Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus cleansweep.exe nicht komplett entfernt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 09.12.2010, 12:54   #1
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Hallo,

ich habe seit einigen Tagen ein paar Probleme mit meinem Laptop. Zunächst bemerkte mein Avira Antivir ein paar Schädlinge auf meinem Rechner, die ich dann mit Avira und Malwarebytes von meinem Rechner entfernt habe. Dabei handelte es sich auf jeden Fall u.a um eine cleansweep.exe.

Bei weiteren Scans haben alle Programme meinen Rechner danach als sauber ausgegeben. Das Problem ist, dass der Rechner noch nicht sauber sein konnte. Ich wurde immer noch ganz plötzlich auf Seiten weitergeleitet, von denen ich noch nie was gehört habe und die McAfee als bedenklich und verseucht einstufte. Des Weiteren stürzte in unregelmäßigen Abständen mein Laptop ab.

Da mir das alles zu bunt wurde und ich auch Bankgeschäfte über den Laptop abwickele, habe ich mich kurzerhand dazu entschlossen, alle wichtigen Daten zu sichern und den Laptop (Acer) wieder in den Werkszustand zurückzuversetzen. Dabei sind dann natürlich alle Daten auf c: gelöscht worden.

Nun aber der Schock: Habe immer noch genau die selben Probleme. Werde auf unerwünschte Seiten weitergeleitet und der Computer stürzt regelmäßig ab. Scans mit Avira, Malwarebyte und McAfee haben keine Schädlinge gefunden. Achso, eins noch. Eine weitere Fehlermeldung ist die, dass "der Hostprozess von Windwos beendet wurde", was auch immer das heisst. Kann dann aber trotzdem immer ganz normal weiter am Laptop arbeiten. Kenne mich mit diesem ganzen Thema ohnehin nicht so gut aus und bin mit meinem Latein nun wirklich am Ende.

Kann mir hier irgendwer helfen? Das wäre super. Habe mal das HijackThis Logfile angehängt.

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:39:15, on 09.12.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Acer\Optical Drive Power Management\ODDPWR.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101209063327.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [ODDPwr] "C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe"
O4 - HKLM\..\Run: [EgisTecLiveUpdate] "C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe"
O4 - HKLM\..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKCU\..\Run: [F.lux] "C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Dropbox.lnk = C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: Acer VCM.lnk = ?
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0294351291872743) (0294351291872743mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\029435~1.EXE
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files\Launch Manager\dsiwmis.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall-Dienst (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: Acer ODD Power Service (ODDPwrSvc) - Acer Incorporated - C:\Program Files\Acer\Optical Drive Power Management\ODDPWRSvc.exe
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\partner.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
 
--
End of file - 11717 bytes
         
--- --- ---

Alt 09.12.2010, 13:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Zitat:
Zunächst bemerkte mein Avira Antivir ein paar Schädlinge auf meinem Rechner, die ich dann mit Avira und Malwarebytes von meinem Rechner entfernt habe.
Bitte alle Logs posten!
__________________

__________________

Alt 09.12.2010, 14:39   #3
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Die alten Logs, in denen die Schädlinge aufgelistet wurden kann ich leider nicht mehr präsentieren. Habe den Laptop ja wieder in den Werkszustand zurückversetzt. Dabei wurde dann c: komplett formatiert und somit sind auch diese Logfiles weg. Ich war einfach so naiv anzunehmen, dass ich damit das Problem auf jeden Fall behoben habe und die Logfiles nicht mehr benötige. Wieder was fürs Leben gelernt...

Habe jetzt trotzdem nochmal einen Vollscan von Malwarebytes durchgeführt und hier angehängt. Keine Ahnung, ob das jetzt noch weiterhilft, finden tut er leider nichts.

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5278

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

09.12.2010 15:30:05
mbam-log-2010-12-09 (15-30-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 212707
Laufzeit: 1 Stunde(n), 14 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Gibt es denn noch weitere Möglichkeiten, um meinen Laptop gründlich zu untersuchen? Irgendwas ist da ja noch drauf.
__________________

Alt 09.12.2010, 18:37   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Wenn du recovert hast, gibt es eh keinen grundmehr zur Analyse. Dann hast du quasi neu aufgesetzt. Dann sind auch alle Schädlinge aus der alten Installation garantiert weg.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2010, 18:53   #5
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Das habe ich bislang auch immer gedacht. Hab bei meinem Acer, über die Recovery Partition PQSERVICE, c: geplättet und Vista komplett neu aufgespielt, aber ich habe trotzdem noch die gleichen Symptome wie vorher - unerwünschte, verseuchte Seiten poppen auf, Computer stürzt in unregelmäßigen Abständen ab. Sehr dubios.

Da ich doch einige Bankgeschäfte über den Laptop abwickele, werde ich mir wohl sicherheitshalber einen neuen Rechner kaufen müssen.


Alt 09.12.2010, 19:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Du hast nicht zufällig einen Router? Bei dem das Standardpasswort, um den Router per Browser zu administrieren, NIE geändert wurde?
__________________
--> Virus cleansweep.exe nicht komplett entfernt?

Alt 09.12.2010, 19:19   #7
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Zitat:
Zitat von cosinus Beitrag anzeigen
Du hast nicht zufällig einen Router? Bei dem das Standardpasswort, um den Router per Browser zu administrieren, NIE geändert wurde?
Doch, ugh? Genau das ist der Fall.

Sagt mir jetzt aber erst einmal nicht so viel. Was soll ich machen?

Alt 09.12.2010, 19:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Router komplett resetten, also zurück auf Werkeinstellungen. Danach musst du ihn wieder die Zugangsdaten mitgeben. Das erste aber was du nach dem Reset machst: Passwort des Routers ändern!!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.12.2010, 20:03   #9
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



So, habe alles erledigt. Muss ich sonst noch irgend etwas beachten?

Melde mich dann später nochmal, ob das Problem wirklich behoben ist.

Auf alle Fälle schon einmal vielen Dank bis hierhin an dich, cosinus. Super Service.

Alt 09.12.2010, 22:48   #10
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Mist, leider poppen immer noch regelmäßig unerwünschte Seiten auf (vor alllen Dingen nach der Suche über Google). Kann ich sonst noch irgendwas machen?

Alt 10.12.2010, 10:37   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.12.2010, 12:18   #12
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Hallo, danke für den Tipp mit OTL. Anbei die beiden Logfiles.

Code:
ATTFilter
OTL logfile created on: 10.12.2010 13:05:42 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Lars\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 239,51 Gb Free Space | 83,07% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lars\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Programme\VideoLAN\VLC\vlc.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe ()
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\Acer\Optical Drive Power Management\ODDPWR.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Windows\System32\SndVol.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Lars\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Partner Service) -- C:\ProgramData\Partner\partner.exe (Google Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ODDPwrSvc) -- C:\Programme\Acer\Optical Drive Power Management\ODDPWRSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcHdmiAddService) Intel(R) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.12.09 00:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.09 06:33:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.09 02:02:56 | 000,000,000 | ---D | M]
 
[2010.12.09 01:14:06 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions
[2010.12.10 12:54:29 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\moh3rmvj.default\extensions
[2010.12.10 00:15:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\moh3rmvj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.10 12:54:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.12.09 02:02:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.12.09 02:02:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20101209063327.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\partner.dll (Google Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [ODDPwr] C:\Program Files\Acer\Optical Drive Power Management\ODDPwr.exe (Acer Incorporated)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Lars\Local Settings\Apps\F.lux\flux.exe ()
O4 - Startup: C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.10 00:16:31 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Google
[2010.12.10 00:07:24 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\EA
[2010.12.10 00:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.10 00:06:32 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\SWF Studio
[2010.12.10 00:06:31 | 000,000,000 | -HSD | C] -- C:\Users\Lars\AppData\Roaming\.#
[2010.12.09 23:42:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.12.09 21:43:02 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\Die_Kassierer-Physik-2010-CannaPower
[2010.12.09 21:42:56 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\WinRAR
[2010.12.09 21:42:16 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.12.09 14:37:18 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Avira
[2010.12.09 09:27:46 | 000,000,000 | ---D | C] -- C:\Book
[2010.12.09 09:27:41 | 000,380,928 | ---- | C] (Acer Incorporated) -- C:\Windows\AcerStore.exe
[2010.12.09 09:27:41 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2010.12.09 09:27:26 | 000,199,176 | ---- | C] (Dritek System Inc.) -- C:\Windows\GVUni.exe
[2010.12.09 09:25:37 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.09 09:25:37 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.09 09:25:37 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.12.09 09:25:37 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.09 09:25:34 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.09 09:25:34 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.09 09:25:33 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.09 09:25:32 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.09 09:25:31 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.09 09:23:19 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.12.09 09:23:18 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.12.09 09:23:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.12.09 09:22:58 | 003,599,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.12.09 09:22:58 | 003,547,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.12.09 09:22:57 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.12.09 09:22:57 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.12.09 09:22:57 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.12.09 09:22:57 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.12.09 09:22:57 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.12.09 09:22:57 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.12.09 09:22:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.12.09 09:22:32 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.12.09 09:22:32 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.12.09 09:22:09 | 002,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.09 09:21:43 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.12.09 09:21:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010.12.09 09:21:43 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2010.12.09 09:21:43 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-HK
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\uk-UA
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sr-Latn-CS
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sl-SI
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sk-SK
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lv-LV
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\lt-LT
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hr-HR
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\et-EE
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\bg-BG
[2010.12.09 09:20:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2010.12.09 09:20:10 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010.12.09 09:20:10 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2010.12.09 09:20:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\bthport.sys.mui
[2010.12.09 09:20:06 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\bthport.sys.mui
[2010.12.09 09:20:06 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\bthport.sys.mui
[2010.12.09 09:20:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\bthport.sys.mui
[2010.12.09 09:20:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
[2010.12.09 09:20:05 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sl-SI\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\bthport.sys.mui
[2010.12.09 09:20:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\bthport.sys.mui
[2010.12.09 09:20:02 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthport.sys.mui
[2010.12.09 09:20:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\bthport.sys.mui
[2010.12.09 09:20:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui
[2010.12.09 09:20:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\lt-LT\bthport.sys.mui
[2010.12.09 09:20:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\bthport.sys.mui
[2010.12.09 09:20:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\bthport.sys.mui
[2010.12.09 09:20:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hr-HR\bthport.sys.mui
[2010.12.09 09:20:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\bthport.sys.mui
[2010.12.09 09:20:01 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\et-EE\bthport.sys.mui
[2010.12.09 09:20:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\bthport.sys.mui
[2010.12.09 09:20:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\bthport.sys.mui
[2010.12.09 09:20:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\bthport.sys.mui
[2010.12.09 09:20:00 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\bg-BG\bthport.sys.mui
[2010.12.09 09:20:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthport.sys.mui
[2010.12.09 09:20:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\bthport.sys.mui
[2010.12.09 09:19:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthport.sys.mui
[2010.12.09 09:19:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\bthport.sys.mui
[2010.12.09 09:19:59 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bthport.sys.mui
[2010.12.09 09:19:59 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthport.sys.mui
[2010.12.09 09:19:58 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010.12.09 09:19:58 | 000,968,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010.12.09 09:19:58 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010.12.09 09:19:58 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010.12.09 09:19:58 | 000,291,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010.12.09 09:19:58 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010.12.09 09:19:58 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010.12.09 09:19:58 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010.12.09 09:19:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010.12.09 09:19:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010.12.09 09:19:58 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010.12.09 09:19:58 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010.12.09 09:19:58 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010.12.09 09:19:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010.12.09 09:18:47 | 000,309,768 | ---- | C] (Dritek System Inc.) -- C:\Windows\UNINST32.EXE
[2010.12.09 09:18:47 | 000,021,000 | ---- | C] (Dritek System Inc.) -- C:\Windows\System32\drivers\DKbFltr.sys
[2010.12.09 09:18:44 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01007.dll
[2010.12.09 09:18:44 | 000,206,120 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCtrl.dll
[2010.12.09 09:18:44 | 000,205,232 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\drivers\SynTP.sys
[2010.12.09 09:18:44 | 000,169,256 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynCOM.dll
[2010.12.09 09:18:44 | 000,161,064 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPAPI.dll
[2010.12.09 09:18:44 | 000,120,104 | ---- | C] (Synaptics Incorporated) -- C:\Windows\System32\SynTPCo4.dll
[2010.12.09 09:18:38 | 003,666,432 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\NETw5v32.sys
[2010.12.09 09:18:38 | 002,756,608 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw5r32.dll
[2010.12.09 09:18:38 | 000,663,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\NETw5c32.dll
[2010.12.09 09:17:47 | 008,198,680 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\TVWSetup.exe
[2010.12.09 09:17:47 | 000,668,696 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2010.12.09 09:17:47 | 000,304,640 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2010.12.09 09:17:47 | 000,299,008 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2010.12.09 09:17:47 | 000,294,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2010.12.09 09:17:47 | 000,291,328 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2010.12.09 09:17:47 | 000,289,280 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2010.12.09 09:17:47 | 000,288,256 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2010.12.09 09:17:47 | 000,287,744 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2010.12.09 09:17:47 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2010.12.09 09:17:47 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2010.12.09 09:17:47 | 000,279,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2010.12.09 09:17:47 | 000,279,040 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2010.12.09 09:17:47 | 000,277,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2010.12.09 09:17:47 | 000,262,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2010.12.09 09:17:47 | 000,260,096 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2010.12.09 09:17:47 | 000,249,856 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2010.12.09 09:17:47 | 000,206,848 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2010.12.09 09:17:47 | 000,205,312 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2010.12.09 09:17:47 | 000,173,080 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
[2010.12.09 09:17:47 | 000,151,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1752.dll
[2010.12.09 09:17:47 | 000,112,640 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\drivers\IntcHdmi.sys
[2010.12.09 09:17:47 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2010.12.09 09:17:47 | 000,052,736 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2010.12.09 09:17:46 | 005,702,656 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2010.12.09 09:17:46 | 005,054,464 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2010.12.09 09:17:46 | 004,740,096 | ---- | C] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys
[2010.12.09 09:17:46 | 004,116,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2010.12.09 09:17:46 | 003,264,512 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll
[2010.12.09 09:17:46 | 002,875,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2010.12.09 09:17:46 | 000,602,112 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2010.12.09 09:17:46 | 000,310,784 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2010.12.09 09:17:46 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2010.12.09 09:17:46 | 000,303,616 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2010.12.09 09:17:46 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2010.12.09 09:17:46 | 000,282,624 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2010.12.09 09:17:46 | 000,281,088 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2010.12.09 09:17:46 | 000,280,576 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2010.12.09 09:17:46 | 000,275,968 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2010.12.09 09:17:46 | 000,252,416 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2010.12.09 09:17:46 | 000,215,040 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdev.dll
[2010.12.09 09:17:46 | 000,200,192 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2010.12.09 09:17:46 | 000,179,712 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2010.12.09 09:17:46 | 000,178,176 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2010.12.09 09:17:46 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2010.12.09 09:17:46 | 000,119,296 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2010.12.09 09:17:46 | 000,094,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2010.12.09 09:17:46 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2010.12.09 09:17:39 | 000,050,176 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\L1C60x86.sys
[2010.12.09 09:17:34 | 000,020,480 | ---- | C] (Wistron Corp.) -- C:\Windows\PATCHFUL.EXE
[2010.12.09 09:17:34 | 000,000,000 | ---D | C] -- C:\Windows\Lan
[2010.12.09 06:33:27 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.12.09 06:33:14 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2010.12.09 06:33:10 | 000,164,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.12.09 06:33:10 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.12.09 06:33:09 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.12.09 06:33:09 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.12.09 06:33:09 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.12.09 06:33:09 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.12.09 06:33:09 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.12.09 06:33:09 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010.12.09 06:33:08 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.12.09 02:53:09 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.12.09 02:40:18 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.12.09 02:26:36 | 000,000,000 | ---D | C] -- C:\Programme\Veetle
[2010.12.09 02:21:23 | 000,000,000 | ---D | C] -- C:\Users\Lars\Desktop\motivation
[2010.12.09 02:04:29 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Adobe
[2010.12.09 02:04:16 | 000,000,000 | ---D | C] -- C:\tv
[2010.12.09 02:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.12.09 02:03:05 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.12.09 02:02:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.09 02:02:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.09 02:02:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.09 02:02:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.09 02:02:23 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2010.12.09 02:02:07 | 000,000,000 | ---D | C] -- C:\Programme\PokerStove
[2010.12.09 02:01:14 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2010.12.09 02:00:01 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\vlc
[2010.12.09 01:56:08 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.12.09 01:55:08 | 000,000,000 | R--D | C] -- C:\Users\Lars\Documents\My Dropbox
[2010.12.09 01:52:12 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Dropbox
[2010.12.09 01:51:01 | 000,000,000 | ---D | C] -- C:\Users\Lars\Local Settings
[2010.12.09 01:48:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Acer
[2010.12.09 01:23:58 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.12.09 01:23:58 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.12.09 01:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2010.12.09 01:22:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PX Storage Engine
[2010.12.09 01:22:45 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Winamp
[2010.12.09 01:22:45 | 000,000,000 | ---D | C] -- C:\Programme\Winamp
[2010.12.09 01:21:38 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Malwarebytes
[2010.12.09 01:21:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.09 01:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.09 01:21:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.09 01:21:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.09 01:18:33 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.12.09 01:18:26 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.09 01:18:26 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.12.09 01:18:23 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.12.09 01:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.12.09 01:15:22 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Adobe
[2010.12.09 01:13:55 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Mozilla
[2010.12.09 01:13:55 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Mozilla
[2010.12.09 01:12:48 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.12.09 01:05:56 | 000,114,688 | ---- | C] (Abstract Software) -- C:\Users\Public\Desktop\Internet-Erlebniswelt.exe
[2010.12.09 01:04:22 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\EgisTec
[2010.12.09 01:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2010.12.09 01:01:21 | 000,000,000 | ---D | C] -- C:\Programme\Acer Inc
[2010.12.09 01:01:07 | 000,000,000 | ---D | C] -- C:\ProgramData\eSobi
[2010.12.09 01:00:51 | 000,000,000 | ---D | C] -- C:\Programme\eSobi
[2010.12.09 00:59:43 | 000,000,000 | ---D | C] -- C:\Programme\EgisTec Egis Software Update
[2010.12.09 00:59:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\EgisTec
[2010.12.09 00:59:35 | 000,000,000 | ---D | C] -- C:\Programme\EgisTec
[2010.12.09 00:59:08 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Acer
[2010.12.09 00:57:52 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Acer ePower Management V4
[2010.12.09 00:57:09 | 000,047,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxm144b.rra
[2010.12.09 00:57:09 | 000,027,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010.12.09 00:53:37 | 000,000,000 | ---D | C] -- C:\Programme\CyberLink
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Xp_x86
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\w2k_x86
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_x86
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_ia64
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\Vista_amd64
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_x86
[2010.12.09 00:52:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_ia64
[2010.12.09 00:52:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti
[2010.12.09 00:52:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nti\2003_amd64
[2010.12.09 00:52:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver
[2010.12.09 00:52:24 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Macromedia
[2010.12.09 00:51:52 | 000,000,000 | ---D | C] -- C:\Programme\Launch Manager
[2010.12.09 00:51:06 | 000,000,000 | ---D | C] -- C:\Programme\Synaptics
[2010.12.09 00:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Acer
[2010.12.09 00:50:09 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\InstallShield
[2010.12.09 00:49:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.12.09 00:49:02 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.12.09 00:48:59 | 001,784,352 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010.12.09 00:48:59 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010.12.09 00:48:59 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010.12.09 00:48:59 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010.12.09 00:48:59 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010.12.09 00:48:58 | 002,529,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.12.09 00:48:58 | 002,358,112 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.12.09 00:48:58 | 001,123,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.12.09 00:48:58 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.12.09 00:48:58 | 000,326,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.12.09 00:48:58 | 000,055,840 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.12.09 00:48:57 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.12.09 00:48:57 | 000,290,304 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.12.09 00:48:56 | 001,933,312 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010.12.09 00:48:56 | 000,159,744 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.12.09 00:48:56 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010.12.09 00:48:55 | 000,159,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\FMAPO.dll
[2010.12.09 00:48:55 | 000,142,848 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.12.09 00:48:55 | 000,060,416 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.12.09 00:48:55 | 000,000,000 | -H-D | C] -- C:\Programme\Temp
[2010.12.09 00:48:55 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.12.09 00:48:49 | 000,540,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.12.09 00:48:43 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\InstallShield
[2010.12.09 00:48:14 | 000,000,000 | ---D | C] -- C:\Users\Lars\Documents\Eigene Google Gadgets
[2010.12.09 00:47:50 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Google
[2010.12.09 00:47:28 | 000,000,000 | R--D | C] -- C:\Users\Lars\Searches
[2010.12.09 00:47:26 | 000,000,000 | ---D | C] -- C:\Programme\Convesoft
[2010.12.09 00:47:20 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Identities
[2010.12.09 00:47:17 | 000,000,000 | R--D | C] -- C:\Users\Lars\Contacts
[2010.12.09 00:47:15 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\VirtualStore
[2010.12.09 00:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2010.12.09 00:47:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.12.09 00:46:59 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010.12.09 00:46:36 | 000,000,000 | --SD | C] -- C:\Users\Lars\AppData\Roaming\Microsoft
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Videos
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Saved Games
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Pictures
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Music
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Links
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Favorites
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Downloads
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Documents
[2010.12.09 00:46:36 | 000,000,000 | R--D | C] -- C:\Users\Lars\Desktop
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Vorlagen
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\AppData\Local\Verlauf
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\AppData\Local\Temporary Internet Files
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Startmenü
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\SendTo
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Recent
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Netzwerkumgebung
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Lokale Einstellungen
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Documents\Eigene Videos
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Documents\Eigene Musik
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Eigene Dateien
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Documents\Eigene Bilder
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Druckumgebung
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Cookies
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\AppData\Local\Anwendungsdaten
[2010.12.09 00:46:36 | 000,000,000 | -HSD | C] -- C:\Users\Lars\Anwendungsdaten
[2010.12.09 00:46:36 | 000,000,000 | -H-D | C] -- C:\Users\Lars\AppData
[2010.12.09 00:46:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Temp
[2010.12.09 00:46:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Microsoft
[2010.12.09 00:46:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Media Center Programs
[2010.12.09 00:46:36 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Acer GameZone Console
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010.12.09 00:42:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.12.09 00:37:09 | 000,997,912 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2010.12.09 00:37:09 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010.12.08 23:33:15 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.12.08 23:32:23 | 000,000,000 | -HSD | C] -- C:\System Volume Information
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.10 12:45:37 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.10 12:45:37 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.10 12:45:37 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.10 12:45:37 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.10 12:41:40 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2010.12.10 12:41:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.10 12:41:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.10 12:40:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.10 12:40:02 | 3149,709,312 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.10 00:50:56 | 000,031,232 | ---- | M] () -- C:\Users\Lars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.09 15:55:38 | 290,741,441 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.09 09:27:44 | 000,000,192 | RHS- | M] () -- C:\Preload.rev
[2010.12.09 09:25:37 | 000,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.09 09:25:37 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.09 09:25:37 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.12.09 09:25:37 | 000,028,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.09 09:25:34 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.09 09:25:34 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.09 09:25:33 | 001,383,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.09 09:25:32 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.09 09:25:31 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.09 09:23:19 | 001,255,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.12.09 09:23:18 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.12.09 09:23:18 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.12.09 09:22:58 | 003,599,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.12.09 09:22:58 | 003,547,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.12.09 09:22:57 | 000,666,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.12.09 09:22:57 | 000,183,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.12.09 09:22:57 | 000,054,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.12.09 09:22:57 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.12.09 09:22:57 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.12.09 09:22:57 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.12.09 09:22:56 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.12.09 09:22:32 | 000,562,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.12.09 09:22:32 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.12.09 09:22:09 | 002,033,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.09 09:21:42 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2010.12.09 09:21:42 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hcrstco.dll
[2010.12.09 09:21:42 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hccoin.dll
[2010.12.09 09:21:42 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2010.12.09 09:20:06 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\bthport.sys.mui
[2010.12.09 09:20:06 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-HK\bthport.sys.mui
[2010.12.09 09:20:06 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\bthport.sys.mui
[2010.12.09 09:20:05 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\bthport.sys.mui
[2010.12.09 09:20:05 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\uk-UA\bthport.sys.mui
[2010.12.09 09:20:05 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sr-Latn-CS\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sl-SI\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\sk-SK\bthport.sys.mui
[2010.12.09 09:20:04 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\bthport.sys.mui
[2010.12.09 09:20:03 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\bthport.sys.mui
[2010.12.09 09:20:03 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\bthport.sys.mui
[2010.12.09 09:20:02 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\bthport.sys.mui
[2010.12.09 09:20:02 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\bthport.sys.mui
[2010.12.09 09:20:02 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lv-LV\bthport.sys.mui
[2010.12.09 09:20:02 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\lt-LT\bthport.sys.mui
[2010.12.09 09:20:02 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\bthport.sys.mui
[2010.12.09 09:20:01 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\bthport.sys.mui
[2010.12.09 09:20:01 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hr-HR\bthport.sys.mui
[2010.12.09 09:20:01 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\bthport.sys.mui
[2010.12.09 09:20:01 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\et-EE\bthport.sys.mui
[2010.12.09 09:20:01 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\bthport.sys.mui
[2010.12.09 09:20:00 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\bthport.sys.mui
[2010.12.09 09:20:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\bthport.sys.mui
[2010.12.09 09:20:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\bg-BG\bthport.sys.mui
[2010.12.09 09:20:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\bthport.sys.mui
[2010.12.09 09:20:00 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\bthport.sys.mui
[2010.12.09 09:19:59 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\bthport.sys.mui
[2010.12.09 09:19:59 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\bthport.sys.mui
[2010.12.09 09:19:59 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\bthport.sys.mui
[2010.12.09 09:19:59 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\bthport.sys.mui
[2010.12.09 09:19:58 | 002,134,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FunctionDiscoveryFolder.dll
[2010.12.09 09:19:58 | 000,968,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wcnwiz2.dll
[2010.12.09 09:19:58 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
[2010.12.09 09:19:58 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairing.dll
[2010.12.09 09:19:58 | 000,291,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WscEapPr.dll
[2010.12.09 09:19:58 | 000,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WcnNetsh.dll
[2010.12.09 09:19:58 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
[2010.12.09 09:19:58 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdBth.dll
[2010.12.09 09:19:58 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingWizard.exe
[2010.12.09 09:19:58 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DevicePairingProxy.dll
[2010.12.09 09:19:58 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthci.dll
[2010.12.09 09:19:58 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2010.12.09 09:19:58 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthudtask.exe
[2010.12.09 09:19:58 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2010.12.09 09:19:58 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
[2010.12.09 09:19:58 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdBthProxy.dll
[2010.12.09 09:19:58 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\de-DE\bthport.sys.mui
[2010.12.09 02:53:12 | 000,001,946 | ---- | M] () -- C:\Users\Lars\Desktop\HiJackThis.lnk
[2010.12.09 02:03:29 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.12.09 02:02:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.09 02:02:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.09 02:02:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.09 02:02:26 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.12.09 02:02:08 | 000,000,776 | ---- | M] () -- C:\Users\Lars\Desktop\PokerStove.lnk
[2010.12.09 01:55:09 | 000,000,924 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.12.09 01:19:06 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.09 01:12:56 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.12.09 01:06:55 | 000,000,193 | ---- | M] () -- C:\Windows\USER.XML
[2010.12.09 01:05:48 | 000,000,594 | ---- | M] () -- C:\Users\Public\Desktop\Acer Store.lnk
[2010.12.09 01:01:30 | 000,000,206 | ---- | M] () -- C:\Windows\Factory.xml
[2010.12.09 01:01:23 | 000,000,092 | ---- | M] () -- C:\Windows\GridV.UNI
[2010.12.09 01:01:00 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\eSobi v2.lnk
[2010.12.09 01:00:02 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\MyWinLocker.lnk
[2010.12.09 00:59:01 | 000,001,563 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2010.12.09 00:51:57 | 000,000,083 | ---- | M] () -- C:\Windows\LManager.UNI
[2010.12.09 00:51:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.12.09 00:50:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
[2010.12.09 00:50:06 | 000,000,074 | ---- | M] () -- C:\Windows\PidList.ini
[2010.12.09 00:49:03 | 000,319,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.12.09 00:47:29 | 000,001,900 | ---- | M] () -- C:\Users\Public\Desktop\Orion.lnk
[2010.12.09 00:46:53 | 000,014,640 | ---- | M] () -- C:\Windows\System32\results.xml
[2010.12.09 00:41:04 | 000,060,826 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010.12.08 23:32:01 | 000,295,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2010.12.09 09:27:44 | 000,018,244 | -HS- | C] () -- C:\Patch.rev
[2010.12.09 09:17:47 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.12.09 09:17:47 | 000,042,256 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2010.12.09 09:17:47 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010.12.09 09:17:47 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2010.12.09 09:17:47 | 000,002,096 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2010.12.09 09:17:46 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.12.09 09:17:46 | 000,134,544 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010.12.09 09:17:46 | 000,092,168 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.12.09 09:17:34 | 000,000,193 | ---- | C] () -- C:\Windows\USER.XML
[2010.12.09 02:53:12 | 000,001,946 | ---- | C] () -- C:\Users\Lars\Desktop\HiJackThis.lnk
[2010.12.09 02:39:11 | 290,741,441 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.09 02:04:14 | 000,031,232 | ---- | C] () -- C:\Users\Lars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.09 02:03:29 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.12.09 02:02:08 | 000,000,776 | ---- | C] () -- C:\Users\Lars\Desktop\PokerStove.lnk
[2010.12.09 01:55:09 | 000,000,924 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2010.12.09 01:19:06 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.12.09 01:12:56 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.12.09 01:05:48 | 000,000,594 | ---- | C] () -- C:\Users\Public\Desktop\Acer Store.lnk
[2010.12.09 01:01:23 | 000,000,092 | ---- | C] () -- C:\Windows\GridV.UNI
[2010.12.09 01:01:00 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\eSobi v2.lnk
[2010.12.09 01:00:02 | 000,001,976 | ---- | C] () -- C:\Users\Public\Desktop\MyWinLocker.lnk
[2010.12.09 00:59:31 | 000,003,276 | ---- | C] () -- C:\Users\Lars\AppData\Local\MyWinLockerInstaller.txt-20101209.log
[2010.12.09 00:59:01 | 000,001,563 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
[2010.12.09 00:51:57 | 000,000,083 | ---- | C] () -- C:\Windows\LManager.UNI
[2010.12.09 00:51:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.12.09 00:50:21 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010.12.09 00:50:21 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.12.09 00:50:21 | 000,000,074 | ---- | C] () -- C:\Windows\PidList.ini
[2010.12.09 00:49:02 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat
[2010.12.09 00:49:02 | 000,000,632 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2010.12.09 00:49:02 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2010.12.09 00:49:02 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2010.12.09 00:49:02 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2010.12.09 00:49:02 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2010.12.09 00:49:01 | 000,107,276 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2010.12.09 00:47:29 | 000,001,900 | ---- | C] () -- C:\Users\Public\Desktop\Orion.lnk
[2010.12.09 00:46:53 | 000,014,640 | ---- | C] () -- C:\Windows\System32\results.xml
[2010.12.09 00:39:53 | 3149,709,312 | -HS- | C] () -- C:\hiberfil.sys
[2009.04.01 01:46:06 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.04.01 01:46:06 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.04.01 01:46:05 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2009.04.01 01:46:05 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8750DCE4

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 10.12.2010 13:05:42 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Lars\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 239,51 Gb Free Space | 83,07% Space Free | Partition Type: NTFS
 
Computer Name: LARS-PC | User Name: Lars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2A962130-D730-4641-A6A9-91228E6FEF67}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{3FBAF46C-B89F-4400-AFA7-81BEE82A8604}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1213B9CB-AA9E-4520-AA8C-0410E4EB3401}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{1696AE61-A1D5-4096-B3BE-06146875F469}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{172B75C8-1920-4C5D-BDB0-9F43FE08AB86}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1C0C3D0A-86F7-43EE-9689-693FEF231110}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{2DCB8C26-A974-4599-9EE4-81A981F99CC0}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{3A07A9ED-998D-4976-AC46-CCB5E2EB7383}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{3CB026CD-BAAA-4071-AEAF-67D0EDAA1BB7}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{3FAD6E5C-C8B8-46B8-B817-E93EB4BBAD9F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{4DC10A9F-6BB0-42E0-B1FD-8A975DE44FBA}" = protocol=6 | dir=in | app=c:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe | 
"{57DB6F7C-8C0C-41A0-8809-52C29310E16D}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{661D9833-DE3C-48CE-81A9-2C86369E569E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{69019BDC-6E7E-4720-A7C0-BD894D61BA68}" = protocol=17 | dir=in | app=c:\users\lars\appdata\roaming\dropbox\bin\dropbox.exe | 
"{AE42203B-94F8-4A94-8AC4-A4F96A3F70B0}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{D3BBC595-F740-427A-9C0F-64813050BF7A}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{EAEE5AC4-9B37-4359-8A84-94DF527232EE}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{EF71D745-E655-4156-9955-A74FBFC2082B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AE09C972-EEB2-4DA5-8090-0FCF54576854}" = Optical Drive Power Management
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.92.624
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"JDownloader" = JDownloader
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee SecurityCenter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 1.1.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Flux" = F.lux
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2010 00:10:57 | Computer Name = Lars-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3951, Zeitstempel
 0x4cc7add9, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047dd2,  Prozess-ID 0xed4, Anwendungsstartzeit
 01cb98015ab392e1.
 
Error - 10.12.2010 00:10:57 | Computer Name = Lars-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3951 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1518  Anfangszeit: 01cb9801530ef071  Zeitpunkt der Beendigung:
 26
 
Error - 10.12.2010 07:41:10 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:10 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:11 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:11 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:12 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:12 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:12 | Computer Name = Lars-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 10.12.2010 07:41:21 | Computer Name = Lars-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.12.2010 19:39:32 | Computer Name = Lars-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 09.12.2010 19:46:02 | Computer Name = Lars-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.12.2010 20:29:37 | Computer Name = Lars-PC | Source = bowser | ID = 8003
Description = 
 
Error - 09.12.2010 20:49:33 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 09.12.2010 20:49:33 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 09.12.2010 20:49:33 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7032
Description = 
 
Error - 10.12.2010 07:40:23 | Computer Name = Lars-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 10.12.2010 07:41:29 | Computer Name = Lars-PC | Source = bowser | ID = 8003
Description = 
 
Error - 10.12.2010 07:41:32 | Computer Name = Lars-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.12.2010 07:54:16 | Computer Name = Lars-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Alt 10.12.2010, 13:27   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Ist rel. unauffällig. Führ mal CF aus:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.12.2010, 14:59   #14
Oh_nein
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Urgs, Combofix hat ziemlich lange gebraucht und hat zwischendurch auch Rootkitaktivitäten festgestellt. Kackdreck. Wie gehts für mich jetzt weiter? Rootkits sind doch sehr hartnäckig, oder?

Code:
ATTFilter
ComboFix 10-12-09.02 - Lars 10.12.2010  15:09:39.1.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3003.1939 [GMT 1:00]
ausgeführt von:: c:\users\Lars\Desktop\cofi.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Lars\AppData\Roaming\.#

.
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
.
(((((((((((((((((((((((   Dateien erstellt von 2010-11-10 bis 2010-12-10  ))))))))))))))))))))))))))))))
.

2010-12-10 14:16 . 2010-12-10 14:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-10 13:40 . 2010-12-10 13:40	--------	d-----w-	c:\program files\CCleaner
2010-12-09 23:06 . 2010-12-09 23:06	--------	d-----w-	c:\program files\Common Files\SWF Studio
2010-12-09 22:42 . 2010-12-09 22:42	--------	d-----w-	c:\windows\Sun
2010-12-09 08:27 . 2010-12-09 08:27	--------	d-----w-	C:\Book
2010-12-09 08:27 . 2008-07-17 20:27	380928	----a-w-	c:\windows\AcerStore.exe
2010-12-09 08:27 . 2008-05-09 13:58	49152	----a-w-	c:\windows\Interop.IWshRuntimeLibrary.dll
2010-12-09 08:27 . 2008-01-10 19:44	199176	----a-w-	c:\windows\GVUni.exe
2010-12-09 08:23 . 2010-12-09 08:23	376832	----a-w-	c:\windows\system32\winhttp.dll
2010-12-09 08:23 . 2010-12-09 08:23	72704	----a-w-	c:\windows\system32\secur32.dll
2010-12-09 08:23 . 2010-12-09 08:23	1255936	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-09 08:23 . 2010-12-09 08:23	24064	----a-w-	c:\windows\system32\amxread.dll
2010-12-09 08:23 . 2010-12-09 08:23	13824	----a-w-	c:\windows\system32\apilogen.dll
2010-12-09 08:21 . 2010-12-09 08:21	8704	----a-w-	c:\windows\system32\hccoin.dll
2010-12-09 08:21 . 2010-12-09 08:21	73216	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2010-12-09 08:21 . 2010-12-09 08:21	5888	----a-w-	c:\windows\system32\drivers\usbd.sys
2010-12-09 08:21 . 2010-12-09 08:21	39936	----a-w-	c:\windows\system32\drivers\usbehci.sys
2010-12-09 08:21 . 2010-12-09 08:21	23552	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2010-12-09 08:21 . 2010-12-09 08:21	226304	----a-w-	c:\windows\system32\drivers\usbport.sys
2010-12-09 08:21 . 2010-12-09 08:21	194560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2010-12-09 08:21 . 2010-12-09 08:21	15872	----a-w-	c:\windows\system32\hcrstco.dll
2010-12-09 08:21 . 2010-12-09 08:21	529464	----a-w-	c:\windows\system32\drivers\ndis.sys
2010-12-09 08:19 . 2010-12-09 08:19	9728	----a-w-	c:\windows\system32\fdBthProxy.dll
2010-12-09 08:18 . 2009-03-28 03:02	309768	----a-w-	c:\windows\UNINST32.EXE
2010-12-09 08:18 . 2009-03-26 19:14	21000	----a-w-	c:\windows\system32\drivers\DKbFltr.sys
2010-12-09 08:18 . 2009-02-06 18:33	205232	----a-w-	c:\windows\system32\drivers\SynTP.sys
2010-12-09 08:18 . 2009-02-06 18:32	161064	----a-w-	c:\windows\system32\SynTPAPI.dll
2010-12-09 08:18 . 2009-02-06 18:32	120104	----a-w-	c:\windows\system32\SynTPCo4.dll
2010-12-09 08:18 . 2009-02-06 18:32	206120	----a-w-	c:\windows\system32\SynCtrl.dll
2010-12-09 08:18 . 2009-02-06 18:32	169256	----a-w-	c:\windows\system32\SynCOM.dll
2010-12-09 08:18 . 2008-07-08 18:55	1112288	----a-w-	c:\windows\system32\WdfCoInstaller01007.dll
2010-12-09 08:18 . 2008-09-25 15:37	3666432	----a-w-	c:\windows\system32\drivers\NETw5v32.sys
2010-12-09 08:18 . 2008-06-20 18:33	2756608	----a-w-	c:\windows\system32\NETw5r32.dll
2010-12-09 08:18 . 2008-06-20 18:32	663552	----a-w-	c:\windows\system32\NETw5c32.dll
2010-12-09 01:53 . 2010-12-09 01:53	--------	d-----w-	c:\program files\Trend Micro
2010-12-09 01:26 . 2010-12-09 01:26	--------	d-----w-	c:\program files\Veetle
2010-12-09 01:04 . 2010-12-09 01:27	--------	d-----w-	C:\tv
2010-12-09 01:03 . 2010-12-09 01:03	--------	d-----w-	c:\program files\Common Files\Java
2010-12-09 01:02 . 2010-12-09 01:02	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-12-09 01:02 . 2010-12-09 01:02	--------	d-----w-	c:\program files\Java
2010-12-09 01:02 . 2010-12-09 01:02	--------	d-----w-	c:\program files\PokerStove
2010-12-09 01:01 . 2010-12-10 13:00	--------	d-----w-	c:\program files\JDownloader
2010-12-09 00:56 . 2010-12-09 00:56	--------	d-----w-	c:\program files\VideoLAN
2010-12-09 00:23 . 2009-09-04 16:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2010-12-09 00:23 . 2006-09-28 15:05	2414360	----a-w-	c:\windows\system32\d3dx9_31.dll
2010-12-09 00:23 . 2010-12-09 00:23	--------	d-----w-	c:\program files\Winamp Detect
2010-12-09 00:22 . 2010-12-09 00:22	--------	d-----w-	c:\program files\Common Files\PX Storage Engine
2010-12-09 00:22 . 2010-12-09 00:24	--------	d-----w-	c:\program files\Winamp
2010-12-09 00:21 . 2010-11-29 16:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 00:21 . 2010-12-09 00:21	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-09 00:21 . 2010-11-29 16:42	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-09 00:21 . 2010-12-09 00:21	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-12-09 00:18 . 2010-08-02 15:09	60936	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-12-09 00:18 . 2010-08-02 15:09	126856	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-09 00:18 . 2010-12-09 00:18	--------	d-----w-	c:\programdata\Avira
2010-12-09 00:18 . 2010-12-09 00:18	--------	d-----w-	c:\program files\Avira
2010-12-09 00:04 . 2010-12-09 00:04	--------	d-----w-	c:\programdata\EgisTec
2010-12-09 00:01 . 2010-12-09 00:01	--------	d-----w-	c:\program files\Acer Inc
2010-12-09 00:01 . 2010-12-09 00:01	--------	d-----w-	c:\programdata\eSobi
2010-12-09 00:00 . 2010-12-09 00:00	--------	d-----w-	c:\program files\eSobi
2010-12-08 23:59 . 2010-12-08 23:59	--------	d-----w-	c:\program files\EgisTec Egis Software Update
2010-12-08 23:59 . 2010-12-08 23:59	--------	d-----w-	c:\program files\Common Files\EgisTec
2010-12-08 23:59 . 2010-12-08 23:59	--------	d-----w-	c:\program files\EgisTec
2010-12-08 23:57 . 2007-01-08 21:17	47136	----a-w-	c:\windows\system32\msxm144b.rra
2010-12-08 23:57 . 2007-01-08 21:17	27168	------w-	c:\windows\system32\msxml3a.dll
2010-12-08 23:53 . 2010-12-08 23:57	--------	d-----w-	c:\program files\CyberLink
2010-12-08 23:53 . 2007-01-08 21:17	502816	------w-	c:\windows\system32\msvcp71.dll
2010-12-08 23:53 . 2007-01-08 21:17	351264	------w-	c:\windows\system32\msvcr71.dll
2010-12-08 23:52 . 2010-12-08 23:52	--------	d-----w-	c:\windows\system32\drivers\nti
2010-12-08 23:51 . 2010-12-08 23:51	--------	d-----w-	c:\program files\Launch Manager
2010-12-08 23:51 . 2010-12-08 23:51	--------	d-----w-	c:\program files\Synaptics
2010-12-08 23:50 . 2010-12-09 00:05	--------	d-----w-	c:\program files\Acer
2010-12-08 23:50 . 2010-12-08 23:50	200704	----a-w-	c:\windows\PLFSetI.exe
2010-12-08 23:50 . 2009-04-16 17:45	106496	----a-w-	c:\windows\FixUVC.exe
2010-12-08 23:49 . 2010-12-08 23:49	--------	d-----w-	c:\windows\system32\RTCOM
2010-12-08 23:49 . 2010-12-08 23:49	319456	----a-w-	c:\windows\DIFxAPI.dll
2010-12-08 23:49 . 2009-04-10 23:31	632	----a-w-	c:\windows\system32\drivers\RtHdatEx.dat
2010-12-08 23:49 . 2009-04-10 21:54	712	----a-w-	c:\windows\system32\drivers\SamSfPa.dat
2010-12-08 23:49 . 2009-04-09 04:22	16	----a-w-	c:\windows\system32\drivers\rtkhdaud.dat
2010-12-08 23:49 . 2008-08-21 21:43	520	----a-w-	c:\windows\system32\drivers\RTEQEX2.dat
2010-12-08 23:49 . 2005-06-27 13:29	520	----a-w-	c:\windows\system32\drivers\RTEQEX0.dat
2010-12-08 23:49 . 2005-06-27 13:29	520	----a-w-	c:\windows\system32\drivers\RTEQEX1.dat
2010-12-08 23:49 . 2009-04-10 23:31	107276	----a-w-	c:\windows\system32\drivers\RtConvEQ.DAT
2010-12-08 23:47 . 2010-12-08 23:47	--------	d-----w-	c:\program files\Convesoft
2010-12-08 23:47 . 2010-12-08 23:47	--------	d-----w-	c:\programdata\Partner
2010-12-08 23:46 . 2010-12-09 23:17	--------	d-----w-	c:\program files\Google
2010-12-08 23:46 . 2010-12-09 00:51	--------	d-----w-	c:\users\Lars
2010-12-08 23:37 . 2010-12-08 23:37	--------	d-----w-	c:\windows\system32\Lang
2010-12-08 23:37 . 2009-05-13 21:22	997912	----a-w-	c:\windows\system32\igxpun.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-09 08:23 . 2010-12-09 08:23	40960	----a-w-	c:\windows\apppatch\apihex86.dll
2010-12-09 08:20 . 2010-12-09 08:20	5120	----a-w-	c:\windows\system32\drivers\zh-TW\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	5120	----a-w-	c:\windows\system32\drivers\zh-HK\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	4608	----a-w-	c:\windows\system32\drivers\zh-CN\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8704	----a-w-	c:\windows\system32\drivers\th-TH\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\uk-UA\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\tr-TR\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\sv-SE\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\sr-Latn-CS\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\sl-SI\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\sk-SK\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\ru-RU\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	9216	----a-w-	c:\windows\system32\drivers\nl-NL\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8704	----a-w-	c:\windows\system32\drivers\ro-RO\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8704	----a-w-	c:\windows\system32\drivers\pt-PT\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8704	----a-w-	c:\windows\system32\drivers\pt-BR\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8704	----a-w-	c:\windows\system32\drivers\pl-PL\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8704	----a-w-	c:\windows\system32\drivers\it-IT\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\nb-NO\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7680	----a-w-	c:\windows\system32\drivers\lv-LV\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7680	----a-w-	c:\windows\system32\drivers\lt-LT\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	5632	----a-w-	c:\windows\system32\drivers\ko-KR\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\hu-HU\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\hr-HR\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7680	----a-w-	c:\windows\system32\drivers\fi-FI\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7680	----a-w-	c:\windows\system32\drivers\et-EE\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7168	----a-w-	c:\windows\system32\drivers\he-IL\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	9216	----a-w-	c:\windows\system32\drivers\el-GR\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\da-DK\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	8192	----a-w-	c:\windows\system32\drivers\bg-BG\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7680	----a-w-	c:\windows\system32\drivers\cs-CZ\bthport.sys.mui
2010-12-09 08:20 . 2010-12-09 08:20	7168	----a-w-	c:\windows\system32\drivers\ar-SA\bthport.sys.mui
2010-12-09 08:19 . 2010-12-09 08:19	8704	----a-w-	c:\windows\system32\drivers\fr-FR\bthport.sys.mui
2010-12-09 08:19 . 2010-12-09 08:19	8704	----a-w-	c:\windows\system32\drivers\es-ES\bthport.sys.mui
2010-12-09 08:19 . 2010-12-09 08:19	8192	----a-w-	c:\windows\system32\drivers\en-US\bthport.sys.mui
2010-12-09 08:19 . 2010-12-09 08:19	6144	----a-w-	c:\windows\system32\drivers\ja-JP\bthport.sys.mui
2010-12-09 08:19 . 2010-12-09 08:19	8704	----a-w-	c:\windows\system32\drivers\de-DE\bthport.sys.mui
2010-12-09 00:52 . 2010-12-09 00:53	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-12-08 23:47	157168	----a-w-	c:\programdata\Partner\partner.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Lars\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 22:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Lars\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-12 186904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-05-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-05-07 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-05-13 153624]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-12-09 30192]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-04-11 7399968]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-12-08 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-04-09 1071624]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-05-26 253696]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2009-03-30 62760]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-05-15 440864]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-04-29 176128]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-06 74752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-12-9 565248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-12-09 30192]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 Partner Service;Partner Service;c:\programdata\Partner\partner.exe [2010-12-08 110576]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-04-11 117256]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-05-15 703008]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-05-26 62208]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-04-29 118784]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C60x86.sys [2009-04-01 50176]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1210&m=aspire_4810t
FF - ProfilePath - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\moh3rmvj.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\Lars\AppData\Roaming\Mozilla\Firefox\Profiles\moh3rmvj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-12-10 15:17
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.0.6001 Disk: Hitachi_ rev.PB3O -> Harddisk0\DR0 -> \Device\Ide\iaStor0 

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8691A555]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869207b0]; MOV EAX, [0x8692082c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX;  }
1 ntkrnlpa!IofCallDriver[0x81D01F6F] -> \Device\Harddisk0\DR0[0x85D311D8]
3 CLASSPNP[0x827A5745] -> ntkrnlpa!IofCallDriver[0x81D01F6F] -> [0x8696D748]
\Driver\iaStor[0x868FBB58] -> IRP_MJ_CREATE -> 0x8691A555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP;  }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskHitachi_HTS545032B9A300_________________PB3OC60F#4&8780f3b&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!! 
sectors 625142446 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
Zeit der Fertigstellung: 2010-12-10  15:20:23
ComboFix-quarantined-files.txt  2010-12-10 14:20

Vor Suchlauf: 10 Verzeichnis(se), 258.369.712.128 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 258.485.923.840 Bytes frei

- - End Of File - - 3F97B38B4847F5C950C22FB182313EC5
         

Alt 10.12.2010, 15:02   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus cleansweep.exe nicht komplett entfernt? - Standard

Virus cleansweep.exe nicht komplett entfernt?



Zitat:
\\.\PhysicalDrive0 - Bootkit TDL4 was found and disinfected
Witzig. Du hast recovert und trotzdem ist das Bootkit noch drauf. Eigentlich sollte beim Recovern auch der MBR neu geschrieben werden aber macht dein PC-Hersteller wohl nicht
ODER du hast danach wieder Dreck ausgeführt


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virus cleansweep.exe nicht komplett entfernt?
alle programme, antivir, antivir guard, avira, bho, computer, desktop, dropbox, entfernt?, firefox, google, hijack, hijackthis, hijackthis logfile, internet explorer, launch, locker, logfile, mcafee firewall, mozilla, mywinlocker, phishing, programdata, proxy, prozess, realtek, senden, siteadvisor, software, system, virus, vista, windows



Ähnliche Themen: Virus cleansweep.exe nicht komplett entfernt?


  1. SafeFinder, nicht sicher ob komplett entfernt
    Log-Analyse und Auswertung - 24.08.2015 (36)
  2. Adserverplus komplett entfernt?
    Log-Analyse und Auswertung - 09.08.2013 (9)
  3. ich weiß nicht, ob ich qvo6 komplett entfernt habe
    Log-Analyse und Auswertung - 26.05.2013 (17)
  4. Delta-Search komplett entfernt?
    Log-Analyse und Auswertung - 21.02.2013 (2)
  5. my start by incredibar komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (5)
  6. Security Shield - komplett entfernt?
    Log-Analyse und Auswertung - 09.07.2012 (13)
  7. Ukash trojaner zum 2 mal eingefangen. und entfernt jedoch nicht sicher ob komplett
    Log-Analyse und Auswertung - 06.01.2012 (1)
  8. Bundespolizeitrojaner komplett entfernt?
    Log-Analyse und Auswertung - 22.11.2011 (5)
  9. Personal Shield Pro nicht komplett entfernt
    Log-Analyse und Auswertung - 23.06.2011 (12)
  10. Security Shield wird nicht komplett entfernt und installiert sich neu
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (20)
  11. ThinkPoint komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (18)
  12. Xp startet nicht mehr - cleansweep.exe
    Log-Analyse und Auswertung - 01.10.2010 (19)
  13. Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg?
    Plagegeister aller Art und deren Bekämpfung - 20.06.2010 (25)
  14. AntivirusSoft nun komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2010 (7)
  15. wie entfernt man Sinowal.J komplett ???
    Plagegeister aller Art und deren Bekämpfung - 04.05.2009 (3)
  16. Virtumonde komplett entfernt?
    Log-Analyse und Auswertung - 24.10.2008 (10)
  17. vundo komplett entfernt?
    Log-Analyse und Auswertung - 16.05.2008 (7)

Zum Thema Virus cleansweep.exe nicht komplett entfernt? - Hallo, ich habe seit einigen Tagen ein paar Probleme mit meinem Laptop. Zunächst bemerkte mein Avira Antivir ein paar Schädlinge auf meinem Rechner, die ich dann mit Avira und Malwarebytes - Virus cleansweep.exe nicht komplett entfernt?...
Archiv
Du betrachtest: Virus cleansweep.exe nicht komplett entfernt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.