| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.06.2010, 19:57
| #1 |
 |  Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? Hallo erstma ich habe nen problem seit heute zeigt mir nod32 einen virus an und ich kann ihn nicht löschen aber warum??? sagt mir aber bitte nicht das es ein keyloger ist denn ich habe mich heute bei der bank eingelogt kann er das auch sehen ???4 bitte um eine schnelle antwort m.v.g. Dario |
|
18.06.2010, 20:11
| #2 |
| /// Selecta Jahrusso   |  Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs
Bitte poste in Deiner nächsten Antwort OTL.txt Extras.txt
__________________ |
|
18.06.2010, 20:51
| #3 |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? danke dass du hilfst aber bei mir kommt nur die otl.txt sonst nichts
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2010 21:43:27 - Run 2 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Windows 7 (System)\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 316,18 Gb Free Space | 70,24% Space Free | Partition Type: NTFS Drive D: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,85% Space Free | Partition Type: FAT E: Drive not present or media not loaded Drive F: | 465,65 Gb Total Space | 369,77 Gb Free Space | 79,41% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: METALLBAU-PC Current User Name: Windows 7 (System) Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Windows 7 (System)\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\cleansweep.exe\cleansweep.exe () PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) ========== Modules (SafeList) ========== MOD - C:\Users\Windows 7 (System)\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (EHttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3697.dll () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Hamachi2Svc) -- C:\MT2\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation) DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation) DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys (Egis Technology Inc.) DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\components [2010.05.15 12:45:58 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\plugins [2010.06.18 20:37:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.05.03 22:38:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.18 20:37:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.06.18 19:54:14 | 000,000,000 | ---D | M] [2010.05.31 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Extensions [2010.05.31 21:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.18 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Firefox\Profiles\ifxymu3v.default\extensions [2010.06.18 20:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Firefox\Profiles\ifxymu3v.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: ([2010.05.18 21:57:26 | 000,000,857 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (moigh Object) - {9A065E57-08DB-4946-9506-6547F4F5734D} - Reg Error: Value error. File not found O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XeroxEndeavorBackgroundTask] C:\Windows\SysNative\xrWCbgnd.dll (Xerox Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [{981ACF21-4AC3-6AF2-CAD1-AFCF32C22551}] C:\Users\Windows 7 (System)\AppData\Roaming\Atuxoz\hyibu.exe File not found O4 - HKCU..\Run: [4n7fcL8pVO2N] C:\Windows\SysWow64\svchost95.exe File not found O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe () O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Windows 7 (System)\AppData\Local\Temp\Dkh.exe File not found O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [svchost95] C:\Windows\svchost95.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.06 17:00:42 | 000,000,000 | ---D | M] - F:\AutoCad2005 -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M] NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation) NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation) NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation) NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.06.18 21:40:36 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Windows 7 (System)\Desktop\OTL.exe [2010.06.18 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Desktop\Alles rein [2010.06.18 20:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskBarDis [2010.06.18 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Foxit [2010.06.18 20:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010.06.18 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\ESET [2010.06.18 19:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2010.06.18 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.06.17 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\skypePM [2010.06.17 16:29:12 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Skype [2010.06.17 16:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions [2010.06.17 16:28:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.06.17 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.06.17 16:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.06.15 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Windows Server [2010.06.15 15:37:32 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Roxio [2010.06.15 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio [2010.06.15 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010.06.15 15:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2010.06.15 15:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2010.06.15 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2010.06.15 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio [2010.06.15 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared [2010.06.14 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\PowerCinema [2010.06.14 19:17:44 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\PowerCinema [2010.06.14 16:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gta san andreas [2010.06.13 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\plugins [2010.06.12 18:15:17 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Ubisoft [2010.06.12 18:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2010.06.12 17:49:34 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Diagnostics [2010.06.12 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\NFS Most Wanted Backups [2010.06.12 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\NFS Most Wanted [2010.06.12 15:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6 [2010.06.11 14:16:59 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\gtk-2.0 [2010.06.10 22:54:47 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\.thumbnails [2010.06.10 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\gegl-0.0 [2010.06.10 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\.gimp-2.6 [2010.06.10 22:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2010.06.10 22:29:07 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\PhotoFiltre [2010.06.10 22:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre [2010.06.07 16:57:57 | 000,000,000 | ---D | C] -- C:\Windows\San Andreas Mod Installer [2010.06.06 00:14:13 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\CyberLink [2010.06.06 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\PlayMovie [2010.06.05 23:21:53 | 000,000,000 | -H-D | C] -- C:\MyWinLockerData [2010.06.05 22:34:28 | 000,000,000 | R-SD | C] -- C:\Users\Windows 7 (System)\Documents\My Stationery [2010.06.05 12:23:40 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\LogMeIn Hamachi [2010.06.03 22:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grand Theft Auto San Andreas [2010.06.03 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\GTA San Andreas User Files [2010.06.03 20:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CSS-Editor [2010.06.02 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Broadcom [2010.06.02 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\Bluetooth-Exchange-Ordner [2010.06.02 17:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.05.31 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Thunderbird [2010.05.31 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Thunderbird [2010.05.31 19:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carrera Streckenplaner [2010.05.31 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Adobe [2010.05.31 09:24:15 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Atuxoz [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022 [2010.05.30 09:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.05.30 09:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.05.29 16:49:01 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\DivX [2010.05.29 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.05.29 16:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.05.29 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.05.29 16:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.05.29 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.29 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Apple Computer [2010.05.29 09:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combat Arms EU [2010.05.29 02:13:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.05.28 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Microsoft Games [2010.05.28 05:58:25 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Yfvait [2010.05.27 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\WinRAR [2010.05.26 21:53:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Google [2010.05.26 21:53:55 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Google [2010.05.26 18:45:41 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Apple Computer [2010.05.25 18:55:13 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Adobe [2010.05.25 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Mozilla [2010.05.25 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Mozilla [2010.05.25 18:53:48 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Macromedia [2010.05.25 18:53:47 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\EgisTec [2010.05.25 18:52:13 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Searches [2010.05.25 18:52:05 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Identities [2010.05.25 18:52:03 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Contacts [2010.05.25 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\VirtualStore [2010.05.25 18:51:58 | 000,000,000 | --SD | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Microsoft [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Videos [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Saved Games [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Pictures [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Music [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Links [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Favorites [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Downloads [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Documents [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Desktop [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Vorlagen [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\AppData\Local\Verlauf [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\AppData\Local\Temporary Internet Files [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Startmenü [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\SendTo [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Recent [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Netzwerkumgebung [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Lokale Einstellungen [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Documents\Eigene Videos [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Documents\Eigene Musik [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Eigene Dateien [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Documents\Eigene Bilder [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Druckumgebung [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Cookies [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\AppData\Local\Anwendungsdaten [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Anwendungsdaten [2010.05.25 18:51:58 | 000,000,000 | -H-D | C] -- C:\Users\Windows 7 (System)\AppData [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Temp [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Microsoft Help [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Microsoft [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Media Center Programs [2010.05.21 15:33:08 | 000,000,000 | ---D | C] -- C:\Nexon [2010.05.21 15:33:05 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.05.18 18:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T3Desk [2010.05.17 18:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2010.05.17 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.05.14 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner [2010.05.14 19:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2010.05.14 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4t Tray Minimizer [2010.05.13 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HypreCam Toolbar [2010.05.13 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2 [2010.05.11 15:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DeskShare Shared [2010.05.11 15:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deskshare [2010.05.07 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fpsp [2010.05.07 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter [2010.05.07 18:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2010.05.07 18:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2010.05.07 17:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2010.05.07 17:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa [2010.05.07 17:50:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2010.05.07 16:31:40 | 000,000,000 | ---D | C] -- C:\sdafd [2010.05.03 22:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.05.01 18:46:57 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\teamspeak2 [2010.05.01 18:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2 [2010.05.01 18:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2010.05.01 12:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2010.04.29 22:42:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Treiber [2010.04.29 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl [2010.04.24 10:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\funkwerk WIN-Tools [2010.04.21 12:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2010.04.21 12:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2010.04.21 12:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2010.04.12 11:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.04.12 11:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.04.08 10:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2010.04.08 09:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Subagames [2010.04.07 21:08:32 | 000,124,760 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys [2010.04.07 21:07:10 | 000,139,704 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys [2010.04.07 21:03:52 | 000,163,888 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys [2010.04.06 13:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.04.06 13:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.04.06 13:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010.04.06 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.04.06 13:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.04.04 23:29:28 | 000,000,000 | -H-D | C] -- C:\MT2 [2010.04.04 15:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Cam V2 [2010.04.02 22:13:04 | 000,000,000 | ---D | C] -- C:\Program Files\updates [2010.04.02 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2010.04.02 20:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.04.02 12:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox [2010.04.01 17:38:05 | 000,000,000 | ---D | C] -- C:\fhgfd [2010.04.01 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS [2010.04.01 16:31:18 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010.03.31 08:00:46 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.03.31 08:00:44 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2010.03.27 09:54:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2010.03.26 00:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.03.25 23:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.03.24 22:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2006.09.14 11:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\SysWow64\DivXGraphBuilderCallback.dll ========== Files - Modified Within 90 Days ========== [2010.06.18 21:43:57 | 002,097,152 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT [2010.06.18 21:40:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7 (System)\Desktop\OTL.exe [2010.06.18 21:40:03 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.18 21:14:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.18 19:41:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 19:41:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 19:39:00 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.18 19:39:00 | 000,656,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.18 19:39:00 | 000,616,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.18 19:39:00 | 000,131,874 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.18 19:39:00 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.18 19:34:49 | 000,097,384 | ---- | M] () -- C:\Users\Windows 7 (System)\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.18 19:34:41 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.18 19:34:21 | 000,388,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.18 19:34:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.18 19:34:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.18 19:33:58 | 3212,234,752 | -HS- | M] () -- C:\hiberfil.sys [2010.06.18 19:33:11 | 006,349,902 | -H-- | M] () -- C:\Users\Windows 7 (System)\AppData\Local\IconCache.db [2010.06.18 18:02:42 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Merling.job [2010.06.17 17:56:15 | 000,000,001 | ---- | M] () -- C:\Users\Windows 7 (System)\oashdihasidhasuidhiasdhiashdiuasdhasd [2010.06.17 16:31:27 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.06.16 11:18:16 | 000,002,863 | R-S- | M] () -- C:\Users\Windows 7 (System)\AppData\Roaming\usernt.dat [2010.06.15 15:37:32 | 000,000,000 | ---- | M] () -- C:\Users\Windows 7 (System)\AppData\Local\rx_image.Cache [2010.06.14 16:58:37 | 3630,059,453 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\gta san andreas.rar [2010.06.13 12:32:42 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.06.12 17:55:48 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2010.06.12 17:43:24 | 000,000,000 | -H-- | M] () -- C:\Users\Windows 7 (System)\Documents\Default.rdp [2010.06.12 16:27:28 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.06.12 16:27:28 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.06.11 14:38:42 | 000,141,141 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg [2010.06.11 14:27:53 | 000,000,880 | ---- | M] () -- C:\Users\Windows 7 (System)\.recently-used.xbel [2010.06.06 13:30:07 | 000,000,963 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\Downloads - Verknüpfung.lnk [2010.06.05 13:00:31 | 000,000,780 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\gta_sa - Verknüpfung.lnk [2010.05.30 09:03:23 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.05.25 22:14:40 | 000,524,288 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.05.25 22:14:40 | 000,524,288 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.05.25 22:14:40 | 000,065,536 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.05.25 18:51:58 | 000,000,020 | -HS- | M] () -- C:\Users\Windows 7 (System)\ntuser.ini [2010.05.21 15:33:05 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.05.18 21:57:26 | 000,000,857 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2010.05.17 00:31:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Acer Registration Reminder.job [2010.05.15 12:46:01 | 000,001,205 | ---- | M] () -- C:\Program Files\updates.xml [2010.05.15 12:46:01 | 000,000,057 | ---- | M] () -- C:\Program Files\active-update.xml [2010.05.15 12:45:57 | 000,000,701 | ---- | M] () -- C:\Program Files\updater.ini [2010.05.15 12:45:57 | 000,000,003 | ---- | M] () -- C:\Program Files\update.locale [2010.05.15 12:45:56 | 000,458,200 | ---- | M] (sqlite.org) -- C:\Program Files\sqlite3.dll [2010.05.15 12:45:56 | 000,000,478 | ---- | M] () -- C:\Program Files\softokn3.chk [2010.05.15 12:45:54 | 000,016,226 | ---- | M] () -- C:\Program Files\removed-files [2010.05.15 12:45:54 | 000,000,478 | ---- | M] () -- C:\Program Files\nssdbm3.chk [2010.05.15 12:45:54 | 000,000,141 | ---- | M] () -- C:\Program Files\platform.ini [2010.05.15 12:45:53 | 001,015,256 | ---- | M] () -- C:\Program Files\js3250.dll [2010.05.15 12:45:53 | 000,000,478 | ---- | M] () -- C:\Program Files\freebl3.chk [2010.05.15 12:45:52 | 000,004,296 | ---- | M] () -- C:\Program Files\crashreporter.ini [2010.05.15 12:45:52 | 000,000,705 | ---- | M] () -- C:\Program Files\crashreporter-override.ini [2010.05.15 12:45:49 | 000,031,393 | ---- | M] () -- C:\Program Files\LICENSE [2010.05.15 12:45:49 | 000,002,530 | ---- | M] () -- C:\Program Files\blocklist.xml [2010.05.15 12:45:49 | 000,002,126 | ---- | M] () -- C:\Program Files\application.ini [2010.05.15 12:45:49 | 000,000,220 | ---- | M] () -- C:\Program Files\browserconfig.properties [2010.05.15 12:45:49 | 000,000,000 | ---- | M] () -- C:\Program Files\.autoreg [2010.05.14 14:18:02 | 000,000,118 | ---- | M] () -- C:\Windows\wininit.ini [2010.05.07 17:51:18 | 001,531,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.03 22:38:14 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.05.02 01:29:08 | 732,645,133 | ---- | M] () -- C:\DarioMT2.rar [2010.04.29 12:37:16 | 000,000,046 | ---- | M] () -- C:\Windows\hmview.ini [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl [2010.04.26 20:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.24 10:51:39 | 000,002,314 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk [2010.04.21 12:51:58 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk [2010.04.19 20:56:34 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.04.10 16:24:26 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.04.07 21:08:32 | 000,124,760 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys [2010.04.07 21:07:10 | 000,139,704 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys [2010.04.07 21:03:52 | 000,163,888 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys [2010.04.06 13:32:54 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.03.31 08:00:46 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.03.31 08:00:44 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll ========== Files Created - No Company Name ========== [2010.06.17 16:31:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.16 11:18:15 | 000,002,863 | R-S- | C] () -- C:\Users\Windows 7 (System)\AppData\Roaming\usernt.dat [2010.06.15 22:11:22 | 000,000,001 | ---- | C] () -- C:\Users\Windows 7 (System)\oashdihasidhasuidhiasdhiashdiuasdhasd [2010.06.15 22:07:31 | 000,000,338 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job [2010.06.15 15:37:32 | 000,000,000 | ---- | C] () -- C:\Users\Windows 7 (System)\AppData\Local\rx_image.Cache [2010.06.14 16:40:53 | 3630,059,453 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\gta san andreas.rar [2010.06.12 17:53:12 | 001,112,950 | ---- | C] () -- C:\Windows\SysNative\hw.dll [2010.06.12 17:43:24 | 000,000,000 | -H-- | C] () -- C:\Users\Windows 7 (System)\Documents\Default.rdp [2010.06.12 16:27:28 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.06.12 16:27:28 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.06.11 14:27:53 | 000,000,880 | ---- | C] () -- C:\Users\Windows 7 (System)\.recently-used.xbel [2010.06.10 22:29:31 | 000,141,141 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg [2010.06.06 13:30:07 | 000,000,963 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\Downloads - Verknüpfung.lnk [2010.06.05 13:00:31 | 000,000,780 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\gta_sa - Verknüpfung.lnk [2010.05.30 09:03:25 | 000,000,502 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Merling.job [2010.05.30 09:03:23 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.05.25 18:51:58 | 002,097,152 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT [2010.05.25 18:51:58 | 000,524,288 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.05.25 18:51:58 | 000,524,288 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.05.25 18:51:58 | 000,262,144 | -HS- | C] () -- C:\Users\Windows 7 (System)\ntuser.dat.LOG1 [2010.05.25 18:51:58 | 000,065,536 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.05.25 18:51:58 | 000,000,020 | -HS- | C] () -- C:\Users\Windows 7 (System)\ntuser.ini [2010.05.25 18:51:58 | 000,000,000 | -HS- | C] () -- C:\Users\Windows 7 (System)\ntuser.dat.LOG2 [2010.05.15 12:46:01 | 000,001,205 | ---- | C] () -- C:\Program Files\updates.xml [2010.05.15 12:46:00 | 000,000,057 | ---- | C] () -- C:\Program Files\active-update.xml [2010.05.15 12:45:54 | 000,016,226 | ---- | C] () -- C:\Program Files\removed-files [2010.05.15 12:45:49 | 000,000,000 | ---- | C] () -- C:\Program Files\.autoreg [2010.05.14 14:18:02 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini [2010.05.07 17:51:17 | 001,531,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.03 22:38:14 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.05.01 21:01:57 | 732,645,133 | ---- | C] () -- C:\DarioMT2.rar [2010.04.26 20:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.24 11:26:11 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2010.04.24 10:51:39 | 000,002,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk [2010.04.21 12:51:58 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk [2010.04.10 16:24:25 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.04.06 13:32:54 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.01 18:40:03 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.02.22 16:43:21 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.22 01:13:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.09.22 01:13:30 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.11.20 18:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini [2006.10.26 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll [2006.10.26 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll [2005.07.15 20:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2005.07.15 20:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2005.07.15 20:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll ========== LOP Check ========== [2010.06.18 19:57:06 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Atuxoz [2010.06.18 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Foxit [2010.06.11 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\gtk-2.0 [2010.06.10 22:30:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\PhotoFiltre [2010.06.14 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\PowerCinema [2010.05.31 21:09:27 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Thunderbird [2010.06.12 18:15:17 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Ubisoft [2010.06.18 19:32:47 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Yfvait [2010.05.17 00:31:19 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\Acer Registration Reminder.job [2010.06.07 07:10:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.06.18 21:40:03 | 000,000,338 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.04.10 16:24:26 | 000,001,024 | ---- | M] () -- C:\.rnd [2009.10.16 23:14:23 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2010.05.02 01:29:08 | 732,645,133 | ---- | M] () -- C:\DarioMT2.rar [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt [2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt [2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt [2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt [2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini [2010.06.18 19:33:58 | 3212,234,752 | -HS- | M] () -- C:\hiberfil.sys [2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe [2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini [2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll [2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll [2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll [2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll [2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll [2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll [2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll [2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll [2010.06.18 19:34:00 | 4282,982,400 | -HS- | M] () -- C:\pagefile.sys [2009.09.22 01:00:35 | 000,003,192 | ---- | M] () -- C:\RHDSetup.log [2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp [2007.11.07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab [2007.11.07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI [2009.09.22 01:13:30 | 000,000,189 | ---- | M] () -- C:\Webcam.log < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\expsrv.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\drivers\*.sys /90 > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\Windows 7 (System)\Desktop\Alles rein:Roxio EMC Stream @Alternate Data Stream - 76 bytes -> C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg:Roxio EMC Stream @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54 < End of report > |
|
18.06.2010, 21:00
| #4 |
| /// Selecta Jahrusso | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? Ja Run2. Ich weiß nicht wie das manche anstellen, kommt aber vor. was kannst Du mir dazu sagen ? O1 - Hosts: 127.0.0.1 activate.adobe.com
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.06.2010, 21:04
| #5 | |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? habbe schon vorhin ne anleitung befolgt aber das war bei jemanden anders ..soll ich den alten extra noch einfügen ???? Zitat:
.... achso und 127.0.0.1 ist doch meine lokale ip oder ??? |
|
18.06.2010, 21:14
| #6 |
| /// Selecta Jahrusso | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? Poste mal die alte Extras.txt
__________________ --> Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? |
|
18.06.2010, 21:17
| #7 |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 18.06.2010 20:12:26 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Windows 7 (System)\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,16 Gb Total Space | 315,95 Gb Free Space | 70,19% Space Free | Partition Type: NTFS
Drive D: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,85% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
Drive F: | 465,65 Gb Total Space | 369,77 Gb Free Space | 79,41% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: METALLBAU-PC
Current User Name: Windows 7 (System)
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2254292999-42661514-4164187713-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053B3DA8-91B5-4682-A130-715412A1A253}" = Paint.NET v3.5.4
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{61A20274-C591-443B-B504-0A7D5721AC08}" = ESET NOD32 Antivirus
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{067EC517-9731-43FD-B4D5-296EE0027BBB}" = LogMeIn Hamachi
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{31146037-317A-43F3-BCB3-10C3ED3F10A9}" = Roxio WinOnCD 9
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{669A37FF-A446-46F9-8AAE-EEC1988A2ADF}" = Autodesk Design Review Firefox Add-on v1.1
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{79221CA7-A39A-4AE5-A558-B5D928393FC4}_is1" = File Extractor v0.9.9
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D20B4D7-3422-4099-9332-39F27E617A6F}" = Autodesk Design Review 2011
"{8D8DAC0F-56E7-446B-B8A3-A7E75EEF077B}_is1" = T3Desk 2010 Build Version 10.01
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{0B9EAEAC-F271-45DC-BDCB-06ABEEF19825}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AC5BB16-8C22-4D5C-9A07-9196183B50C9}_is1" = mirabyte Web Architect 9.0.4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A837BCE6-BCB1-4A44-8807-A678EAF06933}" = ANNO 1404 Entwickler-Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.2 MUI
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBC79D04-051E-4367-8051-1DB0C893FBE0}" = Nuvoton CIR Device Drivers
"{FCC662D1-01A8-4034-B67D-2AD91F723154}" = Acer Arcade Instant On
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4t Tray Minimizer_is1" = 4t Tray Minimizer Free 4.40
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Ask Toolbar_is1" = Foxit Toolbar
"Autodesk Design Review 2011" = Autodesk Design Review 2011
"AviSynth" = AviSynth 2.5
"Carrera Streckenplaner" = Carrera Streckenplaner
"Combat Arms EU" = Combat Arms EU
"CSS-Editor_is1" = CSS-Editor
"DivX Setup.divx.com" = DivX-Setup
"Foxit Reader" = Foxit Reader
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 3.4
"FreeStar Free PSP Video Converter" = FreeStar Free PSP Video Converter 2.0.12
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"HypreCam Toolbar" = HypreCam Toolbar
"ICQToolbar" = ICQ Toolbar
"Identity Card" = Identity Card
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"InstallShield_{F1C6C824-FF4F-4CD6-9B25-E40F750FC2E8}" = funkwerk Eumex 401 WIN-Tools V1.00
"JDownloader" = JDownloader
"LManager" = Launch Manager
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"My Screen Recorder_is1" = My Screen Recorder 2.62
"NSS" = Norton Security Scan
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"PremiumSoft Navicat Lite 8.2_is1" = PremiumSoft Navicat Lite 8.2
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 9.0
"PSP Video 9" = PSP Video 9 5.04
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"ST6UNST #1" = Gelber-Bieger WB 1.2.1
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Total Video Converter 3.61_is1" = Total Video Converter 3.61 100319
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2254292999-42661514-4164187713-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PhotoFiltre" = PhotoFiltre
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.06.2010 02:44:29 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.06.2010 02:44:29 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 11.06.2010 12:17:38 | Computer Name = Metallbau-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gta_sa.exe, Version: 0.0.0.0, Zeitstempel:
0x00564544 Name des fehlerhaften Moduls: gta_sa.exe, Version: 0.0.0.0, Zeitstempel:
0x00564544 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b5e03 ID des fehlerhaften Prozesses:
0x5f0 Startzeit der fehlerhaften Anwendung: 0x01cb097e49004b83 Pfad der fehlerhaften
Anwendung: C:\Users\Windows 7 (System)\Desktop\Grand Theft Auto San Andreas\gta_sa.exe
Pfad
des fehlerhaften Moduls: C:\Users\Windows 7 (System)\Desktop\Grand Theft Auto San
Andreas\gta_sa.exe Berichtskennung: da02bf1b-7574-11df-a17d-b4999534092b
Error - 12.06.2010 09:51:47 | Computer Name = Metallbau-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: thunderbird.exe, Version: 1.9.1.3728,
Zeitstempel: 0x4ba12250 Name des fehlerhaften Moduls: thunderbird.exe, Version:
1.9.1.3728, Zeitstempel: 0x4ba12250 Ausnahmecode: 0xc0000005 Fehleroffset: 0x005a0e42
ID
des fehlerhaften Prozesses: 0xb8c Startzeit der fehlerhaften Anwendung: 0x01cb0a366207d846
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
Berichtskennung:
a4408b22-7629-11df-a10e-fa72aced7351
Error - 12.06.2010 20:37:45 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 12.06.2010 20:38:45 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 12.06.2010 20:38:59 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.06.2010 20:38:59 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.06.2010 20:38:59 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 12.06.2010 20:38:59 | Computer Name = Metallbau-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
[ Media Center Events ]
Error - 26.03.2010 03:17:40 | Computer Name = Metallbau-PC | Source = MCUpdate | ID = 0
Description = 08:17:40 - Fehler beim Herstellen der Internetverbindung. 08:17:40
- Serververbindung konnte nicht hergestellt werden..
Error - 26.03.2010 03:17:49 | Computer Name = Metallbau-PC | Source = MCUpdate | ID = 0
Description = 08:17:45 - Fehler beim Herstellen der Internetverbindung. 08:17:45
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.05.2010 07:43:09 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2010 07:47:49 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2010 18:10:06 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 28.05.2010 19:51:12 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 29.05.2010 03:39:12 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 29.05.2010 10:38:40 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 29.05.2010 12:56:19 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.05.2010 02:54:06 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.05.2010 06:19:54 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 30.05.2010 11:23:35 | Computer Name = Metallbau-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "McAfee Real-time Scanner" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
< End of report >
|
|
18.06.2010, 21:30
| #8 |
| /// Selecta Jahrusso | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? Sollte ich einen Crack finden, muss ich den Support einstellen. Schritt 1
Code:
ATTFilter :OTL
PRC - C:\cleansweep.exe\cleansweep.exe ()
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [{981ACF21-4AC3-6AF2-CAD1-AFCF32C22551}] C:\Users\Windows 7 (System)\AppData\Roaming\Atuxoz\hyibu.exe File not found
O4 - HKCU..\Run: [4n7fcL8pVO2N] C:\Windows\SysWow64\svchost95.exe File not found
O4 - HKCU..\Run: [cleansweep.exe] C:\cleansweep.exe\cleansweep.exe ()
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Users\Windows 7 (System)\AppData\Local\Temp\Dkh.exe File not found
O4 - HKCU..\Run: [svchost95] C:\Windows\svchost95.exe (Microsoft Corporation)
[2010.06.15 22:11:22 | 000,000,001 | ---- | C] () -- C:\Users\Windows 7 (System)\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.06.15 22:07:31 | 000,000,338 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
@Alternate Data Stream - 76 bytes -> C:\Users\Windows 7 (System)\Desktop\Alles rein:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg:Roxio EMC Stream
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:AB689DEA
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:93DE1838
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:444C53BA
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:4CF61E54
:services
:files
C:\Program Files (x86)\AskBarDis
C:\cleansweep.exe
C:\Users\Windows 7 (System)\AppData\Roaming\Atuxoz
:reg
:Commands
[purity]
[emptytemp]
[resethosts]
[emptyflash]
[reboot]
Schritt 2 Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan) Downloade Dir bitte Malwarebytes
Schritt 3 Starte bitte OTL.exe und klicke auf den Quick Scan Button. Bitte poste in Deiner nächsten Antwort log von OTLfix MBAM Log OTL.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.06.2010, 21:51
| #9 |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? das kamm nach dem neustart Code:
ATTFilter All processes killed
========== OTL ==========
No active process named cleansweep.exe was found!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{981ACF21-4AC3-6AF2-CAD1-AFCF32C22551} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{981ACF21-4AC3-6AF2-CAD1-AFCF32C22551}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\4n7fcL8pVO2N deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cleansweep.exe deleted successfully.
C:\cleansweep.exe\cleansweep.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\svchost95 deleted successfully.
C:\Windows\svchost95.exe moved successfully.
C:\Users\Windows 7 (System)\oashdihasidhasuidhiasdhiashdiuasdhasd moved successfully.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
ADS C:\Users\Windows 7 (System)\Desktop\Alles rein:Roxio EMC Stream deleted successfully.
ADS C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
ADS C:\ProgramData\Temp:4D066AD2 deleted successfully.
ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully.
ADS C:\ProgramData\Temp:93DE1838 deleted successfully.
ADS C:\ProgramData\Temp:E1F04E8D deleted successfully.
ADS C:\ProgramData\Temp:444C53BA deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:4CF61E54 deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Program Files (x86)\AskBarDis\bar\Settings folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar\bin folder moved successfully.
C:\Program Files (x86)\AskBarDis\bar folder moved successfully.
C:\Program Files (x86)\AskBarDis folder moved successfully.
C:\cleansweep.exe folder moved successfully.
C:\Users\Windows 7 (System)\AppData\Roaming\Atuxoz folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Merling
->Temp folder emptied: 521341711 bytes
->Temporary Internet Files folder emptied: 128079054 bytes
->Java cache emptied: 12251195 bytes
->FireFox cache emptied: 36542939 bytes
->Google Chrome cache emptied: 6329958 bytes
->Flash cache emptied: 15951155 bytes
User: Public
User: Windows
User: Windows 7 (System)
->Temp folder emptied: 178897013 bytes
->Temporary Internet Files folder emptied: 84875636 bytes
->Java cache emptied: 457363 bytes
->FireFox cache emptied: 250807836 bytes
->Google Chrome cache emptied: 23010579 bytes
->Flash cache emptied: 18205 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121009613 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 1459477997 bytes
Total Files Cleaned = 2.708,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Merling
->Flash cache emptied: 0 bytes
User: Public
User: Windows
User: Windows 7 (System)
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.6.0 log created on 06182010_224250
Files\Folders moved on Reboot...
C:\Users\Windows 7 (System)\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\JETC65A.tmp moved successfully.
Registry entries deleted on Reboot...
|
|
18.06.2010, 22:01
| #10 |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? das ist die mbam der lap top ist immer noch so schnell wie vorher aber nichts langsam Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4213
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.06.2010 22:55:43
mbam-log-2010-06-18 (22-55-43).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146313
Laufzeit: 3 Minute(n), 44 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
C:\Program Files\js3250.dll (Spyware.OnlineGames) -> Delete on reboot.
Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7b6a2552-e65b-4a9e-add4-c45577ffd8fd} (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adgj.aghlp.1 (Adware.EZLife) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9a065e57-08db-4946-9506-6547f4f5734d} (Adware.AdRotator) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9a065e57-08db-4946-9506-6547f4f5734d} (Adware.AdRotator) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
C:\Windows\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
Infizierte Dateien:
C:\Program Files\js3250.dll (Spyware.OnlineGames) -> Delete on reboot.
|
|
18.06.2010, 22:07
| #11 |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? und hier nochma der letzte scan OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2010 23:02:27 - Run 4 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Windows 7 (System)\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 63,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 450,16 Gb Total Space | 317,85 Gb Free Space | 70,61% Space Free | Partition Type: NTFS Drive D: | 1,88 Gb Total Space | 1,87 Gb Free Space | 99,85% Space Free | Partition Type: FAT E: Drive not present or media not loaded Drive F: | 465,65 Gb Total Space | 369,77 Gb Free Space | 79,41% Space Free | Partition Type: FAT32 G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: METALLBAU-PC Current User Name: Windows 7 (System) Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Windows 7 (System)\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) PRC - C:\Program Files\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.) PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) PRC - C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Program Files (x86)\funkwerk WIN-Tools\Eumex 401 WIN-Tools V1.00\ControlCenter.exe (Funkwerk Enterprise Communications GmbH) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) PRC - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions) ========== Modules (SafeList) ========== MOD - C:\Users\Windows 7 (System)\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET) SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation) SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation) SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation) SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation) SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation) SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation) SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation) SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation) SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation) SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation) SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation) SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation) SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation) SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation) SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation) SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation) SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation) SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation) SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation) SRV:64bit: - (Updater Service) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Acer) SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3697.dll () SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (Hamachi2Svc) -- C:\MT2\Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.) SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation) SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (NTISchedulerSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.) SRV - (NTIBackupSvc) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.) SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (vmm) -- C:\Windows\SysNative\Treiber\VMM.sys (Microsoft Corporation) DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET) DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET) DRV:64bit: - (eamonm) -- C:\Windows\SysNative\drivers\eamonm.sys (ESET) DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation) DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.) DRV:64bit: - (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) -- C:\Windows\SysNative\drivers\FPSensor.sys (EgisTec) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation) DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation) DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron ) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation) DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation) DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation) DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation) DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation) DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation) DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation) DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation) DRV:64bit: - (usbrndis6) -- C:\Windows\SysNative\drivers\usb80236.sys (Microsoft Corporation) DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation) DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation) DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation) DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation) DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation) DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation) DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation) DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation) DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation) DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation) DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation) DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation) DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation) DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation) DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation) DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation) DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation) DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation) DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation) DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation) DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation) DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation) DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation) DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation) DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation) DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation) DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.) DRV:64bit: - (VPCNetS2) -- C:\Windows\SysNative\drivers\VMNetSrv.sys (Microsoft Corporation) DRV:64bit: - (RxFilter) -- C:\Windows\SysNative\drivers\RxFilter.sys (Sonic Solutions) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation) DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDVdisk.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDFilter.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x64\mwlPSDNServ.sys (Egis Technology Inc.) DRV - (DKbFltr) Dritek Keyboard Filter Driver (64-bit) -- C:\Windows\SysWOW64\drivers\DKbFltr.sys (Dritek System Inc.) DRV - (RxFilter) -- C:\Windows\SysWOW64\drivers\RxFilter.sys (Sonic Solutions) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_8940g&r=273602108006l0343z175t4882y803 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\components [2010.06.18 23:00:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\plugins [2010.06.18 23:00:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.05.03 22:38:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.06.18 20:37:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.06.18 19:54:14 | 000,000,000 | ---D | M] [2010.05.31 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Extensions [2010.05.31 21:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.06.18 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Firefox\Profiles\ifxymu3v.default\extensions [2010.06.18 20:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Windows 7 (System)\AppData\Roaming\mozilla\Firefox\Profiles\ifxymu3v.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} O1 HOSTS File: ([2010.06.18 22:44:32 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg64.dll (Google Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (HypreCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HypreCam Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [XeroxEndeavorBackgroundTask] C:\Windows\SysNative\xrWCbgnd.dll (Xerox Corporation) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation) O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.02.06 17:00:42 | 000,000,000 | ---D | M] - F:\AutoCad2005 -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.06.18 23:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins [2010.06.18 22:49:47 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Malwarebytes [2010.06.18 22:49:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.18 22:49:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.18 22:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.06.18 22:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.18 22:42:50 | 000,000,000 | ---D | C] -- C:\_OTL [2010.06.18 21:40:36 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Windows 7 (System)\Desktop\OTL.exe [2010.06.18 20:39:18 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Desktop\Alles rein [2010.06.18 20:37:03 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Foxit [2010.06.18 20:37:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software [2010.06.18 19:57:52 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\ESET [2010.06.18 19:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2010.06.18 19:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010.06.17 16:31:26 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\skypePM [2010.06.17 16:29:12 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Skype [2010.06.17 16:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\extensions [2010.06.17 16:28:30 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2010.06.17 16:28:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2010.06.17 16:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.06.15 22:07:31 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Windows Server [2010.06.15 15:37:32 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Roxio [2010.06.15 15:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio [2010.06.15 15:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2010.06.15 15:35:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic [2010.06.15 15:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio [2010.06.15 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared [2010.06.15 15:34:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Roxio [2010.06.15 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared [2010.06.14 19:17:46 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\PowerCinema [2010.06.14 19:17:44 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\PowerCinema [2010.06.14 16:39:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gta san andreas [2010.06.13 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\plugins [2010.06.12 18:15:17 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Ubisoft [2010.06.12 18:00:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Tages [2010.06.12 17:49:34 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Diagnostics [2010.06.12 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\NFS Most Wanted Backups [2010.06.12 16:21:26 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\NFS Most Wanted [2010.06.12 15:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6 [2010.06.11 14:16:59 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\gtk-2.0 [2010.06.10 22:54:47 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\.thumbnails [2010.06.10 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\gegl-0.0 [2010.06.10 22:40:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\.gimp-2.6 [2010.06.10 22:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2010.06.10 22:29:07 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\PhotoFiltre [2010.06.10 22:29:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoFiltre [2010.06.07 16:57:57 | 000,000,000 | ---D | C] -- C:\Windows\San Andreas Mod Installer [2010.06.06 00:14:13 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\CyberLink [2010.06.06 00:14:10 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\PlayMovie [2010.06.05 23:21:53 | 000,000,000 | -H-D | C] -- C:\MyWinLockerData [2010.06.05 22:34:28 | 000,000,000 | R-SD | C] -- C:\Users\Windows 7 (System)\Documents\My Stationery [2010.06.05 12:23:40 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\LogMeIn Hamachi [2010.06.03 22:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Grand Theft Auto San Andreas [2010.06.03 22:43:38 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\GTA San Andreas User Files [2010.06.03 20:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CSS-Editor [2010.06.02 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Broadcom [2010.06.02 21:11:57 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\Documents\Bluetooth-Exchange-Ordner [2010.06.02 17:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2010.05.31 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Thunderbird [2010.05.31 21:09:25 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Thunderbird [2010.05.31 19:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Carrera Streckenplaner [2010.05.31 18:58:42 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Adobe [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.05.30 09:03:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0207030.022 [2010.05.30 09:03:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.05.30 09:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2010.05.29 16:49:01 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\DivX [2010.05.29 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine [2010.05.29 16:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\DivX [2010.05.29 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared [2010.05.29 16:46:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX [2010.05.29 16:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX [2010.05.29 15:43:50 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Apple Computer [2010.05.29 09:44:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combat Arms EU [2010.05.29 02:13:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.05.28 15:18:40 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Microsoft Games [2010.05.28 05:58:25 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Yfvait [2010.05.27 19:44:16 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\WinRAR [2010.05.26 21:53:56 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Google [2010.05.26 21:53:55 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Google [2010.05.26 18:45:41 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Apple Computer [2010.05.25 18:55:13 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Adobe [2010.05.25 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Mozilla [2010.05.25 18:54:24 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Mozilla [2010.05.25 18:53:48 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Macromedia [2010.05.25 18:53:47 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\EgisTec [2010.05.25 18:52:13 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Searches [2010.05.25 18:52:05 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Identities [2010.05.25 18:52:03 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Contacts [2010.05.25 18:52:01 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\VirtualStore [2010.05.25 18:51:58 | 000,000,000 | --SD | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Microsoft [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Videos [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Saved Games [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Pictures [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Music [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Links [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Favorites [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Downloads [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Documents [2010.05.25 18:51:58 | 000,000,000 | R--D | C] -- C:\Users\Windows 7 (System)\Desktop [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Vorlagen [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\AppData\Local\Verlauf [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\AppData\Local\Temporary Internet Files [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Startmenü [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\SendTo [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Recent [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Netzwerkumgebung [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Lokale Einstellungen [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Documents\Eigene Videos [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Documents\Eigene Musik [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Eigene Dateien [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Documents\Eigene Bilder [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Druckumgebung [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Cookies [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\AppData\Local\Anwendungsdaten [2010.05.25 18:51:58 | 000,000,000 | -HSD | C] -- C:\Users\Windows 7 (System)\Anwendungsdaten [2010.05.25 18:51:58 | 000,000,000 | -H-D | C] -- C:\Users\Windows 7 (System)\AppData [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Temp [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Microsoft Help [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Local\Microsoft [2010.05.25 18:51:58 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\Media Center Programs [2010.05.21 15:33:08 | 000,000,000 | ---D | C] -- C:\Nexon [2010.05.21 15:33:05 | 000,421,888 | ---- | C] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.05.18 18:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\T3Desk [2010.05.17 18:15:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2010.05.17 18:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.05.14 22:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner [2010.05.14 19:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU [2010.05.14 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\4t Tray Minimizer [2010.05.13 15:31:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HypreCam Toolbar [2010.05.13 15:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HyCam2 [2010.05.11 15:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DeskShare Shared [2010.05.11 15:15:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deskshare [2010.05.07 22:23:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fpsp [2010.05.07 21:58:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Total Video Converter [2010.05.07 18:54:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2010.05.07 18:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2010.05.07 17:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2010.05.07 17:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Kawa [2010.05.07 17:50:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP [2010.05.07 16:31:40 | 000,000,000 | ---D | C] -- C:\sdafd [2010.05.03 22:38:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2010.05.01 18:46:57 | 000,000,000 | ---D | C] -- C:\Users\Windows 7 (System)\AppData\Roaming\teamspeak2 [2010.05.01 18:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Teamspeak2_RC2 [2010.05.01 18:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2010.05.01 12:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2010.04.29 22:42:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Treiber [2010.04.29 22:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Virtual PC [2010.04.27 00:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl [2010.04.24 10:51:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\funkwerk WIN-Tools [2010.04.21 12:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk [2010.04.21 12:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2010.04.21 12:51:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2010.04.12 11:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010.04.12 11:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.04.08 10:10:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai [2010.04.08 09:47:53 | 000,000,000 | ---D | C] -- C:\Program Files\Subagames [2010.04.07 21:08:32 | 000,124,760 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys [2010.04.07 21:07:10 | 000,139,704 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys [2010.04.07 21:03:52 | 000,163,888 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys [2010.04.06 13:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2010.04.06 13:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2010.04.06 13:31:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2010.04.06 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2010.04.06 13:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2010.04.04 23:29:28 | 000,000,000 | -H-D | C] -- C:\MT2 [2010.04.04 15:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Cam V2 [2010.04.02 20:03:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar [2010.04.02 20:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ [2010.04.02 12:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox [2010.04.01 17:38:05 | 000,000,000 | ---D | C] -- C:\fhgfd [2010.04.01 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS [2010.04.01 16:31:18 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys [2010.03.31 08:00:46 | 000,086,016 | ---- | C] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.03.31 08:00:44 | 000,084,992 | ---- | C] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll [2010.03.27 09:54:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2010.03.26 00:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft [2010.03.25 23:49:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2010.03.24 22:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2006.09.14 11:32:20 | 000,028,672 | R--- | C] ( ) -- C:\Windows\SysWow64\DivXGraphBuilderCallback.dll ========== Files - Modified Within 90 Days ========== [2010.06.18 23:04:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 23:04:14 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.18 23:02:39 | 001,501,000 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.18 23:02:39 | 000,656,010 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.18 23:02:39 | 000,616,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.18 23:02:39 | 000,131,874 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.18 23:02:39 | 000,108,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.18 23:00:47 | 000,001,484 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.06.18 23:00:27 | 002,097,152 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT [2010.06.18 22:57:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.06.18 22:56:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.18 22:56:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.18 22:56:38 | 3212,234,752 | -HS- | M] () -- C:\hiberfil.sys [2010.06.18 22:55:51 | 006,357,490 | -H-- | M] () -- C:\Users\Windows 7 (System)\AppData\Local\IconCache.db [2010.06.18 22:49:36 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.18 22:44:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2010.06.18 22:14:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.06.18 21:40:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Windows 7 (System)\Desktop\OTL.exe [2010.06.18 19:34:49 | 000,097,384 | ---- | M] () -- C:\Users\Windows 7 (System)\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.18 19:34:21 | 000,388,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.18 18:02:42 | 000,000,502 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Merling.job [2010.06.17 16:31:27 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.06.16 11:18:16 | 000,002,863 | R-S- | M] () -- C:\Users\Windows 7 (System)\AppData\Roaming\usernt.dat [2010.06.15 15:37:32 | 000,000,000 | ---- | M] () -- C:\Users\Windows 7 (System)\AppData\Local\rx_image.Cache [2010.06.14 16:58:37 | 3630,059,453 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\gta san andreas.rar [2010.06.13 12:32:42 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.06.12 17:55:48 | 000,000,441 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2010.06.12 17:43:24 | 000,000,000 | -H-- | M] () -- C:\Users\Windows 7 (System)\Documents\Default.rdp [2010.06.12 16:27:28 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.06.12 16:27:28 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.06.11 14:38:42 | 000,141,141 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg [2010.06.11 14:27:53 | 000,000,880 | ---- | M] () -- C:\Users\Windows 7 (System)\.recently-used.xbel [2010.06.06 13:30:07 | 000,000,963 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\Downloads - Verknüpfung.lnk [2010.06.05 13:00:31 | 000,000,780 | ---- | M] () -- C:\Users\Windows 7 (System)\Desktop\gta_sa - Verknüpfung.lnk [2010.05.30 09:03:23 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.05.25 22:14:40 | 000,524,288 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.05.25 22:14:40 | 000,524,288 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.05.25 22:14:40 | 000,065,536 | -HS- | M] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.05.25 18:51:58 | 000,000,020 | -HS- | M] () -- C:\Users\Windows 7 (System)\ntuser.ini [2010.05.21 15:33:05 | 000,421,888 | ---- | M] (NEXON Inc.) -- C:\Windows\NEXON_EU_DownloaderUpdater.exe [2010.05.17 00:31:19 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\Acer Registration Reminder.job [2010.05.15 12:45:54 | 000,016,226 | ---- | M] () -- C:\Program Files\removed-files [2010.05.15 12:45:49 | 000,000,000 | ---- | M] () -- C:\Program Files\.autoreg [2010.05.14 14:18:02 | 000,000,118 | ---- | M] () -- C:\Windows\wininit.ini [2010.05.07 17:51:18 | 001,531,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.03 22:38:14 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.05.02 01:29:08 | 732,645,133 | ---- | M] () -- C:\DarioMT2.rar [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.04.29 12:37:16 | 000,000,046 | ---- | M] () -- C:\Windows\hmview.ini [2010.04.27 00:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\SysWow64\DivXControlPanelApplet.cpl [2010.04.26 20:32:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.24 10:51:39 | 000,002,314 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk [2010.04.21 12:51:58 | 000,002,158 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk [2010.04.19 20:56:34 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI [2010.04.10 16:24:26 | 000,001,024 | ---- | M] () -- C:\.rnd [2010.04.07 21:08:32 | 000,124,760 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys [2010.04.07 21:07:10 | 000,139,704 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys [2010.04.07 21:03:52 | 000,163,888 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamonm.sys [2010.04.06 13:32:54 | 000,001,849 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.01 20:00:17 | 001,015,256 | ---- | M] () -- C:\Program Files\js3250.dll [2010.04.01 20:00:17 | 000,458,200 | ---- | M] (sqlite.org) -- C:\Program Files\sqlite3.dll [2010.04.01 18:54:38 | 000,004,296 | ---- | M] () -- C:\Program Files\crashreporter.ini [2010.04.01 18:54:38 | 000,000,705 | ---- | M] () -- C:\Program Files\crashreporter-override.ini [2010.04.01 18:54:38 | 000,000,701 | ---- | M] () -- C:\Program Files\updater.ini [2010.04.01 18:54:38 | 000,000,220 | ---- | M] () -- C:\Program Files\browserconfig.properties [2010.04.01 18:54:38 | 000,000,003 | ---- | M] () -- C:\Program Files\update.locale [2010.04.01 17:56:18 | 000,000,478 | ---- | M] () -- C:\Program Files\softokn3.chk [2010.04.01 17:56:18 | 000,000,478 | ---- | M] () -- C:\Program Files\nssdbm3.chk [2010.04.01 17:56:18 | 000,000,478 | ---- | M] () -- C:\Program Files\freebl3.chk [2010.04.01 17:56:17 | 000,031,393 | ---- | M] () -- C:\Program Files\LICENSE [2010.04.01 17:56:17 | 000,002,530 | ---- | M] () -- C:\Program Files\blocklist.xml [2010.04.01 17:56:17 | 000,002,126 | ---- | M] () -- C:\Program Files\application.ini [2010.04.01 17:56:17 | 000,000,141 | ---- | M] () -- C:\Program Files\platform.ini [2010.03.31 08:00:46 | 000,086,016 | ---- | M] (Beepa P/L) -- C:\Windows\SysWow64\frapsvid.dll [2010.03.31 08:00:44 | 000,084,992 | ---- | M] (Beepa P/L) -- C:\Windows\SysNative\frapsv64.dll ========== Files Created - No Company Name ========== [2010.06.18 23:00:39 | 001,015,256 | ---- | C] () -- C:\Program Files\js3250.dll [2010.06.18 22:49:36 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.17 16:31:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.16 11:18:15 | 000,002,863 | R-S- | C] () -- C:\Users\Windows 7 (System)\AppData\Roaming\usernt.dat [2010.06.15 15:37:32 | 000,000,000 | ---- | C] () -- C:\Users\Windows 7 (System)\AppData\Local\rx_image.Cache [2010.06.14 16:40:53 | 3630,059,453 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\gta san andreas.rar [2010.06.12 17:53:12 | 001,112,950 | ---- | C] () -- C:\Windows\SysNative\hw.dll [2010.06.12 17:43:24 | 000,000,000 | -H-- | C] () -- C:\Users\Windows 7 (System)\Documents\Default.rdp [2010.06.12 16:27:28 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2010.06.12 16:27:28 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2010.06.11 14:27:53 | 000,000,880 | ---- | C] () -- C:\Users\Windows 7 (System)\.recently-used.xbel [2010.06.10 22:29:31 | 000,141,141 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\6-468fb3e909eff8632127632b608d9fd5.jpg [2010.06.06 13:30:07 | 000,000,963 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\Downloads - Verknüpfung.lnk [2010.06.05 13:00:31 | 000,000,780 | ---- | C] () -- C:\Users\Windows 7 (System)\Desktop\gta_sa - Verknüpfung.lnk [2010.05.30 09:03:25 | 000,000,502 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Merling.job [2010.05.30 09:03:23 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0207030.022\isolate.ini [2010.05.25 18:51:58 | 002,097,152 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT [2010.05.25 18:51:58 | 000,524,288 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2010.05.25 18:51:58 | 000,524,288 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2010.05.25 18:51:58 | 000,262,144 | -HS- | C] () -- C:\Users\Windows 7 (System)\ntuser.dat.LOG1 [2010.05.25 18:51:58 | 000,065,536 | -HS- | C] () -- C:\Users\Windows 7 (System)\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2010.05.25 18:51:58 | 000,000,020 | -HS- | C] () -- C:\Users\Windows 7 (System)\ntuser.ini [2010.05.25 18:51:58 | 000,000,000 | -HS- | C] () -- C:\Users\Windows 7 (System)\ntuser.dat.LOG2 [2010.05.15 12:45:54 | 000,016,226 | ---- | C] () -- C:\Program Files\removed-files [2010.05.15 12:45:49 | 000,000,000 | ---- | C] () -- C:\Program Files\.autoreg [2010.05.14 14:18:02 | 000,000,118 | ---- | C] () -- C:\Windows\wininit.ini [2010.05.07 17:51:17 | 001,531,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.05.03 22:38:14 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk [2010.05.01 21:01:57 | 732,645,133 | ---- | C] () -- C:\DarioMT2.rar [2010.04.26 20:32:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2010.04.24 11:26:11 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2010.04.24 10:51:39 | 000,002,314 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk [2010.04.21 12:51:58 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk Design Review.lnk [2010.04.10 16:24:25 | 000,001,024 | ---- | C] () -- C:\.rnd [2010.04.06 13:32:54 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2010.04.01 18:40:03 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2010.02.22 16:43:21 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI [2009.09.22 01:13:30 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.09.22 01:13:30 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2006.11.20 18:23:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\px.ini [2006.10.26 23:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Roxio.dll [2006.10.26 23:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\SysWow64\CddbFileTaggerRoxio.dll [2005.07.15 20:35:56 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll [2005.07.15 20:35:56 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2005.07.15 20:35:24 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll ========== LOP Check ========== [2010.06.18 20:37:03 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Foxit [2010.06.11 14:16:59 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\gtk-2.0 [2010.06.10 22:30:43 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\PhotoFiltre [2010.06.14 19:17:51 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\PowerCinema [2010.05.31 21:09:27 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Thunderbird [2010.06.12 18:15:17 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Ubisoft [2010.06.18 22:34:49 | 000,000,000 | ---D | M] -- C:\Users\Windows 7 (System)\AppData\Roaming\Yfvait [2010.05.17 00:31:19 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\Acer Registration Reminder.job [2010.06.07 07:10:02 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
|
18.06.2010, 22:10
| #12 | |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg?Zitat:
|
|
18.06.2010, 22:12
| #13 |
| /// Selecta Jahrusso | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? edit Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
18.06.2010, 22:44
| #14 |
| | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? hier die haspersky sachen Code:
ATTFilter --------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, June 18, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 18, 2010 15:59:06
Records in database: 4291682
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 165088
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 00:01:54
No threats found. Scanned area is clean.
Selected area has been scanned.
|
|
19.06.2010, 10:52
| #15 |
| /// Selecta Jahrusso | Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? Lösche bitte folgenden Ordner C:\Users\Windows 7 (System)\AppData\Roaming\Yfvait Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen Code:
ATTFilter C:\Program Files\js3250.dll
Schritt 2 Ich würde dir raten, die Google Toolbar zu deinstallieren. Das ist deine Entscheidung. Schritt 3 Lass bitte Malwarebytes einen vollständigen Scan machen Schritt 4 Java aktualisieren Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).
Schritt 5 Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Bitte poste in Deiner nächsten Antwort Auswertung von Virustotal. MBAM Logfile OTL.txt Extras.txt Berichte wie der Rechner läuft
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Nod32 zeigt virus an (C:cleansweep.exe/cleansweep.exe) was ist das und wie bekomme ich es weg? |
| heute, löschen, nicht löschen, nod32, schnelle, virus, warum |
Textbox.
.
Linear-Darstellung
