Massive Probleme - IE mehrfach im Taskman, Vierensuche + ~schutz geht nicht!!!

#1 - Seit einigen Tagen öffnen sich von selbst IE-Fenster mit Werbung aller Art.
- Virenschutz- und Scan- sowi andere Programme (Norton 360, SpywareDoctor, Hijack This) lassen sich nicht mehr öffnen oder funtionieren nicht
- IE ist mittleweile 4x im Taskman vorhanden und lät sich nicht schließen
...

Wer kann mir helfen? Was kannich tun?

#2 Download Fix_Download auf den Desktop

Note : Fix_download.exe wird durch bestimmte scanners als "RiskTool"/infection angesehen
Wenn noetig schalte dein Antivirenscanner(Realtime protection) aus

Download mbam-rules.exe auf den Desktop

Anleitung (Drucke diese Anleitung)
Starte dein Recher in abgesicherten Modus
1. Installiere Fix_download
Note : Fix_download.exe wird durch bestimmte scanners als "RiskTool"/infection angesehen
Wenn noetig schalte dein Antivirenscanner(Realtime protection) aus
Doppelelklick Fix_Download.exe
Jetzt steht auf dein Desktop eine Datei mit namen Fix
Dobbelklick Fix es oeffnet sich ein GebrauchsAnweisung in English

2.Installiere CCleaner und bereinige dein Rechner,auch die Registry
Steht CCleaner bereits auf dein Rechmer nicht nochmal installieren

3.Installiere Malwarebytes Anti-Malware
Doppelklick mbam-setup und waehle Deutsch ,

Doppelklick mbam-rules, und installiere es

Wähle bei Reiter:
“Scanner”>> "Quick-scan durchführen".
Scan laufen lassen
Wenn am Ende infizierungen gefunden werden,anhaken und entfernen lassen
Unter Scanberichte stet das log (mbam-log-XX-XX-XXXX.txt)

4.ComboFix
Starte combofix.exe
Folge den Instruktionen in das Fenster
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
Der Editor oeffnet sich und speichere das Log (combofix.txt) auf den Desktop

5.HijackThis
Doppelklick HijackThis >>waehle “Do a Sysyemscan only and save a logfile“
Der Editor oeffnet sich und speichere das Log (hijackthis.log) auf den Desktop
Unter Windows Vista muss Hijackthis als Administrator ausgefuehrt werden.
Dazu mit der linken Maustaste auf das Programm klicken und "Als Administrator ausfuehren" waehlen.

Poste folgende Logs
1.Malwarebytes Anti-Malware (mbam-log-XX-XX-XXXX.txt)
2.ComboFix (combofix.txt)
3.HijackThis (hijackthis.log)


__________
MfG Argus

#3 Hallo Argus,

vorab erst einmal vielen Dank für Deine Bemühungen, mir zu helfen. Schon toll, dass es Menschen wie Dich gibt! Mögen die Götter allzeit mit Dir sein!

Nun zu meinem Problem:

ich habe, wie empfphlen, Fix-Download.exe, mbam-setup und combofix.exe auf meine Dektop geladen. Combofix.exe ließ sich nicht mit dem IE downloaden, da ich angeblich keine Rechte hatte, es in das gewollte verzeichnis zu kopieren. auch ein kopieren von Eigene Dateien auf den Desktop war nicht möglich, da der Windows Explorer dann mit "keine Rückmeldung" den Geist auf gab. Mit SRWare Iron ging es dann.

Nach Neustart im abgesicherten Modus konnte ich dann Fixdownload nicht nutzen, da es zwar versuchte etwas zu installieren, aber dann nur einen leeren Ordner zeigte.
CCleaner funktionierte und ich habe ihn genutzt. Auch Malwarebytes Anti-Malware konnte ich nutzen, was ich mehrmals tat. die Logfiles sind diese hier:

_________________________________________________________________

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2775
Windows 6.0.6001 Service Pack 1 (Safe Mode)

25.09.2009 19:52:24
mbam-log-2009-09-25 (19-52-24).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 74676
Laufzeit: 4 minute(s), 43 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{9998f676-23e3-4380-84f0-739c19cbd312} (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\TorrentManager.dll (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Nvchost (Trojan.Goldun) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\111111s1ro1s1a (Worm.Bagle) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\sK9Ou0s (Worm.Bagle) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\ProgramData\live 64 math does (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\ProgramData\live 64 math does\nurb long.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\live 64 math does\win program.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\live 64 math does\win program.exe (Trojan.Agent) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2825
Windows 6.0.6001 Service Pack 1 (Safe Mode)

25.09.2009 20:02:53
mbam-log-2009-09-25 (20-02-53).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 75460
Laufzeit: 4 minute(s), 54 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

--------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2825
Windows 6.0.6001 Service Pack 1 (Safe Mode)

25.09.2009 22:22:50
mbam-log-2009-09-25 (22-22-50).txt

Scan-Methode: Vollständiger Scan (C:\|D:\|H:\|)
Durchsuchte Objekte: 302576
Laufzeit: 1 hour(s), 16 minute(s), 12 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\111111s1ro1s1a (Worm.Bagle) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Steini\AppData\Roaming\drivers\111wfs1intwq.sys (HackTool.Agent) -> Quarantined and deleted successfully.
H:\Programme\Adobe\Keygen.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
_________________________________________________________________

Combofix. exe und HijackThis ließen sich mit dem Hinweis, sie seien keine 32bit-Programme nicht starten.

Ich hoffe, Du kannst mit den Logfiles was anfangen und mir noch weiter Unterstützung bei der Rettung meines Rechners geben.

Hab 'nen schönen Abend!
Gruß Torsten

#4 FindyKill
Platform: Windows XP und Vista
Deaktiviere dein Virenscanner

Download FindyKill.exe zum Desktop(par Chiquitine29)



Doppklick FindyKill.exe jetzt steht auf dein Desktop eine verknuepfung


Klicke diese Verknuepfung und waehle Option: E,waehle im naechsten Fenster Option: 1 # Search

Am Ende erscheint ein Log C:\FindyKill.txt poste dessen inhalt in dein naechsten Antwort
__________
MfG Argus

#5 So ist es geschehen!
Hier der Report:
_________________________________________________________________

# User : Steini (Administratoren) # STEINI-SONY
# Update on 20/09/2009 by Chiquitine29
# Start at: 00:30:09 | 26.09.2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Genuine Intel(R) CPU T2300 @ 1.66GHz
# Microsoft® Windows Vista™ Home Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18813
# Windows Firewall Status : Enabled

# C:\ # Lokale Festplatte # 46,57 Go (10,87 Go free) [VAIO] # NTFS
# D:\ # Lokale Festplatte # 39,6 Go (6,3 Go free) [VAIO] # NTFS
# E:\ # CD
# F:\ # Wechseldatenträger
# G:\ # Wechseldatenträger
# H:\ # Lokale Festplatte # 465,64 Go (361,44 Go free) [Elements] # FAT32

############################## | Active Processes |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Steini\AppData\Roaming\drivers\winupgro.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wbem\wmiprvse.exe

############################## | Infected processes stopped |

"C:\Users\Steini\AppData\Roaming\drivers\winupgro.exe" (3236)

################## | C: |

Found ! D:\autorun.inf
Found ! H:\autorun.inf

################## | C:\Windows |


################## | C:\Windows\system32 |


################## | C:\Windows\system32\drivers |


################## | C:\Users\Steini\AppData\Roaming |

Found ! C:\Users\Steini\AppData\Roaming\drivers
Found ! C:\Users\Steini\AppData\Roaming\drivers\111wfs1intwq.sys
Found ! C:\Users\Steini\AppData\Roaming\drivers\11s11ro1s1a2.sys
Found ! C:\Users\Steini\AppData\Roaming\drivers\downld
Found ! C:\Users\Steini\AppData\Roaming\drivers\winupgro.exe

################## | Temporary Internet Files |


################## | Registry / Infected keys |

Found ! [HKLM\SYSTEM\CurrentControlSet\Services\111111s1ro1s1a]
Found ! [HKLM\SYSTEM\ControlSet001\Services\111111s1ro1s1a]
Found ! [HKLM\SYSTEM\ControlSet002\Services\111111s1ro1s1a]
Found ! [HKLM\SYSTEM\CurrentControlSet\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\ControlSet002\Services\sK9Ou0s]
Found ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_111111s1ro1s1a]
Found ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_111111s1ro1s1a]
Found ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_111111s1ro1s1a]
Found ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_111111s1ro1s1a]
Found ! [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SK9OU0S]
Found ! [HKCU\Software\bisoft]
Found ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKU\S-1-5-21-2130016112-3706007672-2771305689-1000\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Found ! [HKU\S-1-5-21-2130016112-3706007672-2771305689-1000\Software\bisoft]
Found ! [HKCU\Software\Local AppWizard-Generated Applications\key_gen]
Found ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]
Found ! [HKU\S-1-5-21-2130016112-3706007672-2771305689-1000\Software\Local AppWizard-Generated Applications\key_gen]
Found ! [HKU\S-1-5-21-2130016112-3706007672-2771305689-1000\Software\Local AppWizard-Generated Applications\winupgro]
Found ! [HKLM\software\microsoft\security center\Svc] "AntiVirusOverride"
Found ! [HKLM\software\microsoft\security center\Svc] "FirewallOverride"

################## | State / Service / Information |

# Showing of hidden files : OK

# Safe boot mode : OK

# (!) Uac = 0x0

# (!) Ndisuio -> Start = 4 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# (!) SharedAccess -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) windefend -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wuauserv -> Start = 4 ( Good = 2 | Bad = 4 )
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )


################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.012 ! |
_________________________________________________________________

Wie weiter?

#6 Dein Rechner ist Infiziert mit Bagle

Starte FindyKill noch einmal und wähle:
waehle Option: E,waehle im naechsten Fenster Option: 2 # Clean
Am Ende erscheint ein Log C:\FindyKill.txt poste dessen inhalt in dein naechsten Antwort
__________
MfG Argus

#7 Man bin ich froh, das es Dich gibt!
Hier nun noch mal ein Log:
_________________________________________________________________


############################## | FindyKill V5.012 |

# User : Steini (Administratoren) # STEINI-SONY
# Update on 20/09/2009 by Chiquitine29
# Start at: 01:39:29 | 26.09.2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Genuine Intel(R) CPU T2300 @ 1.66GHz
# Microsoft® Windows Vista™ Home Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 8.0.6001.18813
# Windows Firewall Status : Enabled

# C:\ # Lokale Festplatte # 46,57 Go (10,79 Go free) [VAIO] # NTFS
# D:\ # Lokale Festplatte # 39,6 Go (6,3 Go free) [VAIO] # NTFS
# E:\ # CD
# F:\ # Wechseldatenträger
# G:\ # Wechseldatenträger
# H:\ # Lokale Festplatte # 465,64 Go (361,44 Go free) [Elements] # FAT32

############################## | Active Processes |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\conime.exe
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe

################## | C: |

Deleted ! D:\AUTORUN.INF
Deleted ! D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\AUTORUN.INF
Deleted ! H:\autorun.inf

################## | C:\Windows |

Deleted ! C:\Windows\Prefetch\WINUPGRO.EXE-B9E72D89.pf

################## | C:\Windows\system32 |


################## | C:\Windows\system32\drivers |


################## | C:\Users\Steini\AppData\Roaming |

Deleted ! C:\Users\Steini\AppData\Roaming\drivers\111wfs1intwq.sys
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\11s11ro1s1a2.sys
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1001671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1004421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1004468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1005046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1006921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1018484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1021562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1022375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1046093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1048125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1049203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1079312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1168359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1169984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1170453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1174765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1176968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1178703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1190500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1192046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1192484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1197812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1199656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1200421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1201765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1202609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1203187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1207343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1209750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1210390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1215968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1217484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1218015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1227828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1229593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1229843.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1229968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1237703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1238828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1239265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1254656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1256500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1257156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1275984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1276718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1276859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1276937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1277562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1311312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1312953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1313031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1322218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1322921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1323500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1326750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1328937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1329437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1330281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1330828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1331328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1335765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1337375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1337953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1338765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1339281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1339796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1389359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1390671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1415109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1417484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1417796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1418609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1419906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1419921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1422000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1422578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1424406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1480687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1481078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1481796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1482812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1483484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\1483500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14928187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14930437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14931015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14952296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14953234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14953765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14975703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14977125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\14977796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15001640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15027281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15027859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15027921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15108343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15109812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15109875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15110265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15111812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15114812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15130125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15130875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15131093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15131890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15132015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15133000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15133921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15134609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15135093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15150218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15151156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15151750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15169328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15172640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15172671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15172687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15176937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15176968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15176984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15220078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15221406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15222406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15255984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15256984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15257406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15258171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15258968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15259546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15277984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15278406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15278500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15278875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15279125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15279140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15340890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15343453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15344234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15356718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15356734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15358718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15362968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15363796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15380562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15383140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15384828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15410265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15429640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15431515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15432109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15438296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15438968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15439046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15441953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15442796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15443515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15455390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15456812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15458671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15459140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15459171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15459187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15465203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15466234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15467062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15484437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15488546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15488625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15488640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15499328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15502781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15503656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15519484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15521828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15522968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15524187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15525468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15526093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15538843.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15539828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15540421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15566968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15568546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15569015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15569734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15571453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15571937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15625046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15626390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15626406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15717234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15718984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15719000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15720437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15722343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15728562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15730328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15730578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15731203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15732296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15732312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15816015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15817421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15817500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15817921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15817937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\15817953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\172562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\174828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\187656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\191046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\193125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\194375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\196890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\200671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\201375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\201765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\202890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\203312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\211890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\213296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\214140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\216953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\218500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\220500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\221046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\222531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\222703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\223437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\224984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\225000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\226156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\226593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\226875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\233265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\233906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\235062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\235531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\240500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\242187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\242375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\242875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\243546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\244031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\244328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\245625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\246515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\246546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\247593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\248156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\248343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\251312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\252921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\254562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\255046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\255546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\256578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\257031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\260218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\261171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\262078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\262281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\263812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\264234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\265359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\265500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\265515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\265843.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\265875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\267312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\267765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\271531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\272953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\273625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\274437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\275015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\275593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\275609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\277359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\277625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\277906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\278265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\284281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\284531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\285687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\285703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\285937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\286421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\286484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\287375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\287437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\287468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\287703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\287906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\289250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\289937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\289984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\291000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\291437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\292625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\294171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\294234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\294359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29700265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29702140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29702703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29725078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29726484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29726921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29744375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29745390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29746125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29763984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29781734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29782171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29782187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29880546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29882218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29882687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29896484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29897437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29898031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29902468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29906312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29906968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29912453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29914531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29918250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29920328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29921281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29922109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29923718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29924609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29925312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29942281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29944250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29945546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29948828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29948875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\29948906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\300343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30050921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30053765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30054812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30069296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30070250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30070718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30071453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30073453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30073984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30124578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30124593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\301375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30164984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30167687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30168500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30175796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30177406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30177421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30188703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30190140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30191046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30210625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30212390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30213656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30221171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30221531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30221593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30221937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30221984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\302281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30232750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30237687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30239421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30239906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\302406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30256968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30257281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30257375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30260125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30260812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30261312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30269828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30270593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30270687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30271234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30272171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30272187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30277640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30278625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30279203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\302859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\302984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30302843.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30305468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30305500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30305515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30315671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30317718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30318453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30351140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30352203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30352750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30365984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30366875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30367328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30402156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30403406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30404265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30405343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30406359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30406968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30479875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30480015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30480125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30525968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30525984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\305406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30583984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30585234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30585453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30585968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30586015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30586031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\305890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30635390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30635671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30635750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30636078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\30636109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\309656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\310125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\311312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\311531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\311859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\312218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\315500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\316296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\322109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\322359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\323703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\325265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\325718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\328375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\329359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\329609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\330187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\330750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\331484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\332531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\332718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\338078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\340234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\342421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\342546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\342796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\342812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\343218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\343234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\343578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\343750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\343828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\343968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\344500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\344531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\344937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\345609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\346031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\346125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\346484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\346609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\346781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\348750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\349671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\352062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\355312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\355906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\356156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\356328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\356343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\356937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\357078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\358000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\358828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\360093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\360312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\360593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\361812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\362625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\363515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\364250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\364406.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\365140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\368281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\368468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\368484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\372781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\374468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\376937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\384937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\387562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\387859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\388437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\388500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\388718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\389453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\389968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\390703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\391234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\391750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\397609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\398890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\398921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\401312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\402328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\402546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\403062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\403609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\403875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\404125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\404781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\404859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\405421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\405484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\405531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\405859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\406000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\406937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\407031.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\407953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\409906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\411140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\411687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\412515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\413687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\414109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\414781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\415421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\415859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\420125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\421156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\421859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\422734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\423390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\423953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\424000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\425875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\426312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\426984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\427812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\428296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\429312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\430140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\430156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\437515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\438671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44644531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44646500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44647046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44669937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44672171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44672859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44691296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44692718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44693531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44716703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44724921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44725171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44725312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44780921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44782046.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44782625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44798593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44799796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44800281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44801125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44801890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44802375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44888281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\44889578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\449968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\450468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\45047781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\45050390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\45050468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\45050890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\45051890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\45051906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\451062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\451093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\452859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\453359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\458578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\459687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\473500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\476531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\477359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\482531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\483640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\483656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\494734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\496796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\497156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\497671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\497906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\497937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\499218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\500328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\501421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\501609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\501671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\501968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\503562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\503609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\506390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\511140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\512921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\517234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\517515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\518125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\518437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\519078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\519093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\520546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\521531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\522468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\523968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\524609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\524625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\529281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\529906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\529953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\530250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\531062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\533359.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\533703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\534171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\534187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\535328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\535968.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\544609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\546546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\546656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\546687.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\546984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\547203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\547250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\547546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\548500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\548515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\549453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\552750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\554390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\555156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\574218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\574703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\574765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\575140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\576281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\576781.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\578328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\578671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\578734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\579015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\579375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\579937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\591125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\592281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\592750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\592984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\593421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\593437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\593531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\593750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\593906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\594437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\594750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\594765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59477218.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59479015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59479593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59499484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59500500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59501546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\595125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59522109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59523296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59524078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\595328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59542078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59552156.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59552187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\595531.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\595828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\596734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59676093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59679375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59683171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59701750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59702875.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59703453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59704484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59705296.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59705859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59777281.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59777312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59877000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59877328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59877468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59877812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\59877859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\599343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\599812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\618812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\625812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\628828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\632375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\633921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\634171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\635265.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\636187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\636203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\648640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\650015.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\650703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\650984.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\651468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\652187.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\652203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\652546.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\653078.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\669468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\671468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\671953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\674812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\679390.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\684703.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\685000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\686593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\686625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\691718.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\693812.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\694343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\712937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\714671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\716171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\734500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\737375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\737578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\737593.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74309578.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74311375.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74311906.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74331859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74332734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74333484.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74350750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74351890.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74352453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74369671.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74374937.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74375109.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74375140.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74420125.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74422421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74423343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74439312.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74440515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74441062.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74441828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74442828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74443343.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74537421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74537453.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74537468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74634953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74636171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74636234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74636640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74636734.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\74636750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\748796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\750437.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\750500.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\750859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\752234.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\752250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\773468.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\775640.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\780562.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\782421.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\783250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\798250.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\799625.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\800953.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\802171.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\803515.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\804093.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\899656.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\900750.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\900765.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\902328.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\907828.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\908203.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\908921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\909921.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\910000.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\994859.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\996796.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld\997609.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\downld
Deleted ! C:\Users\Steini\AppData\Roaming\drivers\winupgro.exe
Deleted ! C:\Users\Steini\AppData\Roaming\drivers

################## | Reference of comparaison Bagle MD5 : |

File : C:\Users\Steini\AppData\Roaming\drivers\winupgro.exe
-> Crc32 : 81299005 | Md5 : 895146659c435ffd2f0225f938884a83


################## | Other deleting ... |

Deleted ! "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
-> Size : 860160 | Crc32 : 81299005 | Md5 : 895146659c435ffd2f0225f938884a83


################## | Temporary Internet Files |


################## | Registry / Infected keys |

Deleted ! [HKLM\SYSTEM\ControlSet001\Services\111111s1ro1s1a]
Deleted ! [HKLM\SYSTEM\ControlSet001\Services\sK9Ou0s]
Deleted ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_111111s1ro1s1a]
Deleted ! [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SK9OU0S]
Deleted ! [HKCU\Software\bisoft]
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "drvsyskit"
Deleted ! [HKCU\Software\Local AppWizard-Generated Applications\key_gen]
Deleted ! [HKCU\Software\Local AppWizard-Generated Applications\winupgro]

################## | State / Service / Information |

# Safe boot mode : OK


# Showing of hidden files : OK

# Uac : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Wlansvc -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

Corrupted : C:\Program Files\Common Files\Symantec Shared\SymSetup\{F0E8CB62-6A1C-4e55-BCD9-1A0F7527B64A}_12_0_0_52Temp\Support\Remover\Remover.exe
[Offset = 000000F4 - Value = 0x0001]

Corrupted : C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
[Offset = 00000114 - Value = 0x0001]

Corrupted : C:\Program Files\Spyware Doctor\pctsAuxs.exe
[Offset = 000000FC - Value = 0x0001]

Corrupted : C:\Program Files\Spyware Doctor\pctsSvc.exe
[Offset = 00000104 - Value = 0x0001]

Corrupted : C:\Program Files\Spyware Doctor\pctsTray.exe
[Offset = 00000104 - Value = 0x0001]

Corrupted : C:\Program Files\Spyware Doctor\Update.exe
[Offset = 00000104 - Value = 0x0001]

Corrupted : C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
[Offset = 000000C4 - Value = 0x0001]

Corrupted : C:\Program Files\update.exe
[Offset = 00000084 - Value = 0x0001]

Corrupted : C:\Programme alt\Sony\MyClubVAIO\update\update.exe
[Offset = 00000104 - Value = 0x0001]

Corrupted : C:\Programme alt\Spiele\Return to Castle Wolfenstein\sysinfo.exe
[Offset = 00000084 - Value = 0x0001]

Corrupted : C:\Users\Steini\AppData\Local\Temp\mia9438.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\119236C\629EEBD5\AAWService.exe
[Offset = 00000114 - Value = 0x0001]

Corrupted : C:\Users\Steini\Desktop\FIX\ComboFix.exe
[Offset = 000000EC - Value = 0x0001]

Corrupted : C:\Users\Steini\Desktop\FIX\HijackThis.exe
[Offset = 000000C4 - Value = 0x0001]

Corrupted : C:\Users\Steini\Documents\Downloads\ComboFix.exe
[Offset = 000000EC - Value = 0x0001]

Corrupted : C:\Windows\System32\config\systemprofile\Desktop\ComboFix.exe
[Offset = 000000EC - Value = 0x0001]

Attempt of repair...
Backup : ComboFix.exe.REN
[Offset = 000000EC - New value = 0x4C01]
File repaired successfully.


Corrupted : D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\SUPPORT\LUPDATE\WLUEX\AUPDATE.EXE
[Offset = 000000F4 - Value = 0x0001]

Corrupted : D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\SUPPORT\LUPDATE\WLUEX\LUALL.EXE
[Offset = 00000104 - Value = 0x0001]

Corrupted : D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\SUPPORT\LUPDATE\WLUEX\LUCHECK.EXE
[Offset = 000000EC - Value = 0x0001]

Corrupted : D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\SUPPORT\LUPDATE\WLUEX\LUCONFIG.EXE
[Offset = 0000010C - Value = 0x0001]

Corrupted : D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\SUPPORT\LUPDATE\WLUEX\NOTIFYHA.EXE
[Offset = 000000F4 - Value = 0x0001]

Corrupted : D:\Downloads\emule\incoming\Neuer Ordner\NSWPE1200TB15\SUPPORT\REMOVER\REMOVER.EXE
[Offset = 000000F4 - Value = 0x0001]

Corrupted : H:\Programme\Datenrettung\NDD\NDD32.EXE
[Offset = 0000011C - Value = 0x0001]


################## | Cracks / Keygens / Serials |


################## | End of Report # FindyKill V5.012 ! |
_________________________________________________________________

Bin ich nun wieder clean?

#8 Versuche jetzt ComboFix zu starten

4.ComboFix
Starte combofix.exe
Folge den Instruktionen in das Fenster
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\combofix.txt)
Der Editor oeffnet sich und speichere das Log (combofix.txt) auf den Desktop

5.HijackThis
Doppelklick HijackThis >>waehle “Do a Sysyemscan only and save a logfile“
Der Editor oeffnet sich und speichere das Log (hijackthis.log) auf den Desktop
Unter Windows Vista muss Hijackthis als Administrator ausgefuehrt werden.
Dazu mit der linken Maustaste auf das Programm klicken und "Als Administrator ausfuehren" waehlen.
__________
MfG Argus

#9 Uups! Du bist ja auch noch da!
Okay, ich mach das ...

#10 Wenn ich es so sehe ist ComboFix Corrupt

Lade neu
ComboFix© by sUBs)
Download ComboFix und speichert es auf den Desktop!
Download link 1 ComboFix© by sUBs
Download link 2 ComboFix© by sUBs
Note:Wenn wehrend du Combofix runterlaedst oder anwendet ein Meldung deines Virenscanner kommt oder ein anderen Realtime scanner
Schalte diese scanner dann aus und download ComboFix erneut
Es gibt scanner die bestimmte komponente die durch CF benutzt werden als verdaechtig ansehen und versucht sie zu blokkieren oder zu entfernen
Starte combofix.exe
Folge den Instruktionen in das Fenster
Wenn ComboFix schon vorher benutzt worden ist kann es sein das du eine Meldung bekommst das es ein Update gibt
Erlaube diesen Update und klicke OK im "NirCmd“ fenster klicke nach ablauf auf "ja“um den Scan zu starten
Während Combofix lauft NICHT ins Fenster klicken sonst erfriert dein Rechner
Wenn das Tool fertig ist,oeffnet sich ein logfile (C:\ combofix.txt)
nun das KOMPLETTE Log mit rechtem Mausklick ab kopieren und ins Forum mit rechtem Mausklick "einfügen"
Befolge diese Anleitung
__________
MfG Argus

#11 Ich schlafe am Tage

Zitat

Uups! Du bist ja auch noch da!

__________
MfG Argus

#12 So, hier das Logfile von ComboFix:
_________________________________________________________________

ComboFix 09-09-25.01 - Steini 26.09.2009 2:30.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.1021.213 [GMT 2:00]
ausgeführt von:: c:\users\Steini\Desktop\ComboFix.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\update.exe
c:\windows\Installer\WMEncoder.msi
H:\install.exe

.
((((((((((((((((((((((( Dateien erstellt von 2009-08-26 bis 2009-09-26 ))))))))))))))))))))))))))))))
.

2009-09-26 00:42 . 2009-09-26 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-25 22:29 . 2009-09-26 00:00 -------- d-----w- C:\FindyKill
2009-09-25 18:14 . 2009-09-25 18:14 -------- d-----w- c:\users\Steini\AppData\Roaming\Malwarebytes
2009-09-25 18:13 . 2009-09-25 18:13 -------- d-----r- c:\program files\Norton Support
2009-09-25 17:42 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-25 17:42 . 2009-09-25 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-25 17:42 . 2009-09-25 17:42 -------- d-----w- c:\programdata\Malwarebytes
2009-09-25 17:42 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-25 16:47 . 2009-09-25 16:47 -------- d-----w- C:\FIX
2009-09-25 08:01 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-25 08:00 . 2009-09-25 08:00 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-25 07:59 . 2009-09-25 07:59 -------- d-----w- c:\program files\Lavasoft
2009-09-25 07:59 . 2009-09-25 07:59 -------- d-----w- c:\programdata\Lavasoft
2009-09-25 06:59 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-25 06:59 . 2009-08-24 12:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-25 06:59 . 2009-08-19 09:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-25 06:59 . 2009-09-25 06:59 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-25 06:59 . 2008-12-10 09:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-25 06:59 . 2009-09-25 06:59 -------- d-----w- c:\program files\Spyware Doctor
2009-09-25 06:59 . 2009-09-25 06:59 -------- d-----w- c:\users\Steini\AppData\Roaming\PC Tools
2009-09-25 06:59 . 2009-09-25 06:59 -------- d-----w- c:\programdata\PC Tools
2009-09-25 06:56 . 2009-09-25 06:56 -------- d-----w- c:\program files\Trend Micro
2009-09-25 04:16 . 2009-09-25 04:16 -------- d-----w- c:\users\Steini\AppData\Local\Symantec
2009-09-25 04:11 . 2009-09-25 08:01 -------- dc----w- c:\windows\system32\DRVSTORE
2009-09-25 04:11 . 2009-09-25 04:09 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-09-25 04:11 . 2009-09-25 04:08 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2009-09-25 04:10 . 2009-09-25 04:11 -------- d-----w- c:\program files\Symantec
2009-09-25 04:06 . 2009-09-25 04:06 -------- d-----w- c:\windows\system32\drivers\N360
2009-09-25 04:06 . 2009-09-25 04:07 -------- d-----w- c:\program files\Norton 360
2009-09-24 22:12 . 2009-09-25 04:04 46640 ----a-w- c:\windows\system32\msln.exe
2009-09-24 21:10 . 2009-09-24 21:10 -------- d-----w- c:\users\Steini\AppData\Local\Yahoo
2009-09-24 21:10 . 2009-09-24 21:10 -------- d-----w- c:\program files\Yahoo!
2009-09-23 19:24 . 2009-09-23 21:15 -------- d-----w- c:\program files\Norton AntiVirus
2009-09-23 19:24 . 2009-09-24 21:33 -------- d-----w- c:\program files\NortonInstaller
2009-09-23 19:05 . 2009-09-25 04:26 -------- d-----w- c:\programdata\Norton
2009-09-23 19:04 . 2009-09-25 04:06 -------- d-----w- c:\programdata\NortonInstaller
2009-09-23 17:28 . 2009-09-25 23:50 -------- d-----w- c:\programdata\Symantec
2009-09-23 17:27 . 2009-09-23 17:27 -------- d-----w- c:\windows\E80F62FF5D3C4A1984099721F2928206.TMP
2009-09-23 17:27 . 2009-09-25 04:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-23 08:53 . 2009-09-23 08:53 -------- d-----w- c:\program files\PFScan
2009-09-23 08:26 . 2009-09-23 08:26 -------- d-----w- c:\program files\Ford Error Hide
2009-09-23 07:41 . 2002-03-06 23:19 454656 ----a-w- c:\windows\system32\PaintX.dll
2009-09-23 07:41 . 2006-10-29 17:19 1089536 ----a-w- c:\windows\system32\FreeImage.dll
2009-09-23 07:41 . 2003-07-06 12:07 372736 ----a-w- c:\windows\system32\ijl15.dll
2009-09-23 07:41 . 1999-01-12 08:55 29696 ----a-w- c:\windows\system32\VB5StKit.dll
2009-09-23 07:09 . 2009-09-23 07:09 -------- d-----w- c:\program files\pocketWorks
2009-09-21 21:45 . 2009-09-21 21:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-21 21:29 . 2009-09-21 21:29 -------- d-----w- c:\program files\GPS Tuner
2009-09-21 21:15 . 2009-09-21 21:15 -------- d-----w- c:\users\Steini\AppData\Local\Cooliris
2009-09-21 21:13 . 2009-09-23 08:26 -------- d-----w- c:\programdata\Ford Error Hide
2009-09-10 00:18 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-10 00:18 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-10 00:18 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-10 00:18 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-10 00:18 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-10 00:18 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-10 00:18 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-10 00:18 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-10 00:18 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-10 00:18 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-10 00:16 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-10 00:16 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-10 00:16 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-10 00:16 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-10 00:16 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 01:53 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 01:53 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-02 01:53 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-09-02 01:53 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-09-02 01:53 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-02 01:53 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-09-02 01:53 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-09-02 01:53 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-09-02 01:53 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-09-02 01:53 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-25 23:44 . 2008-10-23 07:26 -------- d-----w- c:\program files\TomTom HOME 2
2009-09-25 23:37 . 2008-11-25 16:41 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-25 22:26 . 2008-11-14 06:33 -------- d-----w- c:\users\Steini\AppData\Roaming\Skype
2009-09-25 22:02 . 2008-11-14 06:35 -------- d-----w- c:\users\Steini\AppData\Roaming\skypePM
2009-09-25 17:04 . 2009-07-29 19:00 -------- d-----w- c:\program files\CCleaner
2009-09-25 16:59 . 2008-12-12 16:13 -------- d-----w- c:\users\Steini\AppData\Roaming\CASLsoft
2009-09-25 15:49 . 2006-11-02 15:33 621952 ----a-w- c:\windows\system32\perfh007.dat
2009-09-25 15:49 . 2006-11-02 15:33 123658 ----a-w- c:\windows\system32\perfc007.dat
2009-09-25 07:35 . 2007-10-06 12:36 128896237 ----a-w- c:\windows\DUMP34ac.tmp
2009-09-25 04:18 . 2008-11-15 16:16 -------- d-----w- c:\program files\Trillian
2009-09-25 04:10 . 2009-09-25 04:11 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-25 04:10 . 2009-09-25 04:11 7456 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-25 00:15 . 2008-10-24 08:00 -------- d-----w- c:\program files\Xvid
2009-09-24 05:37 . 2008-11-27 22:00 2828 --sha-w- c:\programdata\KGyGaAvL.sys
2009-09-21 22:57 . 2008-11-05 00:51 -------- d-----w- c:\programdata\AVerTV
2009-09-15 22:39 . 2009-03-09 07:59 7484 ----a-w- c:\users\Steini\AppData\Local\d3d9caps.dat
2009-09-10 10:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-10 10:15 . 2008-11-07 21:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-10 10:14 . 2008-10-26 17:10 -------- d-----w- c:\programdata\Microsoft Help
2009-09-02 16:03 . 2008-11-15 16:16 -------- d-----w- c:\users\Steini\AppData\Roaming\Trillian
2009-08-30 05:28 . 2008-12-27 15:17 -------- d-----w- c:\program files\Java
2009-08-14 04:58 . 2009-09-25 06:59 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-02 18:19 . 2009-08-02 16:42 -------- d-----w- c:\users\Steini\AppData\Roaming\SparVoip
2009-08-02 08:12 . 2009-08-02 08:12 -------- d-----w- c:\program files\SparVoip
2009-07-25 03:23 . 2008-12-27 15:19 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 21:52 . 2009-07-29 17:22 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-07-29 17:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-07-29 17:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-07-29 17:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-12 04:31 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-15 17:05 . 2008-10-25 10:36 122896 ----a-w- c:\users\Steini\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-14 13:00 . 2009-08-12 04:31 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-12 04:30 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-12 04:30 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-12 04:30 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2008-11-17 06:35 . 2008-02-11 15:30 316678 ----a-w- c:\program files\mwst.chm
2008-11-17 06:30 . 2008-01-14 10:55 438272 ----a-w- c:\program files\mwst.exe
2008-11-17 06:25 . 2008-02-11 14:48 686 ----a-w- c:\program files\bittelesen1.txt
2008-09-15 11:13 . 2008-09-15 10:58 12 ----a-w- c:\program files\mwst.dat
2008-09-14 08:47 . 2008-02-11 14:48 4629 ----a-w- c:\program files\bestellung.txt
2008-07-11 15:53 . 2008-02-11 14:48 77063 ----a-w- c:\program files\order.pdf
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-11-07 171448]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]
"SparVoip"="c:\program files\SparVoip\SparVoip.exe" [2009-06-30 9146160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-03-15 106496]
"AppMon Utility"="c:\program files\Sony\AppMonUtil\AppMonUtility.exe" [2006-11-15 415864]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-09-25 1181064]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CCleaner"="c:\program files\CCleaner\CCleaner.exe" [2009-07-27 1644784]

c:\users\Steini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AVer HID Receiver.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe [2008-11-5 163840]
AVerQuick.lnk - c:\program files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2008-11-4 618496]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-11 752168]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"UacDisableNotify"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer7"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2130016112-3706007672-2771305689-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{06580D54-C699-42B9-A340-2B5490A3B3D4}"= UDP:41945:emule
"UDP Query User{9A7795BA-D929-4669-A884-53FFBF217336}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{C77594C0-DAAE-4636-8711-705EECBF1CE7}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"{414A165A-301D-4CBD-B3C8-F3A82018246D}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{1E586987-5E96-490A-8DC2-E817447E1EA0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{5066F02A-AC98-4989-A7C1-E7737A5E4A59}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{8B047928-F75D-4875-9C1C-08CC9E6EB7A4}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{80AD6386-3ED9-43C2-A52D-C1455EB9EEF4}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{6E3DF436-C198-4B42-94F2-9A2DD2D3E2CE}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{9B09EF48-EB1B-4E79-8028-CA91D53E0F66}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{905B5872-5CF4-461C-B067-8D947527705E}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"{90AA7BB4-531C-44E7-9F46-032BF781F874}"= UDP:c:\program files\TAPI Services for FRITZ!Box\fboxset.exe:AVM TAPI Services for FRITZ!Box - fboxset.exe
"{A1F18DD4-3B68-4DFD-A552-5F92B35544CF}"= TCP:c:\program files\TAPI Services for FRITZ!Box\fboxset.exe:AVM TAPI Services for FRITZ!Box - fboxset.exe
"{B7058523-42D6-4F6D-8E58-DDBF1C62C0BF}"= UDP:c:\program files\TAPI Services for FRITZ!Box\igd_finder.exe:AVM TAPI Services for FRITZ!Box - igd_finder.exe
"{80AF1D5D-0520-4E01-9F0B-2E1083275E33}"= TCP:c:\program files\TAPI Services for FRITZ!Box\igd_finder.exe:AVM TAPI Services for FRITZ!Box - igd_finder.exe
"{F0E5F0AA-D808-49D2-8ABF-3AE5F10F8430}"= TCP:5031:LocalSubnet:LocalSubnet:AVM TAPI Services for FRITZ!Box - UDP 5031
"{75932689-C5ED-4CD3-B3A5-34DE25DDA351}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{8A658952-9705-4B06-B6FF-6CCEDC7F42B8}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{1363EB18-2BC7-42EE-B598-453C1BCBB569}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{6B442ACA-F0DA-4263-AD5B-B80E233790D1}c:\\program files\\sparvoip\\sparvoip.exe"= UDP:c:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls.
"UDP Query User{0C05FB9B-55D9-41CF-96AC-FDC9A7444E81}c:\\program files\\sparvoip\\sparvoip.exe"= TCP:c:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls.
"TCP Query User{DC1B9440-DBBC-4A0C-B00C-40C401E4E7E2}c:\\program files\\sparvoip\\sparvoip.exe"= UDP:c:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls.
"UDP Query User{672CD3B1-0AD9-4D74-928A-58520D4849E7}c:\\program files\\sparvoip\\sparvoip.exe"= TCP:c:\program files\sparvoip\sparvoip.exe:Client to make VoIP calls.

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [25.09.2009 10:01 64160]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090916.003\IDSvix86.sys [26.09.2009 02:05 342576]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\System32\drivers\AVerBDA3x.sys [29.08.2007 08:40 1183744]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [25.10.2008 12:52 226304]
S3 AVerE506;AVerE506 service;c:\windows\System32\drivers\AVerE506.sys [21.10.2008 22:00 519680]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [14.12.2008 17:45 29736]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0305020.00B\symndisv.sys [25.09.2009 06:09 48688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhalt des "geplante Tasks" Ordners

2009-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 05:30]

2009-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-12 05:30]

2009-09-26 c:\windows\Tasks\User_Feed_Synchronization-{D786D494-01ED-4DC7-84FB-65318BAF943E}.job
- c:\windows\system32\msfeedssync.exe [2009-07-29 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-TomTomHOME.exe - c:\program files\TomTom HOME 2\TomTomHOMERunner.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 02:43
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.5.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4332)
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\progra~1\SPYWAR~1\SDCONT~1.DLL
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.deu
c:\program files\WinRAR\rarext.dll
.
Zeit der Fertigstellung: 2009-09-26 2:47
ComboFix-quarantined-files.txt 2009-09-26 00:47

Vor Suchlauf: 16 Verzeichnis(se), 11.310.084.096 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 11.329.204.224 Bytes frei

280 --- E O F --- 2009-09-10 10:20
_________________________________________________________________

Hijack geht leider immer noch nicht, immernoch die gleiche Begründung ...

"keine zulässige Win32-Anwendung"

#13 Download: http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip

Lade/entpacke HijackThis in einen extra Ordner, Benenne Hijackthis in winlogon um, starte es und waehle
---> None of the above just start the program --> Scan -> Save log --> hijackthis.log - Save - es öffnet sich der Editor

nun das KOMPLETTE Log mit rechtem Mausklick abkopieren und ins Forum mit rechtem Mausklick "einfügen"

Unter Windows Vista muss Hijackthis als Administrator ausgefuehrt werden.
Dazu mit der linken Maustaste auf das Programm klicken und "Als Administrator ausfuehren" waehlen.
__________
MfG Argus

#14 Nun also auch das Log aus HijackThis:
_________________________________________________________________

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:35:17, on 26.09.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\system32\PresentationSettings.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SparVoip\SparVoip.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\AVerMedia\AVerTV\AVerTV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro2\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/1me10enus/2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SparVoip] "C:\Program Files\SparVoip\SparVoip.exe" -nosplash -minimized
O4 - HKUS\S-1-5-18\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO (User 'Default user')
O4 - Startup: AVer HID Receiver.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
O4 - Startup: AVerQuick.lnk = C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O4 - Startup: BTTray.lnk = ?
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\coIEPlg.dll
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: AVerRemote - AVerMedia - C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9bb2fd0544671) (gupdate1c9bb2fd0544671) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10820 bytes
_________________________________________________________________

#15 CombiFix entfernen
Start > Ausführen> Kopiere rein ComboFix /U OK

Entferne
C:\FindyKill
C:\FIX

Die benutzten Tools kannst du wieder entfernen

Scanne dein Rechner mit SuperAntispyware
http://board.protecus.de/t31252-1.htm

Bereinige dein Rechner mit CCleaner auch die Registry(solange bis nichts mehr gefunden wird)

Systemwiederherstellung
Systemwiederherstellung (de)aktivieren


Und jetzt Gute Nacht

Note: es kann sein das bestimmte Tools nicht mehr Funktioneren
Dann neu installieren
__________
MfG Argus