 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0252409028 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0287131597 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0321854051 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0356577431 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0391300694 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0426023148 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0460745602 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0495468750 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0530434954 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0599640741 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0634386111 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0669087384 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0703810069 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0738532176 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0773255671 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0807978819 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0842701620 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0877424190 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0912178241 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0946869560 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_0981592245 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1016314931 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1051038657 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1085760764 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1120483449 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1189929977 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1224651968 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1259375810 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1467712616 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1502435532 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1537157986 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1571881019 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1606604977 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1641328935 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1676049769 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1745496065 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1780218750 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1814942361 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1849664236 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1884386574 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1919110417 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_1988555324 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2023278819 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2058002083 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2092725579 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2127446991 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2162170139 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2196892708 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2231615625 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2266338426 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2301060764 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2335783912 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2370506829 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2405230324 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2439952778 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2474675810 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2509398727 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2578843750 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2613567593 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2648290509 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2683012269 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2717735301 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_2752458796 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3169132523 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3203855671 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3238578704 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3273301968 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3308023727 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3585806944 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3620564931 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3655253009 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3689976042 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3724699074 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3794144329 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3828867245 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3863591435 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3898313426 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3933035301 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_3967758565 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_4002481019 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_4037205671 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6533331944 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6568049306 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6602771065 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6637494213 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6776385648 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6811107870 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6845831250 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6880553125 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6950043056 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_6984722454 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7019445139 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7054168287 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7088891204 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7123614699 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7158336690 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7193058912 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_7401396759 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9336988426 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9372440393 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9407163657 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9441885880 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9476609144 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9511333449 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9546056250 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9615500926 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9650223148 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9684946181 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9719668750 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9754392824 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9789114699 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9823837037 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9858560301 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9893283681 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9928006250 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9962728588 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40574_9997571412 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0032175231 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0309957407 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0344680903 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0379403472 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0414127431 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0448849074 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0483573148 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0518294792 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0553017940 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0587740741 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0622463889 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0657186458 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0830801389 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0865522917 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_0900246644 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_1039137963 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_1073860417 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_1143306366 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2001255903 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2035978819 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2070701042 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2105424769 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2140147338 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2175165046 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2209672685 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2244632176 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2279038194 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2313762037 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2348485185 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2383206944 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2417930324 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2452653125 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2487375926 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_2556821644 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3114824653 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3149547338 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3184314815 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3219029745 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3253716551 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3288459606 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3323162384 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3357924884 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3392607407 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3427330903 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3462053935 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3496776157 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3531499653 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3566222454 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3600944676 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3670394792 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3705117130 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3739839931 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3774564815 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3809285880 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3844009722 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_3878731018 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6006357060 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6041080440 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6075802778 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6110553588 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6145248611 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6180025232 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6214694907 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6249418056 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6284203009 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6353751389 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6388417361 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6423321181 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6457755208 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6492477083 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6527288079 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6562138079 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40575_6596646644 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_1892591782 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_1927333102 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_1961973727 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_1996530324 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2031257639 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2066348495 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2100654514 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2135376620 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2170308796 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2204822917 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2239546181 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_2552051273 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_5427796296 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\1\i40576_5462533912 (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\refog personal monitor\jetzt bestellen!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\refog personal monitor\refog personal monitor im internet.lnk (Refog.Keylogger) -> Quarantined and deleted successfully. c:\programdata\MPK\refog personal monitor\refog personal monitor.lnk (Refog.Keylogger) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\trial_pro.ini (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\upgrade_aeu.png (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\upgrade_aus.png (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\brazilian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\English.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\French.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\German.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Italian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Polish.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\portuguese.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> Quarantined and deleted successfully. c:\Windows\System32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully. |
|
11.04.2011, 18:20
| #8 |
| /// Malware-holic | Virus?liveupdate.exe dateien verschwinden ich fühlte mich nicht gestresst, ich meinte, immer mit der ruhe, wir bekommen das hin. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.04.2011, 19:10
| #9 |
| | Virus?liveupdate.exe dateien verschwinden So,das hat ein wenig mehr Zeit in Anspruch genommen...und weiter gehts mit dem Log: Combofix Logfile: Code:
ATTFilter ComboFix 11-04-10.04 - Krissy 11.04.2011 19:36:44.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1014.429 [GMT 2:00]
ausgeführt von:: c:\users\Krissy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40573_1467941667
c:\programdata\MPK\1\I40573_1502251736
c:\programdata\MPK\1\I40573_1536971875
c:\programdata\MPK\1\I40573_1571781366
c:\programdata\MPK\1\I40573_1606416898
c:\programdata\MPK\1\I40573_1641247801
c:\programdata\MPK\1\I40573_1675862153
c:\programdata\MPK\1\I40573_1710584954
c:\programdata\MPK\1\I40573_1745307870
c:\programdata\MPK\1\I40573_1780030671
c:\programdata\MPK\1\I40573_1814753935
c:\programdata\MPK\1\I40573_1849476273
c:\programdata\MPK\1\I40573_1918922106
c:\programdata\MPK\1\I40573_1953645023
c:\programdata\MPK\1\I40573_1988367940
c:\programdata\MPK\1\I40573_2057813542
c:\programdata\MPK\1\I40573_2092536458
c:\programdata\MPK\1\I40573_2127259375
c:\programdata\MPK\1\I40573_2161982060
c:\programdata\MPK\1\I40573_2196704977
c:\programdata\MPK\1\I40573_2231427199
c:\programdata\MPK\1\I40573_2266150810
c:\programdata\MPK\1\I40573_2300873495
c:\programdata\MPK\1\I40573_2335596644
c:\programdata\MPK\1\I40573_2370319444
c:\programdata\MPK\1\I40573_2405041667
c:\programdata\MPK\1\I40573_2439764931
c:\programdata\MPK\1\I40573_2509210301
c:\programdata\MPK\1\I40573_2543933681
c:\programdata\MPK\1\I40573_2648102199
c:\programdata\MPK\1\I40573_2682825116
c:\programdata\MPK\1\I40573_2752270833
c:\programdata\MPK\1\I40573_2786993866
c:\programdata\MPK\1\I40573_2925885069
c:\programdata\MPK\1\I40573_2960608102
c:\programdata\MPK\1\I40573_3099499306
c:\programdata\MPK\1\I40573_3134222569
c:\programdata\MPK\1\I40573_3168945255
c:\programdata\MPK\1\I40573_3203668403
c:\programdata\MPK\1\I40573_3238391088
c:\programdata\MPK\1\I40573_3273172454
c:\programdata\MPK\1\I40573_3307835995
c:\programdata\MPK\1\I40573_3342559606
c:\programdata\MPK\1\I40573_3377282755
c:\programdata\MPK\1\I40573_3412011806
c:\programdata\MPK\1\I40573_3446728009
c:\programdata\MPK\1\I40573_3481450347
c:\programdata\MPK\1\I40573_3550896296
c:\programdata\MPK\1\I40573_7578748843
c:\programdata\MPK\1\I40573_7613649769
c:\programdata\MPK\1\I40573_7648194444
c:\programdata\MPK\1\I40573_7682917361
c:\programdata\MPK\1\I40573_7717756944
c:\programdata\MPK\1\I40573_7752362616
c:\programdata\MPK\M0000
c:\programdata\MPK\REFOG Personal Monitor.lnk
c:\programdata\MPK\S0000
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome.manifest
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome\content\_cfg.js
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome\content\overlay.xul
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\install.rdf
c:\users\Krissy\AppData\Local\mwsautSp.exe
c:\users\Krissy\AppData\Roaming\Adobe\plugs
c:\users\Krissy\AppData\Roaming\Adobe\shed
c:\users\Krissy\AppData\Roaming\Local
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\5241c27e91ad0108f000b6cf403990d2.avi.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\92bdfd5f6c6a95f5086b17bdc4cd5929.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Das_M_rder-Hotel.avi.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5241c27e91ad0108f000b6cf403990d2.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\92bdfd5f6c6a95f5086b17bdc4cd5929.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Das_M_rder-Hotel.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Geliebt.und.gef--rchtet.-.Spinnen.-.von.Otto.Hahn,.S-dwest.04.05.04.xvid.800kbps,.mp3.192.kbps.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvp_hennes.bender.live.egal.gibts.nicht.teil1.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\tvp_hennes.bender.live.egal.gibts.nicht.teil1.avi.ddr
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Windows Restore.lnk
c:\windows\system32\service
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\06072010_TIS17_PccScan.log
c:\windows\system32\service\11102010_TIS17_SfFniAU.log
c:\windows\system32\service\27092010_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-11 bis 2011-04-11 ))))))))))))))))))))))))))))))
.
.
2011-04-11 17:56 . 2011-04-11 18:01 -------- d-----w- c:\users\Krissy\AppData\Local\temp
2011-04-11 17:56 . 2011-04-11 17:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-08 20:19 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75D267E7-1DBC-4CEB-A894-2F47BA535E69}\mpengine.dll
2011-04-05 19:32 . 2011-04-05 19:32 5106 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-05 19:17 . 2011-04-05 19:17 -------- d-----w- c:\users\Krissy\AppData\Roaming\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:17 . 2011-04-05 19:17 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-05 19:17 . 2011-04-11 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 18:02 . 2011-04-11 14:10 -------- d-----w- c:\program files\ICQ7.4
2011-04-05 17:38 . 2011-04-11 14:09 -------- d-----w- c:\programdata\SecTaskMan
2011-04-05 14:15 . 2011-04-05 14:15 0 ----a-w- c:\users\Krissy\AppData\Local\Ujowocesofih.bin
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:27 . 2011-02-12 10:23 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 14:39 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 08:37 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-05-03 18:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2011-01-06 6046960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-03 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"PCBoost"="c:\program files\PGWARE\PCBoost\PCBoostTray.exe" [2010-12-19 1722616]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com
FF - Ext: Ask Toolbar Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynAsusAcpi.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11 20:06:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-11 18:06
.
Vor Suchlauf: 8 Verzeichnis(se), 51.167.219.712 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 53.657.784.320 Bytes frei
.
- - End Of File - - 6B36932EE9CD410C11F645F5AA838C01
|
|
11.04.2011, 19:19
| #10 |
| /// Malware-holic | Virus?liveupdate.exe dateien verschwinden start programme zubehör editor, kopiere rein: killal:: rootkit:: c:\users\Krissy\AppData\Local\Ujowocesofih.bin datei speichern unter, ort dort wo sich combofix.exe befindet, typ alle dateien, name: cfscript.txt ziehe cfscript auf combofix, programm startet log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.04.2011, 19:55
| #11 |
| | Virus?liveupdate.exe dateien verschwinden Gesagt, getan... Combofix Logfile: Code:
ATTFilter ComboFix 11-04-10.04 - Krissy 11.04.2011 20:27:49.2.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.49.1031.18.1014.301 [GMT 2:00]
ausgeführt von:: c:\users\Krissy\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Krissy\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ERDNT\cache\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-11 bis 2011-04-11 ))))))))))))))))))))))))))))))
.
.
2011-04-11 18:44 . 2011-04-11 18:47 -------- d-----w- c:\users\Krissy\AppData\Local\temp
2011-04-11 18:44 . 2011-04-11 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-08 20:19 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{75D267E7-1DBC-4CEB-A894-2F47BA535E69}\mpengine.dll
2011-04-05 19:32 . 2011-04-05 19:32 5106 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-04-05 19:17 . 2011-04-05 19:17 -------- d-----w- c:\users\Krissy\AppData\Roaming\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:17 . 2011-04-05 19:17 -------- d-----w- c:\programdata\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-05 19:17 . 2011-04-11 14:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-05 18:02 . 2011-04-11 14:10 -------- d-----w- c:\program files\ICQ7.4
2011-04-05 17:38 . 2011-04-11 14:09 -------- d-----w- c:\programdata\SecTaskMan
2011-04-05 14:15 . 2011-04-05 14:15 0 ----a-w- c:\users\Krissy\AppData\Local\Ujowocesofih.bin
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:27 . 2011-02-12 10:23 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 14:39 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:39 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:39 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 08:37 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-05-03 18:57 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17 1487240 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2011-01-06 6046960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-03 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"PCBoost"="c:\program files\PGWARE\PCBoost\PCBoostTray.exe" [2010-12-19 1722616]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com
FF - Ext: Ask Toolbar Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11 20:53:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-11 18:53
ComboFix2.txt 2011-04-11 18:06
.
Vor Suchlauf: 12 Verzeichnis(se), 53.704.916.992 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 53.420.204.032 Bytes frei
.
- - End Of File - - A535F66CDF687E176C85AF49900DC559
|
|
12.04.2011, 10:04
| #12 |
| /// Malware-holic | Virus?liveupdate.exe dateien verschwinden klicke mal auf computer, auf c: dort öffne den ordner qoobox. dort rechtsklick auf quarantain, und mit winrar oder zip packen. dann hochladen: dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.04.2011, 14:24
| #13 |
| | Virus?liveupdate.exe dateien verschwinden Hab ich gemacht, ist hoffentlich richtig hochgeladen worden! |
|
12.04.2011, 14:39
| #14 |
| /// Malware-holic | Virus?liveupdate.exe dateien verschwinden nö, ist vllt zu groß lad mal bei File-Upload.net - Ihr kostenloser File Hoster! hoch und sende mir den link als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.04.2011, 14:46
| #15 |
| | Virus?liveupdate.exe dateien verschwinden Die rar-datei hat eine größe von 503 mb...das max beträgt bei file upload auch 100mb... lade jetzt die datei auf file savr hoch, da gehts bis 2gb...und dann schick ich dir den link,ok? |
|
| Themen zu Virus?liveupdate.exe dateien verschwinden |
| adware, antivir, asus, c:\windows\system32\services.exe, dateien, dateien verschwinden, desktop, eeepc, fehler, firefox, infiziert, liveupdate.exe, modul, mozilla, nt.dll, ordner, problem, programme, prozesse, realtek, schließen, services.exe, svchost.exe, system, taskhost.exe, temp, tr/crypt.epack.gen, tr/crypt.epack.gen2' [trojan], tr/drop.softomat.an, trojaner, verschwunden, virus, windows, winlogon.exe, wmp |
Linear-Darstellung
