Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus?liveupdate.exe dateien verschwinden (https://www.trojaner-board.de/97339-virus-liveupdate-exe-dateien-verschwinden.html)

Princess21 11.04.2011 15:46
Virus?liveupdate.exe dateien verschwinden
 
Hallo Ihr Lieben,

ich habe ein arges Problem welches mir gerad bisschen Sorgen macht und hoffe ihr könnt mir helfen :wtf:

Schätzungsweise letzte Woche habe ich ganz normal im Netz gegoogled und auf einmal schlug AntiVir bei mir Alarm, es war schon eine Tortur die Fenster wieder zu schließen die sich mir auftaten...
Laut Virenprogrammen hat sich wohl irgendwas an Liveupdate.exe eingeschlichen und dieses Etwas hat mir im System32 was angerichtet (habe nicht wirklich viel Plan davon)

Ich poste mal die Funde von Antivir:
Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan

Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan].

In der Datei 'C:\Users\Krissy\AppData\Local\Mozilla\Firefox\Profiles\tx1u8grj.default\Cache\53FF5DCDd01'
wurde ein Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware] gefunden.
Ausgeführte Aktion: Zugriff erlauben (((Ich habe jdfls keinen Zugriff erlaubt, kann aber auch sein, dass jemand anderes an meinem Netbook war)))

Die Datei 'C:\Users\Krissy\AppData\Local\Mozilla\Firefox\Profiles\tx1u8grj.default\Cache\53FF5DCDd01'
enthielt einen Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware].

In der Datei 'C:\Users\Krissy\AppData\Local\Temp\InternetExplorerUpdate.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden.

In der Datei 'C:\Users\Krissy\Downloads\VLCSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware] gefunden.

Die Datei 'C:\Users\Krissy\Downloads\gamin16.rar'
enthielt einen Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan].

In der Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan] gefunden

Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '516defff.qua' verschoben!

Und tagelang kommt im 10-Minuten-Takt die Meldung:

In der Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Reportdatei :stirn:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 9. April 2011 15:59

Es wird nach 2537417 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KRISSY-NETBOOK

Versionsinformationen:
BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:22:56
AVSCAN.DLL : 10.0.3.0 56168 Bytes 10.01.2011 13:23:14
LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:03
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 10:26:21
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 19:28:46
VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 19:28:46
VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 19:28:46
VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 19:28:46
VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 19:28:47
VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 19:28:47
VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 19:28:47
VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 19:28:47
VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 19:28:47
VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 19:28:48
VBASE013.VDF : 7.11.5.235 2048 Bytes 07.04.2011 19:28:48
VBASE014.VDF : 7.11.5.236 2048 Bytes 07.04.2011 19:28:48
VBASE015.VDF : 7.11.5.237 2048 Bytes 07.04.2011 19:28:48
VBASE016.VDF : 7.11.5.238 2048 Bytes 07.04.2011 19:28:48
VBASE017.VDF : 7.11.5.239 2048 Bytes 07.04.2011 19:28:48
VBASE018.VDF : 7.11.5.240 2048 Bytes 07.04.2011 19:28:49
VBASE019.VDF : 7.11.5.241 2048 Bytes 07.04.2011 19:28:49
VBASE020.VDF : 7.11.5.242 2048 Bytes 07.04.2011 19:28:49
VBASE021.VDF : 7.11.5.243 2048 Bytes 07.04.2011 19:28:49
VBASE022.VDF : 7.11.5.244 2048 Bytes 07.04.2011 19:28:49
VBASE023.VDF : 7.11.5.245 2048 Bytes 07.04.2011 19:28:49
VBASE024.VDF : 7.11.5.246 2048 Bytes 07.04.2011 19:28:50
VBASE025.VDF : 7.11.5.247 2048 Bytes 07.04.2011 19:28:50
VBASE026.VDF : 7.11.5.248 2048 Bytes 07.04.2011 19:28:50
VBASE027.VDF : 7.11.5.249 2048 Bytes 07.04.2011 19:28:50
VBASE028.VDF : 7.11.5.250 2048 Bytes 07.04.2011 19:28:50
VBASE029.VDF : 7.11.5.251 2048 Bytes 07.04.2011 19:28:50
VBASE030.VDF : 7.11.5.252 2048 Bytes 07.04.2011 19:28:50
VBASE031.VDF : 7.11.6.19 95744 Bytes 08.04.2011 19:27:14
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 05.04.2011 06:37:44
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:22:49
AERDL.DLL : 8.1.9.9 639347 Bytes 26.03.2011 00:58:17
AEPACK.DLL : 8.2.6.0 549237 Bytes 07.04.2011 19:30:06
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 05.04.2011 06:37:42
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 07.04.2011 19:29:59
AEHELP.DLL : 8.1.16.1 246134 Bytes 12.02.2011 10:26:24
AEGEN.DLL : 8.1.5.4 397684 Bytes 05.04.2011 06:37:36
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.20.2 196982 Bytes 07.04.2011 19:28:53
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:22:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:22:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:22:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:22:51
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:22:54
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.01.2011 13:23:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4db769ca\guard_slideup.avp
Protokollierung.......................: hoch
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PFS,
Erweiterte Sucheinstellungen..........: 0x08000000
Erweiterte Sucheinstellungen..........: 0x00300002

Beginn des Suchlaufs: Samstag, 9. April 2011 15:59
Die Reparatur von Rootkits ist nur im interaktiven Modus möglich!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avscan.exe>
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\SearchProtocolHost.exe>
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Mozilla Firefox\firefox.exe>
Durchsuche Prozess 'taskmgr.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\taskmgr.exe>
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\taskhost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\iPod\bin\iPodService.exe>
Durchsuche Prozess 'uTorrent.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\uTorrent\uTorrent.exe>
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Windows Sidebar\sidebar.exe>
Durchsuche Prozess 'veohwebplayer.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe>
Durchsuche Prozess 'PCBoostTray.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe>
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avgnt.exe>
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Windows Media Player\wmpnetwk.exe>
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\DivX\DivX Update\DivXUpdate.exe>
Durchsuche Prozess 'DDMService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe>
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\Java\Java Update\jusched.exe>
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\iTunes\iTunesHelper.exe>
Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe>
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe>
Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\igfxsrvc.exe>
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\igfxpers.exe>
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\wbem\WmiPrvSE.exe>
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\hkcmd.exe>
Durchsuche Prozess 'AsAgent.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe>
Durchsuche Prozess 'LiveUpdate.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe>
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\AsScrPro.exe>
Durchsuche Prozess 'HotkeyService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\EeePC\HotkeyService\HotkeyService.exe>
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynTPHelper.exe>
Durchsuche Prozess 'HotKeyMon.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe>
Durchsuche Prozess 'SynAsusAcpi.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe>
Durchsuche Prozess 'SuperHybridEngine.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\EeePC\SHE\SuperHybridEngine.exe>
Durchsuche Prozess 'Eee Docking.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\Eee Docking\Eee Docking.exe>
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe>
Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\SearchIndexer.exe>
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe>
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe>
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\conhost.exe>
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avshadow.exe>
Durchsuche Prozess 'OberonGameConsoleService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe>
Durchsuche Prozess 'mwssvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE>
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
Durchsuche Prozess 'AsusService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\AsusService.exe>
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe>
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\explorer.exe>
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avguard.exe>
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\dwm.exe>
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\taskhost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\sched.exe>
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\spoolsv.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\lsm.exe>
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\lsass.exe>
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\services.exe>
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\winlogon.exe>
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\wininit.exe>
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\csrss.exe>
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\csrss.exe>
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\smss.exe>

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL'
C:\Program Files\MyWebSearch\bar\2.bin\
NPMYWEBS.DLL
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b9c78e.qua' verschoben!
Beginne mit der Suche in 'C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL'
C:\Program Files\MyWebSearch\bar\2.bin\
M3PLUGIN.DLL
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5133e804.qua' verschoben!


Ende des Suchlaufs: Samstag, 9. April 2011 16:00
Benötigte Zeit: 00:35 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
72 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
69 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
2 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.



Zudem sind meine Eigenen Ordner "leer". Rechtsklick Eigenschaften verrät mir allerdings, dass dort meine paar GB noch abgespeichert sind aber mir wird nix angezeigt. Auch Dokumente vom Desktop sind nicht mehr sichtbar oder gelöscht, die wichtig waren...Wiederherstellungszeitpunkt gibt es nur den 1.4.2011 obwohl regelmäßig erstellt worden ist...und am 1.4.2011 trat das Problem auf...die Dateien verschwanden aber erst nach und nach. Wiederherstellung trotzdem gemacht aber mein Netbook sagt mir "Leck mich dat hat nix gebracht...." :headbang:

Ich hoffe jemand kann mir anhand der Informationen helfen....

Glg

Krissy

markusg 11.04.2011 15:51
na sicher können wir :-)
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.

Princess21 11.04.2011 16:56
Erstmal danke für das rasche Feedback :)
Das hat mein Netbook für Euch per OTL ausgespuckt....bin gespannt :/
OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 4/11/2011 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Krissy\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 47.79 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: KRISSY-NETBOOK | User Name: Krissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Krissy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe (PGWARE LLC)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Krissy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyWebSearch Home Page
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: low_quality_flash@pie2k.com:0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {23D9E118-C92C-4180-80B9-61852C71662B}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/22 21:28:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/22 21:28:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 05:52:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 05:52:40 | 000,000,000 | ---D | M]
 
[2010/05/03 20:58:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\mozilla\Extensions
[2011/04/09 11:36:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] (ImTranslator) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] (Modify Headers) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011/02/20 19:54:26 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\firefox@tvunetworks.com
[2011/04/11 16:09:39 | 000,000,000 | -H-D | M] (Low Quality Flash) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\low_quality_flash@pie2k.com
[2011/04/11 16:09:39 | 000,000,000 | -H-D | M] (Ask Toolbar Toolbar) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com
[2011/04/11 16:09:38 | 000,000,000 | -H-D | M] (YouTube to MP3) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\youtube2mp3@mondayx.de
[2011/01/24 22:38:26 | 000,010,015 | -H-- | M] () -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\searchplugins\mywebsearch.xml
[2011/01/14 13:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/10/07 14:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/09 03:11:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 21:28:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/22 21:28:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/04/11 16:09:42 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\KRISSY\APPDATA\LOCAL\{23D9E118-C92C-4180-80B9-61852C71662B}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/07 01:07:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/07 01:07:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/07 01:07:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/07 01:07:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/07 01:07:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
O4 - HKLM..\Run: [EEESplendidAR] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCBoost] C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe (PGWARE LLC)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/05 21:25:43 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2011/04/05 21:17:43 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes
[2011/04/05 21:17:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 21:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/05 21:17:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/05 21:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/05 20:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011/04/05 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.4
[2011/04/05 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/04/05 19:36:13 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Desktop\taskmanager
[2011/04/05 16:22:52 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
[2011/04/05 16:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}
[2011/03/22 02:46:08 | 003,002,471 | -H-- | C] (MyWebSearch.com) -- C:\Users\Krissy\AppData\Local\mwsautSp.exe
[2011/03/12 19:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/12 19:57:43 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2011/03/12 19:55:43 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus
[2011/03/12 19:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2011/03/12 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Azureus
[2009/11/04 15:06:04 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/11 16:19:18 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 16:19:18 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 16:16:02 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 16:11:20 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 16:10:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 21:17:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:25:31 | 000,000,120 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\Fnehoveraxifokel.dat
[2011/04/05 16:23:00 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~35446536r
[2011/04/05 16:23:00 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~35446536
[2011/04/05 16:22:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\35446536
[2011/04/05 16:15:22 | 000,000,000 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\Ujowocesofih.bin
[2011/03/24 09:00:22 | 000,545,677 | -H-- | M] () -- C:\Users\Krissy\Desktop\7068_wortwitz.jpg
[2011/03/22 02:46:09 | 003,002,471 | -H-- | M] (MyWebSearch.com) -- C:\Users\Krissy\AppData\Local\mwsautSp.exe
[2011/03/19 01:11:04 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/03/17 08:27:34 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/03/12 19:58:45 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/05 21:17:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 16:23:00 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~35446536r
[2011/04/05 16:22:59 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~35446536
[2011/04/05 16:22:44 | 000,000,328 | -H-- | C] () -- C:\ProgramData\35446536
[2011/04/05 16:15:22 | 000,000,120 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Fnehoveraxifokel.dat
[2011/04/05 16:15:22 | 000,000,000 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Ujowocesofih.bin
[2011/03/24 08:59:58 | 000,545,677 | -H-- | C] () -- C:\Users\Krissy\Desktop\7068_wortwitz.jpg
[2011/03/19 01:11:04 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/03/12 19:58:45 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/02/03 23:06:00 | 000,003,584 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 01:47:44 | 000,007,598 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Resmon.ResmonCfg
[2010/05/21 09:31:28 | 000,017,408 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\WebpageIcons.db
[2010/05/04 02:21:56 | 000,000,000 | -H-- | C] () -- C:\Users\Krissy\AppData\Roaming\wklnhst.dat
[2010/05/03 21:11:47 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/01/07 00:49:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/01/07 00:14:26 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/01/07 00:14:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2010/01/06 23:47:03 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/01/06 23:47:03 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/01/06 23:44:46 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/01/06 23:41:30 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 06:33:53 | 000,333,280 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/01/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam
[2010/01/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam
[2010/05/03 23:29:47 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Asus
[2011/04/11 16:09:42 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\E-Cam
[2010/05/04 21:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\GoBoingo
[2011/04/05 20:17:25 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ICQ
[2011/01/14 01:08:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Local
[2011/02/22 21:57:17 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\MahJong Suite
[2010/05/04 23:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Opera
[2011/02/12 13:28:22 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Thinstall
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\TVgenial
[2011/04/11 17:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WebcamMax
[2011/02/12 14:26:31 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ZiggyTV
[2009/07/14 06:53:46 | 000,030,312 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/04/05 16:13:23 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Adobe
[2010/07/10 02:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Apple Computer
[2010/05/03 23:29:47 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Asus
[2011/02/14 14:03:18 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Avira
[2010/05/05 14:30:30 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\DivX
[2011/04/11 16:09:42 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\E-Cam
[2010/05/04 21:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\GoBoingo
[2011/04/05 20:17:25 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ICQ
[2009/07/14 06:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Identities
[2010/01/06 23:39:58 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\InstallShield
[2011/01/14 01:08:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Local
[2010/01/06 23:55:11 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Macromedia
[2011/02/22 21:57:17 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\MahJong Suite
[2011/04/05 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes
[2011/04/11 16:09:40 | 000,000,000 | --SD | M] -- C:\Users\Krissy\AppData\Roaming\Microsoft
[2010/05/03 20:58:18 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla
[2010/05/04 23:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Opera
[2011/02/12 13:28:22 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Thinstall
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\TVgenial
[2011/04/11 17:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WebcamMax
[2010/05/12 04:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WinRAR
[2011/02/12 14:26:31 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ZiggyTV
 
< %APPDATA%\*.exe /s >
[2011/02/01 19:04:18 | 000,052,616 | ---- | M] () -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011/03/20 19:44:51 | 003,325,832 | -H-- | M] (Ask) -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
--- --- ---

--- --- ---
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 4/11/2011 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\Krissy\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 47.79 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: KRISSY-NETBOOK | User Name: Krissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{342281AF-B7FE-4999-BE64-29F7D6249970}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2E9BD56A-2290-46DA-869F-2EDCF0A24E8B}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDC2421D-EB66-4F32-A588-F72E62EC4E94}" = EeeSplendid
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"DivX Setup.divx.com" = DivX-Setup
"Eee Docking_is1" = Eee Docking 3.6.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"MahJong Suite_is1" = MahJong Suite 2011 v8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"PCBoost_is1" = PCBoost
"PokerStars.net" = PokerStars.net
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVgenial" = TVgenial 4.10
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WebcamMax" = WebcamMax
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/18/2011 8:42:12 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf928fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x120  Startzeit der fehlerhaften Anwendung: 0x01cbb6b60f2458a5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: f38761a5-2364-11e0-91d3-485b39189b38
 
Error - 1/20/2011 1:24:57 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 1/22/2011 5:07:00 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf928fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0xec8  Startzeit der fehlerhaften Anwendung: 0x01cbba717b7ae5c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 8d07b294-266b-11e0-91d3-485b39189b38
 
Error - 1/23/2011 12:44:33 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 1/30/2011 8:31:28 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a2752ff  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00008aa0  ID des fehlerhaften
 Prozesses: 0x15dc  Startzeit der fehlerhaften Anwendung: 0x01cbc0ddb5976464  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
 710b5c3f-2cd1-11e0-91d3-485b39189b38
 
Error - 1/30/2011 10:21:41 PM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 2/2/2011 9:45:39 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 2/5/2011 7:40:22 PM | Computer Name = Krissy-Netbook | Source = MsiInstaller | ID = 11935
Description =
 
Error - 2/7/2011 2:58:11 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf928fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01cbc5910b0bb4eb  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 35160945-32ec-11e0-9239-485b39189b38
 
Error - 2/9/2011 11:48:07 PM | Computer Name = Krissy-Netbook | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 DETECT.  System Error: Der angegebene Dienst ist kein installierter Dienst.  .
 
[ System Events ]
Error - 3/20/2011 5:11:26 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 3/20/2011 5:11:45 PM | Computer Name = Krissy-Netbook | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 3/20/2011 9:14:51 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 01:59:41 unerwartet heruntergefahren.
 
Error - 3/21/2011 1:21:30 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 18:20:10 unerwartet heruntergefahren.
 
Error - 3/21/2011 2:47:31 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 19:45:34 unerwartet heruntergefahren.
 
Error - 3/21/2011 8:40:14 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2011 um 01:39:06 unerwartet heruntergefahren.
 
Error - 3/21/2011 8:41:37 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 3/21/2011 8:41:37 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:  %%1053
 
Error - 3/21/2011 8:41:39 PM | Computer Name = Krissy-Netbook | Source = DCOM | ID = 10005
Description =
 
Error - 3/23/2011 4:44:18 AM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
 
< End of report >
--- --- ---

glg Krissy

markusg 11.04.2011 17:36
lade dir unhide.exe
http://filepony.de/download-unhide/
rechtsklick, als admin starten.
lass das programm durchlaufen und prüfe ob dateien sichtbar werden.

Princess21 11.04.2011 18:02
Ich danke dir, das hat schon einiges geholfen - jedenfalls sind die Dateien wieder sichtbar :taenzer:

Jedoch hat sich das ja alles so nach und nach entwickelt, mir ist ein wenig Bange, dass in den nächsten Tagen der ganze Mist von vorne losgeht weil irgendwat muss sich mein PC doch eingefangen haben, dass der so rumspukt :daumenrunter: :wtf:

Hab ich keine Möglichkeit herauszufinden was es ist und wie ich's wegbekomme?
Die Wirkung hab ich ja nicht anhaltend bekämpft aber die Ursache schlummert hier ja noch rum :confused:

markusg 11.04.2011 18:09
immer mit der ruhe.
poste mir bitte alle malwarebytes logs die du hast.
zu finden unter malwarebytes, logdateien.

Princess21 11.04.2011 18:18
Wollte dich auch nicht stressen :abklatsch:

Der Refog Keylogger war gewollt, nicht dass du dich deswegen wunderst :crazy:

Hier die Logdatei

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6280

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.04.2011 21:52:59
mbam-log-2011-04-05 (21-52-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156470
Laufzeit: 15 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 7
Infizierte Registrierungsschlüssel: 135
Infizierte Registrierungswerte: 12
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 29
Infizierte Dateien: 565

Infizierte Speicherprozesse:
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 1388 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Onehepiguyor (Trojan.Agent.U) -> Value: Onehepiguyor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kfujigoreyesub (Trojan.Agent.U) -> Value: Kfujigoreyesub -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\MPK (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programdata\35446536.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\xowermcnas.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\tmp1104.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup104210064.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1122799688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1616803616.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1658197920.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1994244452.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2024106000.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2485476116.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\ptu505_tmp.exe (PUP.Casino) -> Not selected for removal.
c:\Users\Krissy\AppData\Local\Temp\CC96.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\D6D2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\D701.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\ocamsxewnr.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\err.log113828594 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup4007255760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2654415980.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2909314912.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3030965844.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3292206952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup348659576.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup349743944.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3504067900.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3540841432.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\setupcasino_957b0d_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\smileycentralpfsetup2.3.76.6.sa.hp.znfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\europasetup_9e702b_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\europasetup_2a6cf0_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
c:\Users\Krissy\downloads\europasetup_25bd16_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Roaming\Adobe\plugs\kb113833492.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Roaming\Adobe\plugs\kb113833633.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\MPK\M0000 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\refog personal monitor.lnk (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\S0000 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1467941667 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1502251736 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1536971875 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1571781366 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1606416898 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1641247801 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1675862153 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1710584954 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1745307870 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1780030671 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1814753935 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1849476273 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1918922106 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1953645023 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1988367940 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2057813542 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2092536458 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2127259375 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2161982060 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2196704977 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2231427199 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2266150810 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2300873495 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2335596644 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2370319444 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2405041667 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2439764931 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2509210301 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2543933681 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2648102199 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2682825116 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2752270833 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2786993866 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2925885069 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2960608102 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3099499306 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3134222569 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3168945255 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3203668403 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3238391088 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3273172454 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3307835995 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3342559606 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3377282755 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3412011806 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3446728009 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3481450347 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3550896296 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7578748843 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7613649769 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7648194444 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7682917361 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7717756944 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7752362616 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7787566088 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7821809028 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7856531134 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7891254745 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7925976968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7960701389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7995422801 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8030145255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8064868056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_2023090972 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_2717548032 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_3516175926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8099594097 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8967662384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0564988773 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1155206944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1953832870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2544120949 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3759421181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6915276736 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9580777546 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0275234954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1108583796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2522098264 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3635671643 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6318910417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8136060069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8169037153 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8203760185 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8342651852 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8377373843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8586256829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8620433796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8655157870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8689880787 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8724602778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8759325810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8794048843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8828771875 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8863494676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8898236343 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8932940162 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9002740162 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9037108681 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9071835532 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9106554861 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9141277315 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9176000231 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9210723032 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9246012268 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9280169213 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9315053704 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9349615509 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9384337268 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9419172107 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9453783449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9488506829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9523229167 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9557951389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9592674884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9627397685 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9662120255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9696843056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9731565972 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9766288657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9801011690 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9835741667 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9870457523 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9905180440 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9939903125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9974625463 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0009348843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0044071875 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0148586227 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0182963310 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0217686227 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0252409028 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0287131597 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0321854051 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0356577431 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0391300694 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0426023148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0460745602 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0495468750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0530434954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0599640741 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0634386111 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0669087384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0703810069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0738532176 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0773255671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0807978819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0842701620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0877424190 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0912178241 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0946869560 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0981592245 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1016314931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1051038657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1085760764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1120483449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1189929977 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1224651968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1259375810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1467712616 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1502435532 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1537157986 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1571881019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1606604977 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1641328935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1676049769 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1745496065 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1780218750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1814942361 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1849664236 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1884386574 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1919110417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1988555324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2023278819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2058002083 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2092725579 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2127446991 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2162170139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2196892708 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2231615625 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2266338426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2301060764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2335783912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2370506829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2405230324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2439952778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2474675810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2509398727 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2578843750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2613567593 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2648290509 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2683012269 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2717735301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2752458796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3169132523 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3203855671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3238578704 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3273301968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3308023727 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3585806944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3620564931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3655253009 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3689976042 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3724699074 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3794144329 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3828867245 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3863591435 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3898313426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3933035301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3967758565 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_4002481019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_4037205671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6533331944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6568049306 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6602771065 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6637494213 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6776385648 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6811107870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6845831250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6880553125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6950043056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6984722454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7019445139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7054168287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7088891204 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7123614699 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7158336690 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7193058912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7401396759 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9336988426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9372440393 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9407163657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9441885880 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9476609144 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9511333449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9546056250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9615500926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9650223148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9684946181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9719668750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9754392824 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9789114699 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9823837037 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9858560301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9893283681 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9928006250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9962728588 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9997571412 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0032175231 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0309957407 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0344680903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0379403472 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0414127431 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0448849074 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0483573148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0518294792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0553017940 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0587740741 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0622463889 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0657186458 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0830801389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0865522917 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0900246644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1039137963 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1073860417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1143306366 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2001255903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2035978819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2070701042 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2105424769 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2140147338 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2175165046 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2209672685 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2244632176 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2279038194 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2313762037 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2348485185 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2383206944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2417930324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2452653125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2487375926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2556821644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3114824653 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3149547338 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3184314815 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3219029745 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3253716551 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3288459606 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3323162384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3357924884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3392607407 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3427330903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3462053935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3496776157 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3531499653 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3566222454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3600944676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3670394792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3705117130 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3739839931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3774564815 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3809285880 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3844009722 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3878731018 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6006357060 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6041080440 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6075802778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6110553588 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6145248611 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6180025232 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6214694907 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6249418056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6284203009 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6353751389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6388417361 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6423321181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6457755208 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6492477083 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6527288079 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6562138079 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6596646644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1892591782 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1927333102 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1961973727 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1996530324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2031257639 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2066348495 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2100654514 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2135376620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2170308796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2204822917 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2239546181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2552051273 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_5427796296 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_5462533912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor\jetzt bestellen!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor\refog personal monitor im internet.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor\refog personal monitor.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\trial_pro.ini (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_aeu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_aus.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\brazilian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\English.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\French.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\German.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Italian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Polish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\portuguese.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

markusg 11.04.2011 18:20
ich fühlte mich nicht gestresst, ich meinte, immer mit der ruhe, wir bekommen das hin.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Princess21 11.04.2011 19:10
So,das hat ein wenig mehr Zeit in Anspruch genommen...und weiter gehts mit dem Log:
Combofix Logfile:
Code:
ComboFix 11-04-10.04 - Krissy 11.04.2011  19:36:44.1.2 - x86
Microsoft Windows 7 Starter  6.1.7600.0.1252.49.1031.18.1014.429 [GMT 2:00]
ausgeführt von:: c:\users\Krissy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40573_1467941667
c:\programdata\MPK\1\I40573_1502251736
c:\programdata\MPK\1\I40573_1536971875
c:\programdata\MPK\1\I40573_1571781366
c:\programdata\MPK\1\I40573_1606416898
c:\programdata\MPK\1\I40573_1641247801
c:\programdata\MPK\1\I40573_1675862153
c:\programdata\MPK\1\I40573_1710584954
c:\programdata\MPK\1\I40573_1745307870
c:\programdata\MPK\1\I40573_1780030671
c:\programdata\MPK\1\I40573_1814753935
c:\programdata\MPK\1\I40573_1849476273
c:\programdata\MPK\1\I40573_1918922106
c:\programdata\MPK\1\I40573_1953645023
c:\programdata\MPK\1\I40573_1988367940
c:\programdata\MPK\1\I40573_2057813542
c:\programdata\MPK\1\I40573_2092536458
c:\programdata\MPK\1\I40573_2127259375
c:\programdata\MPK\1\I40573_2161982060
c:\programdata\MPK\1\I40573_2196704977
c:\programdata\MPK\1\I40573_2231427199
c:\programdata\MPK\1\I40573_2266150810
c:\programdata\MPK\1\I40573_2300873495
c:\programdata\MPK\1\I40573_2335596644
c:\programdata\MPK\1\I40573_2370319444
c:\programdata\MPK\1\I40573_2405041667
c:\programdata\MPK\1\I40573_2439764931
c:\programdata\MPK\1\I40573_2509210301
c:\programdata\MPK\1\I40573_2543933681
c:\programdata\MPK\1\I40573_2648102199
c:\programdata\MPK\1\I40573_2682825116
c:\programdata\MPK\1\I40573_2752270833
c:\programdata\MPK\1\I40573_2786993866
c:\programdata\MPK\1\I40573_2925885069
c:\programdata\MPK\1\I40573_2960608102
c:\programdata\MPK\1\I40573_3099499306
c:\programdata\MPK\1\I40573_3134222569
c:\programdata\MPK\1\I40573_3168945255
c:\programdata\MPK\1\I40573_3203668403
c:\programdata\MPK\1\I40573_3238391088
c:\programdata\MPK\1\I40573_3273172454
c:\programdata\MPK\1\I40573_3307835995
c:\programdata\MPK\1\I40573_3342559606
c:\programdata\MPK\1\I40573_3377282755
c:\programdata\MPK\1\I40573_3412011806
c:\programdata\MPK\1\I40573_3446728009
c:\programdata\MPK\1\I40573_3481450347
c:\programdata\MPK\1\I40573_3550896296
c:\programdata\MPK\1\I40573_7578748843
c:\programdata\MPK\1\I40573_7613649769
c:\programdata\MPK\1\I40573_7648194444
c:\programdata\MPK\1\I40573_7682917361
c:\programdata\MPK\1\I40573_7717756944
c:\programdata\MPK\1\I40573_7752362616
c:\programdata\MPK\M0000
c:\programdata\MPK\REFOG Personal Monitor.lnk
c:\programdata\MPK\S0000
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome.manifest
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome\content\_cfg.js
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome\content\overlay.xul
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\install.rdf
c:\users\Krissy\AppData\Local\mwsautSp.exe
c:\users\Krissy\AppData\Roaming\Adobe\plugs
c:\users\Krissy\AppData\Roaming\Adobe\shed
c:\users\Krissy\AppData\Roaming\Local
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\5241c27e91ad0108f000b6cf403990d2.avi.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\92bdfd5f6c6a95f5086b17bdc4cd5929.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Das_M_rder-Hotel.avi.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5241c27e91ad0108f000b6cf403990d2.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\92bdfd5f6c6a95f5086b17bdc4cd5929.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Das_M_rder-Hotel.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Geliebt.und.gef--rchtet.-.Spinnen.-.von.Otto.Hahn,.S-dwest.04.05.04.xvid.800kbps,.mp3.192.kbps.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvp_hennes.bender.live.egal.gibts.nicht.teil1.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\tvp_hennes.bender.live.egal.gibts.nicht.teil1.avi.ddr
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Windows Restore.lnk
c:\windows\system32\service
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\06072010_TIS17_PccScan.log
c:\windows\system32\service\11102010_TIS17_SfFniAU.log
c:\windows\system32\service\27092010_TIS17_SfFniAU.log
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 17:56 . 2011-04-11 18:01        --------        d-----w-        c:\users\Krissy\AppData\Local\temp
2011-04-11 17:56 . 2011-04-11 17:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-08 20:19 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{75D267E7-1DBC-4CEB-A894-2F47BA535E69}\mpengine.dll
2011-04-05 19:32 . 2011-04-05 19:32        5106        ----a-w-        c:\windows\system32\PerfStringBackup.TMP
2011-04-05 19:17 . 2011-04-05 19:17        --------        d-----w-        c:\users\Krissy\AppData\Roaming\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:17 . 2011-04-05 19:17        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-05 19:17 . 2011-04-11 14:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-05 18:02 . 2011-04-11 14:10        --------        d-----w-        c:\program files\ICQ7.4
2011-04-05 17:38 . 2011-04-11 14:09        --------        d-----w-        c:\programdata\SecTaskMan
2011-04-05 14:15 . 2011-04-05 14:15        0        ----a-w-        c:\users\Krissy\AppData\Local\Ujowocesofih.bin
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:27 . 2011-02-12 10:23        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 14:39        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:39        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:39        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 08:37        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-05-03 18:57        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17        1487240        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2011-01-06 6046960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-03 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"PCBoost"="c:\program files\PGWARE\PCBoost\PCBoostTray.exe" [2010-12-19 1722616]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com
FF - Ext: Ask Toolbar Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynAsusAcpi.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11  20:06:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-11 18:06
.
Vor Suchlauf: 8 Verzeichnis(se), 51.167.219.712 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 53.657.784.320 Bytes frei
.
- - End Of File - - 6B36932EE9CD410C11F645F5AA838C01
--- --- ---

markusg 11.04.2011 19:19
start programme zubehör editor, kopiere rein:

killal::
rootkit::
c:\users\Krissy\AppData\Local\Ujowocesofih.bin


datei speichern unter, ort dort wo sich combofix.exe befindet, typ alle dateien, name:
cfscript.txt

ziehe cfscript auf combofix, programm startet log posten.

Princess21 11.04.2011 19:55
Gesagt, getan...
Combofix Logfile:
Code:
ComboFix 11-04-10.04 - Krissy 11.04.2011  20:27:49.2.2 - x86
Microsoft Windows 7 Starter  6.1.7600.0.1252.49.1031.18.1014.301 [GMT 2:00]
ausgeführt von:: c:\users\Krissy\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Krissy\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\ERDNT\cache\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 18:44 . 2011-04-11 18:47        --------        d-----w-        c:\users\Krissy\AppData\Local\temp
2011-04-11 18:44 . 2011-04-11 18:44        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-04-08 20:19 . 2011-03-15 04:05        6792528        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{75D267E7-1DBC-4CEB-A894-2F47BA535E69}\mpengine.dll
2011-04-05 19:32 . 2011-04-05 19:32        5106        ----a-w-        c:\windows\system32\PerfStringBackup.TMP
2011-04-05 19:17 . 2011-04-05 19:17        --------        d-----w-        c:\users\Krissy\AppData\Roaming\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:17 . 2011-04-05 19:17        --------        d-----w-        c:\programdata\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-04-05 19:17 . 2011-04-11 14:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-04-05 18:02 . 2011-04-11 14:10        --------        d-----w-        c:\program files\ICQ7.4
2011-04-05 17:38 . 2011-04-11 14:09        --------        d-----w-        c:\programdata\SecTaskMan
2011-04-05 14:15 . 2011-04-05 14:15        0        ----a-w-        c:\users\Krissy\AppData\Local\Ujowocesofih.bin
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:27 . 2011-02-12 10:23        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 14:39        802304        ----a-w-        c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:39        1074176        ----a-w-        c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:39        739840        ----a-w-        c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 08:37        219008        ----a-w-        c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-05-03 18:57        222080        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17        1487240        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2011-01-06 6046960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-03 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"PCBoost"="c:\program files\PGWARE\PCBoost\PCBoostTray.exe" [2010-12-19 1722616]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com
FF - Ext: Ask Toolbar Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11  20:53:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-11 18:53
ComboFix2.txt  2011-04-11 18:06
.
Vor Suchlauf: 12 Verzeichnis(se), 53.704.916.992 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 53.420.204.032 Bytes frei
.
- - End Of File - - A535F66CDF687E176C85AF49900DC559
--- --- ---

markusg 12.04.2011 10:04
klicke mal auf computer, auf c:
dort öffne den ordner qoobox.
dort rechtsklick auf quarantain, und mit winrar oder zip packen. dann hochladen:
dateiupload:
http://www.trojaner-board.de/54791-a...ner-board.html

Princess21 12.04.2011 14:24
Hab ich gemacht, ist hoffentlich richtig hochgeladen worden!

markusg 12.04.2011 14:39
nö, ist vllt zu groß
lad mal bei
File-Upload.net - Ihr kostenloser File Hoster!
hoch und sende mir den link als private nachicht.

Princess21 12.04.2011 14:46
Die rar-datei hat eine größe von 503 mb...das max beträgt bei file upload auch 100mb...

lade jetzt die datei auf file savr hoch, da gehts bis 2gb...und dann schick ich dir den link,ok?

markusg 12.04.2011 14:49
o, na das erklärt einiges :d
öffne mal qoobox,
Quarantine
c:\windows\system32\
dort ist eine
userinit.exe .vir
diese mal im upload channel hochladen.

Princess21 12.04.2011 14:54
Das erklärt einiges? Das macht mir schon fast Angst :confused:
Hab's erfolgreich hochgeladen...

markusg 12.04.2011 14:59
na das erklärt auf jeden fall warums sich nicht hochladen lies, wenns 500 mb groß ist, das meinte ich.
ok danke.

markusg 12.04.2011 15:01
ok diese datei ist in ordnung.
lade den ccleaner slim:
Piriform - Builds
falls der ccleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Princess21 12.04.2011 15:19
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 12.12.2010 6,00MB 10.1.102.64 notwendig
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 25.03.2011 6,00MB 10.2.153.1 notwendig
Adobe Reader X (10.0.1) - Deutsch Adobe Systems Incorporated 19.02.2011 115,6MB 10.0.1 notwendig
Apple Application Support Apple Inc. 07.07.2010 42,8MB 1.3.0 unnötig
Apple Mobile Device Support Apple Inc. 07.07.2010 19,9MB 3.1.0.62 unnötig
Apple Software Update Apple Inc. 07.07.2010 2,26MB 2.1.2.120 unnötig
ASUS VIBE Ecareme, Inc. 28.06.2010 1.0.187 notwendig
ASUSUpdate for Eee PC ASUSTeK Computer Inc. 03.05.2010 1.03.06 notwendig
Atheros Client Installation Program Atheros 05.01.2010 7.0 notwendig
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 05.01.2010 1.0.0.10 notwendig
Avira AntiVir Personal - Free Antivirus Avira GmbH 16.03.2011 67,7MB 10.0.0.635 notwendi
Azureus 11.03.2011 2.5.0.4 unnötig
Boingo Wi-Fi Boingo Wireless, Inc. 02.05.2010 25,4MB 1.7.0048 notwendig
CCleaner Piriform 11.04.2011 3.05 notwendig
Chicken Invaders 2 Oberon Media 03.05.2010 unbekannt
Compatibility Pack für 2007 Office System Microsoft Corporation 10.11.2010 127,4MB 12.0.6425.1000 notwendi
DivX-Setup DivX, LLC 21.01.2011 2.3.0.20 notwendig
E-Cam 03.05.2010 2.0.2.3 notwendig
ebi.BookReader3J eBOOK Initiative Japan Co., Ltd. 10.05.2010 18,7MB 3.75.14 unnötig
Eee Docking 3.6.0 ASUSTek Computer Inc. 05.01.2010 3.6.0 notwendig
EeeSplendid ASUS 05.01.2010 5.1.2.0008 notwendig
FontResizer ASUSTek 05.01.2010 2,12MB 1.01.0011 notwendig
Game Park Console Oberon Media, Inc. 05.01.2010 5.2.1.4 unbekannt
Google Chrome Google Inc. 13.01.2011 10.0.648.204 unnötig
Google Earth Google 22.02.2011 84,4MB 6.0.1.2032 unnötig
Hotkey Service AsusTek Computer 05.01.2010 1.15 notwendig
ICQ7.4 ICQ 04.04.2011 7.4 notwendig
Intel(R) Graphics Media Accelerator Driver Intel Corporation 03.05.2010 54,3MB 8.14.10.1929 notwendig
Intel® Matrix Storage Manager Intel Corporation 03.05.2010 notwendig
iTunes Apple Inc. 07.07.2010 160,8MB 9.2.0.61 unnötig
Java(TM) 6 Update 22 Oracle 06.10.2010 94,9MB 6.0.220 notwendig
LiveUpdate Asus 05.01.2010 15,1MB 1.19 unbekannt
LocaleMe ASUS 05.01.2010 14,7MB 1.3 notwendig
MahJong Suite 2011 v8.1 TreeCardGames 20.02.2011 unnötig
Malwarebytes' Anti-Malware Malwarebytes Corporation 04.04.2011 10,5MB notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.06.2010 38,8MB 4.0.30319 notwendig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.06.2010 2,94MB 4.0.30319 notwendig
Microsoft Office Home and Student 2007 Microsoft Corporation 03.05.2010 12.0.6425.1000 notwendig
Microsoft Office Language Pack 2007 - Dutch/Nederlands Microsoft Corporation 03.05.2010 12.0.6425.1000 unnötig
Microsoft Office Language Pack 2007 - French/Français Microsoft Corporation 03.05.2010 12.0.6425.1000 unnötig
Microsoft Office Language Pack 2007 - German/Deutsch Microsoft Corporation 03.05.2010 12.0.6425.1000 notwendig
Microsoft Office Language Pack 2007 - Italian/Italiano Microsoft Corporation 03.05.2010 12.0.6425.1000 unnötig
Microsoft Office Live Add-in 1.5 Microsoft Corporation 02.06.2010 0,50MB 2.0.4024.1 unbekannt
Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 10.11.2010 96,9MB 12.0.6425.1000 notwendig
Microsoft Office Suite Activation Assistant Microsoft Corporation 05.01.2010 8,37MB 2.9 unbekannt
Microsoft Silverlight Microsoft Corporation 17.02.2011 108,5MB 4.0.60129.0 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 02.05.2010 1,72MB 3.1.0000 unbekannt
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 02.05.2010 0,61MB 1.0.1215.0 unbekannt
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 05.02.2011 1,45MB 1.0.1215.0 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.02.2011 0,58MB 9.0.30729.4148 unbekannt
Microsoft Works Microsoft Corporation 18.12.2010 500MB 9.7.0621 notwendig
Mozilla Firefox (3.6.16) Mozilla 24.03.2011 3.6.16 (de) notwendig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 05.01.2010 1,34MB 4.20.9876.0 unbekannt
MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 05.01.2010 1,53MB 4.30.2107.0 unbekannt
Opera 11.01 Opera Software ASA 18.03.2011 28,1MB 11.01 unnötig
PantsOff 2.0 Christoph Bünger Software 03.02.2011 2.0 unnötig
PC SECURITY TEST 2009 AxBx 08.02.2011 unnötig
PCBoost PGWARE LLC 11.02.2011 12,1MB 4.12.20.2010 unnötig
PokerStars.net PokerStars.net 20.05.2010 notwendig
QuickTime Apple Inc. 07.07.2010 73,8MB 7.66.73.0 notwendig
Ralink RT2860 Wireless LAN Card Ralink 05.01.2010 1.2.0.1 notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 03.05.2010 6.0.1.5948 notwendig
Super Hybrid Engine AsusTek Computer 05.01.2010 2.10 notwendig
Synaptics Pointing Device Driver Synaptics Incorporated 05.01.2010 13.2.6.1 notwendig
Trillian 09.12.2010 unnötig
TVgenial 4.10 25.12.2010 unnötig
TVUPlayer 2.5.3.1 TVU networks 19.02.2011 2.5.3.1 unnötig
Veoh Web Player Veoh Networks, Inc. 11.12.2010 1.1.2.0000 notwendig
WebcamMax 11.02.2011 7.2.2.2.MultiLanguage unnötig
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403) Broadcom 03.05.2010 07/17/2009 6.2.0.9403 unbekannt
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0) Broadcom 03.05.2010 07/29/2009 6.1.7100.0 unbekannt
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Broadcom 03.05.2010 07/28/2009 6.2.0.9800 unbekannt
Windows Live Essentials Microsoft Corporation 05.02.2011 14.0.8117.0416 notwendig
Windows Live ID-Anmelde-Assistent Microsoft Corporation 02.06.2010 5,52MB 6.500.3165.0 notwendig
Windows Live Sync Microsoft Corporation 05.02.2011 2,79MB 14.0.8117.416 unbekannt
Windows Live-Uploadtool Microsoft Corporation 02.05.2010 0,22MB 14.0.8014.1029 notwendig
WinRAR 11.05.2010 notwendig
Zattoo4 4.0.5 Zattoo Inc. 20.05.2010 4.0.5 notwendig
Zuma Deluxe Oberon Media 02.05.2010 unnötig
µTorrent 11.03.2011 2.2.1 notwendig

markusg 12.04.2011 16:21
deinstaliere:
alles von apple.
Azureus
Chicken Invaders
ebi.BookReader3J
Google Chrome
Google Earth
iTunes
Java(TM) 6 Update 22
hohle die neueste version von hier:
Java SE Downloads
klicke dazu auf "download jre"
deinstaliere:
MahJong
Microsoft Office Language Pack alle außer
Microsoft Office Language Pack 2007 - German/Deutsch
Microsoft Silverlight
Microsoft SQL
Mozilla Firefox öffnen, auf hilfe, update klicken, version 4 ist draußen
Opera 11.01 würde ich persönlich eher benutzen, ist schneller und sicherer als ff
falls er dir nicht gefällt, deinstalieren.
PantsOff
PC SECURITY TEST
PCBoost
Trillian
TVgenial
TVUPlayer 2.5.3.1
WebcamMax
Windows Live Sync
Zuma
bereinige mit dem ccleaner dateien + registry.
wie läuft der pc jetzt?


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131