Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus?liveupdate.exe dateien verschwinden

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 11.04.2011, 15:46   #1
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



Hallo Ihr Lieben,

ich habe ein arges Problem welches mir gerad bisschen Sorgen macht und hoffe ihr könnt mir helfen

Schätzungsweise letzte Woche habe ich ganz normal im Netz gegoogled und auf einmal schlug AntiVir bei mir Alarm, es war schon eine Tortur die Fenster wieder zu schließen die sich mir auftaten...
Laut Virenprogrammen hat sich wohl irgendwas an Liveupdate.exe eingeschlichen und dieses Etwas hat mir im System32 was angerichtet (habe nicht wirklich viel Plan davon)

Ich poste mal die Funde von Antivir:
Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan

Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL'
enthielt einen Virus oder unerwünschtes Programm 'TR/Trash.Gen' [trojan].

In der Datei 'C:\Users\Krissy\AppData\Local\Mozilla\Firefox\Profiles\tx1u8grj.default\Cache\53FF5DCDd01'
wurde ein Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware] gefunden.
Ausgeführte Aktion: Zugriff erlauben (((Ich habe jdfls keinen Zugriff erlaubt, kann aber auch sein, dass jemand anderes an meinem Netbook war)))

Die Datei 'C:\Users\Krissy\AppData\Local\Mozilla\Firefox\Profiles\tx1u8grj.default\Cache\53FF5DCDd01'
enthielt einen Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware].

In der Datei 'C:\Users\Krissy\AppData\Local\Temp\InternetExplorerUpdate.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan] gefunden.

In der Datei 'C:\Users\Krissy\Downloads\VLCSetup.exe'
wurde ein Virus oder unerwünschtes Programm 'ADSPY/AdSpy.Gen2' [adware] gefunden.

Die Datei 'C:\Users\Krissy\Downloads\gamin16.rar'
enthielt einen Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan].

In der Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan] gefunden

Die Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL'
enthielt einen Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '516defff.qua' verschoben!

Und tagelang kommt im 10-Minuten-Takt die Meldung:

In der Datei 'C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Softomat.AN' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern

Die Reportdatei

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Samstag, 9. April 2011 15:59

Es wird nach 2537417 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : KRISSY-NETBOOK

Versionsinformationen:
BUILD.DAT : 10.0.0.635 31822 Bytes 07.03.2011 12:02:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 10.01.2011 13:22:56
AVSCAN.DLL : 10.0.3.0 56168 Bytes 10.01.2011 13:23:14
LUKE.DLL : 10.0.3.2 104296 Bytes 10.01.2011 13:23:03
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:23:11
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09.02.2011 10:26:21
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07.04.2011 19:28:46
VBASE004.VDF : 7.11.5.226 2048 Bytes 07.04.2011 19:28:46
VBASE005.VDF : 7.11.5.227 2048 Bytes 07.04.2011 19:28:46
VBASE006.VDF : 7.11.5.228 2048 Bytes 07.04.2011 19:28:46
VBASE007.VDF : 7.11.5.229 2048 Bytes 07.04.2011 19:28:47
VBASE008.VDF : 7.11.5.230 2048 Bytes 07.04.2011 19:28:47
VBASE009.VDF : 7.11.5.231 2048 Bytes 07.04.2011 19:28:47
VBASE010.VDF : 7.11.5.232 2048 Bytes 07.04.2011 19:28:47
VBASE011.VDF : 7.11.5.233 2048 Bytes 07.04.2011 19:28:47
VBASE012.VDF : 7.11.5.234 2048 Bytes 07.04.2011 19:28:48
VBASE013.VDF : 7.11.5.235 2048 Bytes 07.04.2011 19:28:48
VBASE014.VDF : 7.11.5.236 2048 Bytes 07.04.2011 19:28:48
VBASE015.VDF : 7.11.5.237 2048 Bytes 07.04.2011 19:28:48
VBASE016.VDF : 7.11.5.238 2048 Bytes 07.04.2011 19:28:48
VBASE017.VDF : 7.11.5.239 2048 Bytes 07.04.2011 19:28:48
VBASE018.VDF : 7.11.5.240 2048 Bytes 07.04.2011 19:28:49
VBASE019.VDF : 7.11.5.241 2048 Bytes 07.04.2011 19:28:49
VBASE020.VDF : 7.11.5.242 2048 Bytes 07.04.2011 19:28:49
VBASE021.VDF : 7.11.5.243 2048 Bytes 07.04.2011 19:28:49
VBASE022.VDF : 7.11.5.244 2048 Bytes 07.04.2011 19:28:49
VBASE023.VDF : 7.11.5.245 2048 Bytes 07.04.2011 19:28:49
VBASE024.VDF : 7.11.5.246 2048 Bytes 07.04.2011 19:28:50
VBASE025.VDF : 7.11.5.247 2048 Bytes 07.04.2011 19:28:50
VBASE026.VDF : 7.11.5.248 2048 Bytes 07.04.2011 19:28:50
VBASE027.VDF : 7.11.5.249 2048 Bytes 07.04.2011 19:28:50
VBASE028.VDF : 7.11.5.250 2048 Bytes 07.04.2011 19:28:50
VBASE029.VDF : 7.11.5.251 2048 Bytes 07.04.2011 19:28:50
VBASE030.VDF : 7.11.5.252 2048 Bytes 07.04.2011 19:28:50
VBASE031.VDF : 7.11.6.19 95744 Bytes 08.04.2011 19:27:14
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 10.01.2011 13:22:51
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 05.04.2011 06:37:44
AESCN.DLL : 8.1.7.2 127349 Bytes 10.01.2011 13:22:49
AESBX.DLL : 8.1.3.2 254324 Bytes 10.01.2011 13:22:49
AERDL.DLL : 8.1.9.9 639347 Bytes 26.03.2011 00:58:17
AEPACK.DLL : 8.2.6.0 549237 Bytes 07.04.2011 19:30:06
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 05.04.2011 06:37:42
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 07.04.2011 19:29:59
AEHELP.DLL : 8.1.16.1 246134 Bytes 12.02.2011 10:26:24
AEGEN.DLL : 8.1.5.4 397684 Bytes 05.04.2011 06:37:36
AEEMU.DLL : 8.1.3.0 393589 Bytes 10.01.2011 13:22:42
AECORE.DLL : 8.1.20.2 196982 Bytes 07.04.2011 19:28:53
AEBB.DLL : 8.1.1.0 53618 Bytes 10.01.2011 13:22:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 10.01.2011 13:22:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 10.01.2011 13:22:55
AVREP.DLL : 10.0.0.8 62209 Bytes 17.06.2010 13:26:53
AVREG.DLL : 10.0.3.2 53096 Bytes 10.01.2011 13:22:55
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10.01.2011 13:22:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 10.01.2011 13:22:51
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10.01.2011 13:22:54
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 10.01.2011 13:22:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.2010 12:10:08
RCTEXT.DLL : 10.0.58.0 98152 Bytes 10.01.2011 13:23:15

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4db769ca\guard_slideup.avp
Protokollierung.......................: hoch
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Abweichende Gefahrenkategorien........: +PFS,
Erweiterte Sucheinstellungen..........: 0x08000000
Erweiterte Sucheinstellungen..........: 0x00300002

Beginn des Suchlaufs: Samstag, 9. April 2011 15:59
Die Reparatur von Rootkits ist nur im interaktiven Modus möglich!

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avscan.exe>
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\SearchProtocolHost.exe>
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Mozilla Firefox\firefox.exe>
Durchsuche Prozess 'taskmgr.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\taskmgr.exe>
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\taskhost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\iPod\bin\iPodService.exe>
Durchsuche Prozess 'uTorrent.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\uTorrent\uTorrent.exe>
Durchsuche Prozess 'sidebar.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Windows Sidebar\sidebar.exe>
Durchsuche Prozess 'veohwebplayer.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe>
Durchsuche Prozess 'PCBoostTray.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe>
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avgnt.exe>
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Windows Media Player\wmpnetwk.exe>
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\DivX\DivX Update\DivXUpdate.exe>
Durchsuche Prozess 'DDMService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe>
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\Java\Java Update\jusched.exe>
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\iTunes\iTunesHelper.exe>
Durchsuche Prozess 'Boingo Wi-Fi.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe>
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe>
Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\igfxsrvc.exe>
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\igfxpers.exe>
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\wbem\WmiPrvSE.exe>
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\hkcmd.exe>
Durchsuche Prozess 'AsAgent.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe>
Durchsuche Prozess 'LiveUpdate.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe>
Durchsuche Prozess 'AsScrPro.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\AsScrPro.exe>
Durchsuche Prozess 'HotkeyService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\EeePC\HotkeyService\HotkeyService.exe>
Durchsuche Prozess 'SynTPHelper.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynTPHelper.exe>
Durchsuche Prozess 'HotKeyMon.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe>
Durchsuche Prozess 'SynAsusAcpi.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe>
Durchsuche Prozess 'SuperHybridEngine.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\EeePC\SHE\SuperHybridEngine.exe>
Durchsuche Prozess 'Eee Docking.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\Eee Docking\Eee Docking.exe>
Durchsuche Prozess 'SynTPEnh.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>
Durchsuche Prozess 'IAAnotif.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe>
Durchsuche Prozess 'WLIDSvcM.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\SearchIndexer.exe>
Durchsuche Prozess 'IAANTMon.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe>
Durchsuche Prozess 'WLIDSVC.EXE' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'SeaPort.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe>
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\conhost.exe>
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avshadow.exe>
Durchsuche Prozess 'OberonGameConsoleService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\ASUS\Game Park\GameConsole\OberonGameConsoleService.exe>
Durchsuche Prozess 'mwssvc.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE>
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
Durchsuche Prozess 'AsusService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\AsusService.exe>
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe>
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\explorer.exe>
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\avguard.exe>
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\dwm.exe>
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\taskhost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Program Files\Avira\AntiVir Desktop\sched.exe>
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\spoolsv.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\svchost.exe>
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\lsm.exe>
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\lsass.exe>
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\services.exe>
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\winlogon.exe>
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\wininit.exe>
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\csrss.exe>
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\csrss.exe>
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Modul ist OK -> <C:\Windows\System32\smss.exe>

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL'
C:\Program Files\MyWebSearch\bar\2.bin\
NPMYWEBS.DLL
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49b9c78e.qua' verschoben!
Beginne mit der Suche in 'C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL'
C:\Program Files\MyWebSearch\bar\2.bin\
M3PLUGIN.DLL
[FUND] Ist das Trojanische Pferd TR/Trash.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5133e804.qua' verschoben!


Ende des Suchlaufs: Samstag, 9. April 2011 16:00
Benötigte Zeit: 00:35 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
72 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
69 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
2 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.



Zudem sind meine Eigenen Ordner "leer". Rechtsklick Eigenschaften verrät mir allerdings, dass dort meine paar GB noch abgespeichert sind aber mir wird nix angezeigt. Auch Dokumente vom Desktop sind nicht mehr sichtbar oder gelöscht, die wichtig waren...Wiederherstellungszeitpunkt gibt es nur den 1.4.2011 obwohl regelmäßig erstellt worden ist...und am 1.4.2011 trat das Problem auf...die Dateien verschwanden aber erst nach und nach. Wiederherstellung trotzdem gemacht aber mein Netbook sagt mir "Leck mich dat hat nix gebracht...."

Ich hoffe jemand kann mir anhand der Informationen helfen....

Glg

Krissy

Alt 11.04.2011, 15:51   #2
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



na sicher können wir :-)
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________

__________________

Alt 11.04.2011, 16:56   #3
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Pfeil

Virus?liveupdate.exe dateien verschwinden



Erstmal danke für das rasche Feedback
Das hat mein Netbook für Euch per OTL ausgespuckt....bin gespannt :/
OTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 4/11/2011 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Krissy\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 47.79 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: KRISSY-NETBOOK | User Name: Krissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Krissy\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\program files\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe (PGWARE LLC)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Krissy\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (OberonGameConsoleService) -- C:\Program Files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe ()
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (btusbflt) -- C:\Windows\System32\drivers\btusbflt.sys (Broadcom Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Asus | MSN
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = ASUS Eee Family | Easy to Learn, Work and Play [binary data]
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MyWebSearch Home Page
IE - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: low_quality_flash@pie2k.com:0.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {23D9E118-C92C-4180-80B9-61852C71662B}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/22 21:28:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/22 21:28:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 05:52:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/25 05:52:40 | 000,000,000 | ---D | M]
 
[2010/05/03 20:58:18 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\mozilla\Extensions
[2011/04/09 11:36:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] (ImTranslator) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] (Modify Headers) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
[2011/02/20 19:54:26 | 000,000,000 | -H-D | M] (TVU Web Player) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\firefox@tvunetworks.com
[2011/04/11 16:09:39 | 000,000,000 | -H-D | M] (Low Quality Flash) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\low_quality_flash@pie2k.com
[2011/04/11 16:09:39 | 000,000,000 | -H-D | M] (Ask Toolbar Toolbar) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com
[2011/04/11 16:09:38 | 000,000,000 | -H-D | M] (YouTube to MP3) -- C:\Users\Krissy\AppData\Roaming\mozilla\Firefox\Profiles\tx1u8grj.default\extensions\youtube2mp3@mondayx.de
[2011/01/24 22:38:26 | 000,010,015 | -H-- | M] () -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\searchplugins\mywebsearch.xml
[2011/01/14 13:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010/10/07 14:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/09 03:11:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/22 21:28:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/01/22 21:28:36 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011/04/11 16:09:42 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\KRISSY\APPDATA\LOCAL\{23D9E118-C92C-4180-80B9-61852C71662B}
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/07 01:07:15 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/10/07 01:07:15 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/07 01:07:15 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/07 01:07:15 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/10/07 01:07:15 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe ()
O4 - HKLM..\Run: [EEESplendidAR] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCBoost] C:\Program Files\PGWARE\PCBoost\PCBoostTray.exe (PGWARE LLC)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000..\Run: [WebcamMaxAutoRun] C:\Program Files\WebcamMax\WebcamMax.exe (CoolwareMax)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/04/05 21:25:43 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2011/04/05 21:17:43 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes
[2011/04/05 21:17:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 21:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 21:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/05 21:17:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/05 21:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/05 20:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.4
[2011/04/05 20:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.4
[2011/04/05 19:38:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2011/04/05 19:36:13 | 000,000,000 | ---D | C] -- C:\Users\Krissy\Desktop\taskmanager
[2011/04/05 16:22:52 | 000,000,000 | ---D | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
[2011/04/05 16:15:20 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}
[2011/03/22 02:46:08 | 003,002,471 | -H-- | C] (MyWebSearch.com) -- C:\Users\Krissy\AppData\Local\mwsautSp.exe
[2011/03/12 19:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/03/12 19:57:43 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2011/03/12 19:55:43 | 000,000,000 | -H-D | C] -- C:\Users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus
[2011/03/12 19:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2011/03/12 19:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\Azureus
[2009/11/04 15:06:04 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011/04/11 16:19:18 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 16:19:18 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/11 16:16:02 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/11 16:11:20 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/11 16:10:53 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/05 21:17:21 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:25:31 | 000,000,120 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\Fnehoveraxifokel.dat
[2011/04/05 16:23:00 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~35446536r
[2011/04/05 16:23:00 | 000,000,104 | -H-- | M] () -- C:\ProgramData\~35446536
[2011/04/05 16:22:44 | 000,000,328 | -H-- | M] () -- C:\ProgramData\35446536
[2011/04/05 16:15:22 | 000,000,000 | -H-- | M] () -- C:\Users\Krissy\AppData\Local\Ujowocesofih.bin
[2011/03/24 09:00:22 | 000,545,677 | -H-- | M] () -- C:\Users\Krissy\Desktop\7068_wortwitz.jpg
[2011/03/22 02:46:09 | 003,002,471 | -H-- | M] (MyWebSearch.com) -- C:\Users\Krissy\AppData\Local\mwsautSp.exe
[2011/03/19 01:11:04 | 000,000,803 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/03/17 08:27:34 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\windows\System32\drivers\avipbb.sys
[2011/03/12 19:58:45 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011/04/05 21:17:21 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 16:23:00 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~35446536r
[2011/04/05 16:22:59 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~35446536
[2011/04/05 16:22:44 | 000,000,328 | -H-- | C] () -- C:\ProgramData\35446536
[2011/04/05 16:15:22 | 000,000,120 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Fnehoveraxifokel.dat
[2011/04/05 16:15:22 | 000,000,000 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Ujowocesofih.bin
[2011/03/24 08:59:58 | 000,545,677 | -H-- | C] () -- C:\Users\Krissy\Desktop\7068_wortwitz.jpg
[2011/03/19 01:11:04 | 000,000,803 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011/03/12 19:58:45 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/02/03 23:06:00 | 000,003,584 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/15 01:47:44 | 000,007,598 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\Resmon.ResmonCfg
[2010/05/21 09:31:28 | 000,017,408 | -H-- | C] () -- C:\Users\Krissy\AppData\Local\WebpageIcons.db
[2010/05/04 02:21:56 | 000,000,000 | -H-- | C] () -- C:\Users\Krissy\AppData\Roaming\wklnhst.dat
[2010/05/03 21:11:47 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010/01/07 00:49:56 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/01/07 00:14:26 | 000,011,448 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010/01/07 00:14:18 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2010/01/06 23:47:03 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010/01/06 23:47:03 | 000,021,864 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010/01/06 23:44:46 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010/01/06 23:41:30 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2009/07/26 03:28:45 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/07/26 03:28:45 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 06:33:53 | 000,333,280 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2010/01/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\E-Cam
[2010/01/08 00:43:29 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\E-Cam
[2010/05/03 23:29:47 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Asus
[2011/04/11 16:09:42 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\E-Cam
[2010/05/04 21:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\GoBoingo
[2011/04/05 20:17:25 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ICQ
[2011/01/14 01:08:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Local
[2011/02/22 21:57:17 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\MahJong Suite
[2010/05/04 23:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Opera
[2011/02/12 13:28:22 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Thinstall
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\TVgenial
[2011/04/11 17:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WebcamMax
[2011/02/12 14:26:31 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ZiggyTV
[2009/07/14 06:53:46 | 000,030,312 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/04/05 16:13:23 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Adobe
[2010/07/10 02:12:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Apple Computer
[2010/05/03 23:29:47 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Asus
[2011/02/14 14:03:18 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Avira
[2010/05/05 14:30:30 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\DivX
[2011/04/11 16:09:42 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\E-Cam
[2010/05/04 21:27:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\GoBoingo
[2011/04/05 20:17:25 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ICQ
[2009/07/14 06:54:12 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Identities
[2010/01/06 23:39:58 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\InstallShield
[2011/01/14 01:08:32 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Local
[2010/01/06 23:55:11 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Macromedia
[2011/02/22 21:57:17 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\MahJong Suite
[2011/04/05 21:17:43 | 000,000,000 | ---D | M] -- C:\Users\Krissy\AppData\Roaming\Malwarebytes
[2011/04/11 16:09:40 | 000,000,000 | --SD | M] -- C:\Users\Krissy\AppData\Roaming\Microsoft
[2010/05/03 20:58:18 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Mozilla
[2010/05/04 23:59:50 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Opera
[2011/02/12 13:28:22 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\Thinstall
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\TVgenial
[2011/04/11 17:00:52 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\uTorrent
[2011/04/11 16:09:37 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WebcamMax
[2010/05/12 04:02:13 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\WinRAR
[2011/02/12 14:26:31 | 000,000,000 | -H-D | M] -- C:\Users\Krissy\AppData\Roaming\ZiggyTV
 
< %APPDATA%\*.exe /s >
[2011/02/01 19:04:18 | 000,052,616 | ---- | M] () -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com\chrome\content\issigned.exe
[2011/03/20 19:44:51 | 003,325,832 | -H-- | M] (Ask) -- C:\Users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys
[2009/06/05 04:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:AB689DEA

< End of report >
         
--- --- ---

--- --- ---
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 4/11/2011 4:59:26 PM - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Krissy\Downloads
 Starter Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 80.00 Gb Total Space | 47.79 Gb Free Space | 59.74% Space Free | Partition Type: NTFS
Drive D: | 59.03 Gb Total Space | 58.94 Gb Free Space | 99.85% Space Free | Partition Type: NTFS
 
Computer Name: KRISSY-NETBOOK | User Name: Krissy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-797518080-1355806957-2820617274-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{185AFA7A-F63E-450B-94AA-011CAC18090E}" = E-Cam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{548D4E14-F59D-4FA3-A357-CE5BA0D41D34}" = Opera 11.01
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-040C-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (French) 2007
"{90120000-0017-040C-0000-0000000FF1CE}_OMUI.fr-fr_{CCDA3DD6-E33D-4D75-B7C9-FF585580CE83}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0410-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Italian) 2007
"{90120000-0017-0410-0000-0000000FF1CE}_OMUI.it-it_{342281AF-B7FE-4999-BE64-29F7D6249970}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0017-0413-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Dutch) 2007
"{90120000-0017-0413-0000-0000000FF1CE}_OMUI.nl-nl_{2E9BD56A-2290-46DA-869F-2EDCF0A24E8B}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_OMUI.fr-fr_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.fr-fr_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.it-it_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.nl-nl_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.fr-fr_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.it-it_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.nl-nl_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.fr-fr_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.it-it_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.nl-nl_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.it-it_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.fr-fr_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}_OMUI.nl-nl_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_OMUI.fr-fr_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-040C-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (French) 2007
"{90120000-0044-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_OMUI.fr-fr_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_OMUI.it-it_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_OMUI.nl-nl_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-040C-0000-0000000FF1CE}" = Microsoft Office Groove MUI (French) 2007
"{90120000-00BA-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-040C-0000-0000000FF1CE}" = Microsoft Office O MUI (French) 2007
"{90120000-0100-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0410-0000-0000000FF1CE}" = Microsoft Office O MUI (Italian) 2007
"{90120000-0100-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0413-0000-0000000FF1CE}" = Microsoft Office O MUI (Dutch) 2007
"{90120000-0100-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-040C-0000-0000000FF1CE}" = Microsoft Office X MUI (French) 2007
"{90120000-0101-040C-0000-0000000FF1CE}_OMUI.fr-fr_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0410-0000-0000000FF1CE}" = Microsoft Office X MUI (Italian) 2007
"{90120000-0101-0410-0000-0000000FF1CE}_OMUI.it-it_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0413-0000-0000000FF1CE}" = Microsoft Office X MUI (Dutch) 2007
"{90120000-0101-0413-0000-0000000FF1CE}_OMUI.nl-nl_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BB5E5F87-E939-4974-A006-2B4A2F60EEA3}_is1" = Game Park Console
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDC2421D-EB66-4F32-A588-F72E62EC4E94}" = EeeSplendid
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASUS VIBE" = ASUS VIBE
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"B41C7C96D83162A676DA7365ADEFD6C1AF62A4EE" = Windows Driver Package - Broadcom Bluetooth  (07/17/2009 6.2.0.9403)
"B5C82F3814F82FB37F1513B3185399BD88892B08" = Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
"DivX Setup.divx.com" = DivX-Setup
"Eee Docking_is1" = Eee Docking 3.6.0
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"MahJong Suite_is1" = MahJong Suite 2011 v8.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"OMUI.fr-fr" = Microsoft Office Language Pack 2007 - French/Français
"OMUI.it-it" = Microsoft Office Language Pack 2007 - Italian/Italiano
"OMUI.nl-nl" = Microsoft Office Language Pack 2007 - Dutch/Nederlands
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"PCBoost_is1" = PCBoost
"PokerStars.net" = PokerStars.net
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trillian" = Trillian
"TVgenial" = TVgenial 4.10
"TVUPlayer" = TVUPlayer 2.5.3.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WebcamMax" = WebcamMax
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/18/2011 8:42:12 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf928fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x120  Startzeit der fehlerhaften Anwendung: 0x01cbb6b60f2458a5  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: f38761a5-2364-11e0-91d3-485b39189b38
 
Error - 1/20/2011 1:24:57 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 1/22/2011 5:07:00 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf928fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0xec8  Startzeit der fehlerhaften Anwendung: 0x01cbba717b7ae5c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 8d07b294-266b-11e0-91d3-485b39189b38
 
Error - 1/23/2011 12:44:33 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 1/30/2011 8:31:28 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.4927,
 Zeitstempel: 0x4a2752ff  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00008aa0  ID des fehlerhaften
 Prozesses: 0x15dc  Startzeit der fehlerhaften Anwendung: 0x01cbc0ddb5976464  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
Berichtskennung:
 710b5c3f-2cd1-11e0-91d3-485b39189b38
 
Error - 1/30/2011 10:21:41 PM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 2/2/2011 9:45:39 AM | Computer Name = Krissy-Netbook | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
 enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
 in Zeile 2.  Ungültige XML-Syntax.
 
Error - 2/5/2011 7:40:22 PM | Computer Name = Krissy-Netbook | Source = MsiInstaller | ID = 11935
Description = 
 
Error - 2/7/2011 2:58:11 PM | Computer Name = Krissy-Netbook | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf928fc  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x4a8  Startzeit der fehlerhaften Anwendung: 0x01cbc5910b0bb4eb  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: C:\windows\SYSTEM32\ntdll.dll  Berichtskennung: 35160945-32ec-11e0-9239-485b39189b38
 
Error - 2/9/2011 11:48:07 PM | Computer Name = Krissy-Netbook | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 DETECT.  System Error: Der angegebene Dienst ist kein installierter Dienst.  .
 
[ System Events ]
Error - 3/20/2011 5:11:26 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 3/20/2011 5:11:45 PM | Computer Name = Krissy-Netbook | Source = NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das Öffnen
 der Anfangsadressen verweigerte.
 
Error - 3/20/2011 9:14:51 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 01:59:41 unerwartet heruntergefahren.
 
Error - 3/21/2011 1:21:30 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 18:20:10 unerwartet heruntergefahren.
 
Error - 3/21/2011 2:47:31 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?03.?2011 um 19:45:34 unerwartet heruntergefahren.
 
Error - 3/21/2011 8:40:14 PM | Computer Name = Krissy-Netbook | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?03.?2011 um 01:39:06 unerwartet heruntergefahren.
 
Error - 3/21/2011 8:41:37 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 3/21/2011 8:41:37 PM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 3/21/2011 8:41:39 PM | Computer Name = Krissy-Netbook | Source = DCOM | ID = 10005
Description = 
 
Error - 3/23/2011 4:44:18 AM | Computer Name = Krissy-Netbook | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Wlansvc erreicht.
 
 
< End of report >
         
--- --- ---

glg Krissy
__________________

Geändert von Princess21 (11.04.2011 um 17:00 Uhr) Grund: 2. Report hinzufügen

Alt 11.04.2011, 17:36   #4
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



lade dir unhide.exe
http://filepony.de/download-unhide/
rechtsklick, als admin starten.
lass das programm durchlaufen und prüfe ob dateien sichtbar werden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.04.2011, 18:02   #5
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



Ich danke dir, das hat schon einiges geholfen - jedenfalls sind die Dateien wieder sichtbar

Jedoch hat sich das ja alles so nach und nach entwickelt, mir ist ein wenig Bange, dass in den nächsten Tagen der ganze Mist von vorne losgeht weil irgendwat muss sich mein PC doch eingefangen haben, dass der so rumspukt

Hab ich keine Möglichkeit herauszufinden was es ist und wie ich's wegbekomme?
Die Wirkung hab ich ja nicht anhaltend bekämpft aber die Ursache schlummert hier ja noch rum


Alt 11.04.2011, 18:09   #6
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



immer mit der ruhe.
poste mir bitte alle Malwarebytes logs die du hast.
zu finden unter malwarebytes, logdateien.
__________________
--> Virus?liveupdate.exe dateien verschwinden

Alt 11.04.2011, 18:18   #7
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



Wollte dich auch nicht stressen

Der Refog Keylogger war gewollt, nicht dass du dich deswegen wunderst

Hier die Logdatei

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6280

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.04.2011 21:52:59
mbam-log-2011-04-05 (21-52-59).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 156470
Laufzeit: 15 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 7
Infizierte Registrierungsschlüssel: 135
Infizierte Registrierungswerte: 12
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 29
Infizierte Dateien: 565

Infizierte Speicherprozesse:
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> 1388 -> Unloaded process successfully.

Infizierte Speichermodule:
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal.

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyWebSearchService (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{07B18EA0-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.2 (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu (PUP.FunWebProducts) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.FunWebProducts) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.SettingsPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0F8ECF4F-3646-4C3A-8881-8E138FFCAF70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8CA01F0E-987C-49C3-B852-2F1AC4A7094C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995A-BA37-41D2-836E-091067C4AD17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.IECookiesManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C8CECDE3-1AE1-4C4A-AD82-6D5B00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.DataControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{3E720450-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3E720451-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.HTMLPanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{53CED2D0-5E9A-4761-9005-648404E6F7E5} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearchToolBar.ToolbarPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8E6F1830-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterSettingsControl (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D292-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{7473D290-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D294-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.PseudoTransparentPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473D296-B7BB-4f24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84DA4FDF-A1CF-4195-8688-3E961F505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8E6F1832-9607-4440-8530-13BE7C4B1D14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.PopSwatterBarButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938AA51A-996C-4884-98CE-80DD16A5C9DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{29D67D3C-509A-4544-903F-C8C1B8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HTMLMenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ScreenSaverControl.ScreenSaverInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A9571378-68A1-443d-B082-284F960C6D17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ADB01E81-3C79-4272-A0F1-7B2BE7A782DC} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{B813095C-81C0-4E40-AA14-67520372B987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.KillerObjManager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{C9D7BE3E-141A-4C85-8CD6-32461F3DF2C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistoryKillerScheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{CFF4CE82-3AA2-451F-9B77-7165605FB835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\FunWebProducts.HistorySwatterControlBar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D9FFFB27-D62A-4D64-8CEC-1FF006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0D26BC71-A633-4E71-AD31-EADC3A1B6A3A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{E79DFBCA-5697-4fbd-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{E79DFBC0-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ChatSessionPlugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.MultipleButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.ThirdPartyInstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyWebSearch.UrlAlertButton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Refog Software (Refog.Keylogger) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4bac-9BD3-CBFEA58A0E15} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Email Plugin (Adware.MyWebSearch) -> Value: MyWebSearch Email Plugin -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\My Web Search Bar Search Scope Monitor (Adware.MyWebSearch) -> Value: My Web Search Bar Search Scope Monitor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44CF-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (Adware.MyWebSearch) -> Value: {00A6FAF6-072E-44cf-8957-5838F569A31D} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Value: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Onehepiguyor (Trojan.Agent.U) -> Value: Onehepiguyor -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kfujigoreyesub (Trojan.Agent.U) -> Value: Kfujigoreyesub -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Value: f3PopularScreensavers -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\FunWebProducts (Adware.MyWebSearch) -> Value: FunWebProducts -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programdata\MPK (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\CPDA (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDM (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\program files\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\chrome (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang (Refog.Keylogger) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\program files\mywebsearch\bar\2.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSOEMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\F3REPROX.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\NPMYWEBS.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\M3PLUGIN.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\MWSBAR.DLL (Adware.MyWebSearch) -> Delete on reboot.
c:\program files\mywebsearch\bar\2.bin\F3HTMLMU.DLL (PUP.FunWebProducts) -> Not selected for removal.
c:\program files\mywebsearch\bar\2.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSSRCAS.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HISTSW.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3DTACTL.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HTML.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3POPSWT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3CJPEG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCRCTR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3OUTLCN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HTTPCT.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MSG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\programdata\35446536.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\xowermcnas.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\tmp1104.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup104210064.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1122799688.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1616803616.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1658197920.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup1994244452.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2024106000.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2485476116.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\ptu505_tmp.exe (PUP.Casino) -> Not selected for removal.
c:\Users\Krissy\AppData\Local\Temp\CC96.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\D6D2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\D701.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\ocamsxewnr.exe (Trojan.Hiloti.Gen) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\err.log113828594 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup4007255760.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2654415980.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup2909314912.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3030965844.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3292206952.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup348659576.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup349743944.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3504067900.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Local\Temp\setup3540841432.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\setupcasino_957b0d_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\smileycentralpfsetup2.3.76.6.sa.hp.znfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\europasetup_9e702b_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\europasetup_2a6cf0_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\downloads\pantsoff.exe (PUP.PSWFinder) -> Not selected for removal.
c:\Users\Krissy\downloads\europasetup_25bd16_de.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Roaming\Adobe\plugs\kb113833492.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Krissy\AppData\Roaming\Adobe\plugs\kb113833633.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\MPK\M0000 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\refog personal monitor.lnk (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\S0000 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\D0000 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1467941667 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1502251736 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1536971875 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1571781366 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1606416898 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1641247801 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1675862153 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1710584954 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1745307870 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1780030671 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1814753935 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1849476273 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1918922106 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1953645023 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_1988367940 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2057813542 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2092536458 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2127259375 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2161982060 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2196704977 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2231427199 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2266150810 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2300873495 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2335596644 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2370319444 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2405041667 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2439764931 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2509210301 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2543933681 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2648102199 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2682825116 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2752270833 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2786993866 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2925885069 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_2960608102 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3099499306 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3134222569 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3168945255 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3203668403 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3238391088 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3273172454 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3307835995 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3342559606 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3377282755 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3412011806 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3446728009 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3481450347 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_3550896296 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7578748843 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7613649769 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7648194444 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7682917361 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7717756944 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7752362616 (Refog.Keylogger) -> Not selected for removal.
c:\programdata\MPK\1\i40573_7787566088 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7821809028 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7856531134 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7891254745 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7925976968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7960701389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_7995422801 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8030145255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8064868056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_2023090972 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_2717548032 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_3516175926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8099594097 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8967662384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0564988773 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1155206944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1953832870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2544120949 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3759421181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6915276736 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9580777546 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0275234954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1108583796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2522098264 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3635671643 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6318910417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8136060069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8169037153 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8203760185 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8342651852 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8377373843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8586256829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8620433796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8655157870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8689880787 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8724602778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8759325810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8794048843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8828771875 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8863494676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8898236343 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_8932940162 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9002740162 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9037108681 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9071835532 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9106554861 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9141277315 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9176000231 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9210723032 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9246012268 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9280169213 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9315053704 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9349615509 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9384337268 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9419172107 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9453783449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9488506829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9523229167 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9557951389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9592674884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9627397685 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9662120255 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9696843056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9731565972 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9766288657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9801011690 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9835741667 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9870457523 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9905180440 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9939903125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40573_9974625463 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0009348843 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0044071875 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0148586227 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0182963310 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0217686227 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0252409028 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0287131597 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0321854051 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0356577431 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0391300694 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0426023148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0460745602 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0495468750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0530434954 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0599640741 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0634386111 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0669087384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0703810069 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0738532176 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0773255671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0807978819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0842701620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0877424190 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0912178241 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0946869560 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_0981592245 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1016314931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1051038657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1085760764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1120483449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1189929977 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1224651968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1259375810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1467712616 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1502435532 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1537157986 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1571881019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1606604977 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1641328935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1676049769 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1745496065 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1780218750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1814942361 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1849664236 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1884386574 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1919110417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_1988555324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2023278819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2058002083 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2092725579 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2127446991 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2162170139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2196892708 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2231615625 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2266338426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2301060764 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2335783912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2370506829 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2405230324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2439952778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2474675810 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2509398727 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2578843750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2613567593 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2648290509 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2683012269 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2717735301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_2752458796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3169132523 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3203855671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3238578704 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3273301968 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3308023727 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3585806944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3620564931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3655253009 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3689976042 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3724699074 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3794144329 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3828867245 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3863591435 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3898313426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3933035301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_3967758565 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_4002481019 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_4037205671 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6533331944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6568049306 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6602771065 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6637494213 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6776385648 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6811107870 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6845831250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6880553125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6950043056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_6984722454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7019445139 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7054168287 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7088891204 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7123614699 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7158336690 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7193058912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_7401396759 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9336988426 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9372440393 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9407163657 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9441885880 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9476609144 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9511333449 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9546056250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\S0000 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9615500926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9650223148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9684946181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9719668750 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9754392824 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9789114699 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9823837037 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9858560301 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9893283681 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9928006250 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9962728588 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40574_9997571412 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0032175231 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0309957407 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0344680903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0379403472 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0414127431 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0448849074 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0483573148 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0518294792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0553017940 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0587740741 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0622463889 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0657186458 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0830801389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0865522917 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_0900246644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1039137963 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1073860417 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_1143306366 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2001255903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2035978819 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2070701042 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2105424769 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2140147338 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2175165046 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2209672685 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2244632176 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2279038194 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2313762037 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2348485185 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2383206944 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2417930324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2452653125 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2487375926 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_2556821644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3114824653 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3149547338 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3184314815 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3219029745 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3253716551 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3288459606 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3323162384 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3357924884 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3392607407 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3427330903 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3462053935 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3496776157 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3531499653 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3566222454 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3600944676 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3670394792 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3705117130 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3739839931 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3774564815 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3809285880 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3844009722 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_3878731018 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6006357060 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6041080440 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6075802778 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6110553588 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6145248611 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6180025232 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6214694907 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6249418056 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6284203009 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6353751389 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6388417361 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6423321181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6457755208 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6492477083 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6527288079 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6562138079 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40575_6596646644 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1892591782 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1927333102 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1961973727 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_1996530324 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2031257639 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2066348495 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2100654514 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2135376620 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2170308796 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2204822917 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2239546181 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_2552051273 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_5427796296 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\1\i40576_5462533912 (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\CPDM\cpfm.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor\jetzt bestellen!.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor\refog personal monitor im internet.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\programdata\MPK\refog personal monitor\refog personal monitor.lnk (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3FFTBPR.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\M3PATCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\1.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SPACER.WMV (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome.manifest (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3BKGERR.JPG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3HKSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3IMSTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3PSSAVR.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3REGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3RESTUB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3SCHMON.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WALLPP.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\F3WPHOOK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\FWPBUDDY.PNG (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\INSTALL.RDF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3AUXSTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3DLGHK.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3HIGHIN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IDLE.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3IMPIPE.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3MEDINT.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SKPLAY.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3SLSRCH.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\M3TPINST.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSMLBTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\MWSUABTN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\2.bin\chrome\M3FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Avatar\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHECKERS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\CHESS.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Game\REVERSI.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\CM.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\MFC.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\PSS.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\SMILEY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\WB.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\icons\ZWINKY.ICO (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Message\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\DOG.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\FISH.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\KUNGFU.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\LIFEGARD.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAID.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\MAILBOX.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\OPERA.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\ROBOT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SEDUCT.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Notifier\SURFER.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Overlay\COMMON.F3S (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\icon_1.ico (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\key.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\libeay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\lnkmst.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\logstart.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\loguninstall.vbs (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Mpk.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Mpk64.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\sqlite3.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\ssleay32.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\trial_pro.ini (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\unins000.dat (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\unins000.exe (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\unins000.msg (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\update_info.bin (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\zlib1.dll (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\update.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\English\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\file.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\imhelp.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\need_update_net.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\German\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\alarms.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\clipboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\computer.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\delivery.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\filters.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\internet.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\invisible.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\keyboard.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\logging.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\log_size.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\password.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\programs.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\screenshot.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\settings_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Help\Spanish\users_node.htm (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_em_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_english.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_german.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_pm_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_russian.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_spanish.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\banner_spanish.swf (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\english.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\german.gif (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_aeu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_aus.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_eu.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\upgrade_us.png (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\vista_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Images\xp_hide.bmp (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\brazilian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\brazilian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\English.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\French.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\French.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\German.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\German.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Italian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Italian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Japanese.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Japanese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Polish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\portuguese.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\portuguese.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Romanian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Romanian.lng (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Russian.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Spanish.frc (Refog.Keylogger) -> Quarantined and deleted successfully.
c:\Windows\System32\MPK\Lang\Spanish.lng (Refog.Keylogger) -> Quarantined and deleted successfully.

Alt 11.04.2011, 18:20   #8
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



ich fühlte mich nicht gestresst, ich meinte, immer mit der ruhe, wir bekommen das hin.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.04.2011, 19:10   #9
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



So,das hat ein wenig mehr Zeit in Anspruch genommen...und weiter gehts mit dem Log:
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-10.04 - Krissy 11.04.2011  19:36:44.1.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.1014.429 [GMT 2:00]
ausgeführt von:: c:\users\Krissy\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\programdata\MPK
c:\programdata\MPK\1\D0000
c:\programdata\MPK\1\I40573_1467941667
c:\programdata\MPK\1\I40573_1502251736
c:\programdata\MPK\1\I40573_1536971875
c:\programdata\MPK\1\I40573_1571781366
c:\programdata\MPK\1\I40573_1606416898
c:\programdata\MPK\1\I40573_1641247801
c:\programdata\MPK\1\I40573_1675862153
c:\programdata\MPK\1\I40573_1710584954
c:\programdata\MPK\1\I40573_1745307870
c:\programdata\MPK\1\I40573_1780030671
c:\programdata\MPK\1\I40573_1814753935
c:\programdata\MPK\1\I40573_1849476273
c:\programdata\MPK\1\I40573_1918922106
c:\programdata\MPK\1\I40573_1953645023
c:\programdata\MPK\1\I40573_1988367940
c:\programdata\MPK\1\I40573_2057813542
c:\programdata\MPK\1\I40573_2092536458
c:\programdata\MPK\1\I40573_2127259375
c:\programdata\MPK\1\I40573_2161982060
c:\programdata\MPK\1\I40573_2196704977
c:\programdata\MPK\1\I40573_2231427199
c:\programdata\MPK\1\I40573_2266150810
c:\programdata\MPK\1\I40573_2300873495
c:\programdata\MPK\1\I40573_2335596644
c:\programdata\MPK\1\I40573_2370319444
c:\programdata\MPK\1\I40573_2405041667
c:\programdata\MPK\1\I40573_2439764931
c:\programdata\MPK\1\I40573_2509210301
c:\programdata\MPK\1\I40573_2543933681
c:\programdata\MPK\1\I40573_2648102199
c:\programdata\MPK\1\I40573_2682825116
c:\programdata\MPK\1\I40573_2752270833
c:\programdata\MPK\1\I40573_2786993866
c:\programdata\MPK\1\I40573_2925885069
c:\programdata\MPK\1\I40573_2960608102
c:\programdata\MPK\1\I40573_3099499306
c:\programdata\MPK\1\I40573_3134222569
c:\programdata\MPK\1\I40573_3168945255
c:\programdata\MPK\1\I40573_3203668403
c:\programdata\MPK\1\I40573_3238391088
c:\programdata\MPK\1\I40573_3273172454
c:\programdata\MPK\1\I40573_3307835995
c:\programdata\MPK\1\I40573_3342559606
c:\programdata\MPK\1\I40573_3377282755
c:\programdata\MPK\1\I40573_3412011806
c:\programdata\MPK\1\I40573_3446728009
c:\programdata\MPK\1\I40573_3481450347
c:\programdata\MPK\1\I40573_3550896296
c:\programdata\MPK\1\I40573_7578748843
c:\programdata\MPK\1\I40573_7613649769
c:\programdata\MPK\1\I40573_7648194444
c:\programdata\MPK\1\I40573_7682917361
c:\programdata\MPK\1\I40573_7717756944
c:\programdata\MPK\1\I40573_7752362616
c:\programdata\MPK\M0000
c:\programdata\MPK\REFOG Personal Monitor.lnk
c:\programdata\MPK\S0000
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome.manifest
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome\content\_cfg.js
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\chrome\content\overlay.xul
c:\users\Krissy\AppData\Local\{23D9E118-C92C-4180-80B9-61852C71662B}\install.rdf
c:\users\Krissy\AppData\Local\mwsautSp.exe
c:\users\Krissy\AppData\Roaming\Adobe\plugs
c:\users\Krissy\AppData\Roaming\Adobe\shed
c:\users\Krissy\AppData\Roaming\Local
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\5241c27e91ad0108f000b6cf403990d2.avi.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\92bdfd5f6c6a95f5086b17bdc4cd5929.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Das_M_rder-Hotel.avi.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\5241c27e91ad0108f000b6cf403990d2.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\92bdfd5f6c6a95f5086b17bdc4cd5929.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Das_M_rder-Hotel.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Geliebt.und.gef--rchtet.-.Spinnen.-.von.Otto.Hahn,.S-dwest.04.05.04.xvid.800kbps,.mp3.192.kbps.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\tvp_hennes.bender.live.egal.gibts.nicht.teil1.avi.ddp
c:\users\Krissy\AppData\Roaming\Local\Temp\DDM\Settings\tvp_hennes.bender.live.egal.gibts.nicht.teil1.avi.ddr
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Uninstall Windows Restore.lnk
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Restore\Windows Restore.lnk
c:\windows\system32\service
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\06072010_TIS17_PccScan.log
c:\windows\system32\service\11102010_TIS17_SfFniAU.log
c:\windows\system32\service\27092010_TIS17_SfFniAU.log
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 17:56 . 2011-04-11 18:01	--------	d-----w-	c:\users\Krissy\AppData\Local\temp
2011-04-11 17:56 . 2011-04-11 17:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-08 20:19 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75D267E7-1DBC-4CEB-A894-2F47BA535E69}\mpengine.dll
2011-04-05 19:32 . 2011-04-05 19:32	5106	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2011-04-05 19:17 . 2011-04-05 19:17	--------	d-----w-	c:\users\Krissy\AppData\Roaming\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:17 . 2011-04-05 19:17	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-05 19:17 . 2011-04-11 14:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-05 18:02 . 2011-04-11 14:10	--------	d-----w-	c:\program files\ICQ7.4
2011-04-05 17:38 . 2011-04-11 14:09	--------	d-----w-	c:\programdata\SecTaskMan
2011-04-05 14:15 . 2011-04-05 14:15	0	----a-w-	c:\users\Krissy\AppData\Local\Ujowocesofih.bin
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:27 . 2011-02-12 10:23	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 14:39	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:39	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:39	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 08:37	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-05-03 18:57	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17	1487240	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2011-01-06 6046960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-03 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"PCBoost"="c:\program files\PGWARE\PCBoost\PCBoostTray.exe" [2010-12-19 1722616]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com
FF - Ext: Ask Toolbar Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Synaptics\SynTP\SynAsusAcpi.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11  20:06:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-11 18:06
.
Vor Suchlauf: 8 Verzeichnis(se), 51.167.219.712 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 53.657.784.320 Bytes frei
.
- - End Of File - - 6B36932EE9CD410C11F645F5AA838C01
         
--- --- ---

Alt 11.04.2011, 19:19   #10
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



start programme zubehör editor, kopiere rein:

killal::
rootkit::
c:\users\Krissy\AppData\Local\Ujowocesofih.bin


datei speichern unter, ort dort wo sich combofix.exe befindet, typ alle dateien, name:
cfscript.txt

ziehe cfscript auf combofix, programm startet log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 11.04.2011, 19:55   #11
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



Gesagt, getan...
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-10.04 - Krissy 11.04.2011  20:27:49.2.2 - x86
Microsoft Windows 7 Starter   6.1.7600.0.1252.49.1031.18.1014.301 [GMT 2:00]
ausgeführt von:: c:\users\Krissy\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Krissy\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\ERDNT\cache\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-11 bis 2011-04-11  ))))))))))))))))))))))))))))))
.
.
2011-04-11 18:44 . 2011-04-11 18:47	--------	d-----w-	c:\users\Krissy\AppData\Local\temp
2011-04-11 18:44 . 2011-04-11 18:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-08 20:19 . 2011-03-15 04:05	6792528	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{75D267E7-1DBC-4CEB-A894-2F47BA535E69}\mpengine.dll
2011-04-05 19:32 . 2011-04-05 19:32	5106	----a-w-	c:\windows\system32\PerfStringBackup.TMP
2011-04-05 19:17 . 2011-04-05 19:17	--------	d-----w-	c:\users\Krissy\AppData\Roaming\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-05 19:17 . 2011-04-05 19:17	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-05 19:17 . 2010-12-20 16:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-05 19:17 . 2011-04-11 14:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-05 18:02 . 2011-04-11 14:10	--------	d-----w-	c:\program files\ICQ7.4
2011-04-05 17:38 . 2011-04-11 14:09	--------	d-----w-	c:\programdata\SecTaskMan
2011-04-05 14:15 . 2011-04-05 14:15	0	----a-w-	c:\users\Krissy\AppData\Local\Ujowocesofih.bin
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 06:27 . 2011-02-12 10:23	137656	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-02-19 05:33 . 2011-03-09 14:39	802304	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 05:32 . 2011-03-09 14:39	1074176	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 05:32 . 2011-03-09 14:39	739840	----a-w-	c:\windows\system32\d2d1.dll
2011-02-03 05:45 . 2011-02-09 08:37	219008	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2011-02-02 17:11 . 2010-05-03 18:57	222080	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 17:17	1487240	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-07-06 2634048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2011-01-06 6046960]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"HotkeyMon"="AsusSender.exe" [2009-09-11 33768]
"HotkeyService"="AsusSender.exe" [2009-09-11 33768]
"SuperHybridEngine"="AsusSender.exe" [2009-09-11 33768]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-17 414384]
"LiveUpdate"="AsusSender.exe" [2009-09-11 33768]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-01-06 3058304]
"EeeSplendidAgent"="c:\program files\ASUS\EPC\EeeSplendid\AsAgent.exe" [2009-12-29 104960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-05 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-05 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-05 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-29 7744032]
"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-05-03 2429]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-01-06 2018032]
"EEESplendidAR"="AsusSender.exe" [2009-09-11 33768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-01-10 1230704]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"PCBoost"="c:\program files\PGWARE\PCBoost\PCBoostTray.exe" [2010-12-19 1722616]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Krissy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2009-07-06 11448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-01-10 135336]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Asus\Game Park\GameConsole\OberonGameConsoleService.exe [2009-09-15 44312]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
2011-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-13 23:06]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\Krissy\AppData\Roaming\Mozilla\Firefox\Profiles\tx1u8grj.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=3IUvWahBK296V2ix2SfVkw&ind=2011012414&ptnrS=ZNfox000&si=&n=77dd9d3e&psa=&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Low Quality Flash: low_quality_flash@pie2k.com - %profile%\extensions\low_quality_flash@pie2k.com
FF - Ext: Ask Toolbar Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Modify Headers: {b749fc7c-e949-447f-926c-3f4eed6accfe} - %profile%\extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: yahoo.homepage.dontask - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Asus\LiveUpdate\LiveUpdate.exe
c:\program files\EeePC\SHE\SuperHybridEngine.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-11  20:53:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-04-11 18:53
ComboFix2.txt  2011-04-11 18:06
.
Vor Suchlauf: 12 Verzeichnis(se), 53.704.916.992 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 53.420.204.032 Bytes frei
.
- - End Of File - - A535F66CDF687E176C85AF49900DC559
         
--- --- ---

Alt 12.04.2011, 10:04   #12
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



klicke mal auf computer, auf c:
dort öffne den ordner qoobox.
dort rechtsklick auf quarantain, und mit winrar oder zip packen. dann hochladen:
dateiupload:
http://www.trojaner-board.de/54791-a...ner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.04.2011, 14:24   #13
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



Hab ich gemacht, ist hoffentlich richtig hochgeladen worden!

Alt 12.04.2011, 14:39   #14
markusg
/// Malware-holic
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



nö, ist vllt zu groß
lad mal bei
File-Upload.net - Ihr kostenloser File Hoster!
hoch und sende mir den link als private nachicht.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.04.2011, 14:46   #15
Princess21
 
Virus?liveupdate.exe dateien verschwinden - Standard

Virus?liveupdate.exe dateien verschwinden



Die rar-datei hat eine größe von 503 mb...das max beträgt bei file upload auch 100mb...

lade jetzt die datei auf file savr hoch, da gehts bis 2gb...und dann schick ich dir den link,ok?

Antwort

Themen zu Virus?liveupdate.exe dateien verschwinden
adware, antivir, asus, c:\windows\system32\services.exe, dateien, dateien verschwinden, desktop, eeepc, fehler, firefox, infiziert, liveupdate.exe, modul, mozilla, nt.dll, ordner, problem, programme, prozesse, realtek, schließen, services.exe, svchost.exe, system, taskhost.exe, temp, tr/crypt.epack.gen, tr/crypt.epack.gen2' [trojan], tr/drop.softomat.an, trojaner, verschwunden, virus, windows, winlogon.exe, wmp



Ähnliche Themen: Virus?liveupdate.exe dateien verschwinden


  1. Dualboot XP/Vista; MBAM-Fund, Dateien verschwinden & tauchen wieder auf, 1 MBAM-log weg
    Log-Analyse und Auswertung - 24.10.2013 (9)
  2. Variante von win32/toolbar.perion.g und dwmu.exe gefunden / Dateien verschwinden vom Desktop
    Plagegeister aller Art und deren Bekämpfung - 07.10.2013 (5)
  3. Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?
    Log-Analyse und Auswertung - 10.06.2013 (16)
  4. Dateien verschwinden
    Log-Analyse und Auswertung - 17.03.2012 (3)
  5. Ordner/Dateien verschwinden, mehrere Trojaner gefunden
    Plagegeister aller Art und deren Bekämpfung - 13.12.2011 (13)
  6. Symantec Auto-Protect disabled, alte Virus Definition Files trotz man. LiveUpdate und mehr Probleme
    Log-Analyse und Auswertung - 11.11.2011 (7)
  7. tmz.exe lässt eigene Dateien verschwinden
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (12)
  8. Dateien verschwinden, Computer langsam, Programme stürzen ständig ab
    Log-Analyse und Auswertung - 01.04.2011 (20)
  9. Dateien verschwinden
    Plagegeister aller Art und deren Bekämpfung - 01.04.2011 (13)
  10. Icq-Virus will nicht verschwinden
    Plagegeister aller Art und deren Bekämpfung - 02.06.2010 (5)
  11. Problem mit Pc .. Dateien verschwinden einfach
    Log-Analyse und Auswertung - 18.10.2009 (1)
  12. Dateien verschwinden
    Plagegeister aller Art und deren Bekämpfung - 26.06.2009 (0)
  13. Dateien und Verzeichnisse verschwinden
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (1)
  14. Virus will nicht vom Pc Verschwinden!
    Log-Analyse und Auswertung - 10.07.2008 (1)
  15. Desktop Icons und Taskleiste verschwinden sobald ich Dateien öffnen will
    Plagegeister aller Art und deren Bekämpfung - 28.06.2006 (1)
  16. Dateien verschwinden/Trojaner befall???
    Log-Analyse und Auswertung - 15.05.2006 (5)
  17. Dateien verschwinden von Festplatte...
    Plagegeister aller Art und deren Bekämpfung - 17.05.2005 (9)

Zum Thema Virus?liveupdate.exe dateien verschwinden - Hallo Ihr Lieben, ich habe ein arges Problem welches mir gerad bisschen Sorgen macht und hoffe ihr könnt mir helfen Schätzungsweise letzte Woche habe ich ganz normal im Netz gegoogled - Virus?liveupdate.exe dateien verschwinden...
Archiv
Du betrachtest: Virus?liveupdate.exe dateien verschwinden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.