Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
MS Removal Tool auf Vista

MS Removal Tool auf Vista


Log-Analyse und Auswertung: MS Removal Tool auf Vista

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.04.2011, 19:10   #1
Lippi
 
MS Removal Tool auf Vista - Standard

MS Removal Tool auf Vista


Hallo zusammen,

mein Laptop hatte sich heute morgen das MS Removal Tool Fake eingefangen. Alle Schritte der Anleitung zum Entfernen hier im Forum habe ich bereits durchgeführt, momentan bestehen auch keine (für mich als Laien erkennbaren) Probleme mehr.
Ich hätte gerne gewußt, ob mein Rechner nun wirklich sauber ist?!

Anbei meine Log-Dateien:
- Malwarebytes AntiMalware (vollständiger Suchlauf VOR allen Maßnahmen)
- Malwarebytes AntiMalware (QuickScan NACH allen Maßnahmen)
- 2x OTL

Hoffe, dass Ihr mir helfen könnt und das alle nötigen Informationen sind...
DANKE

Lippi



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6255

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 7.0.6002.18005

03.04.2011 18:23:00
mbam-log-2011-04-03 (18-23-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 504015
Laufzeit: 55 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\jGa31001fGlCf31001 (Trojan.Downloader) -> Value: jGa31001fGlCf31001 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\jga31001fglcf31001\jga31001fglcf31001.exe (Trojan.Downloader) -> Quarantined and deleted successfully.





Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6255

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

03.04.2011 19:22:48
mbam-log-2011-04-03 (19-22-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 223890
Laufzeit: 16 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.04.2011 19:41:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laptop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,54 Gb Total Space | 28,98 Gb Free Space | 20,33% Space Free | Partition Type: NTFS
Drive D: | 142,54 Gb Total Space | 137,78 Gb Free Space | 96,66% Space Free | Partition Type: NTFS
Drive E: | 94,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\FrontPage\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\FrontPage\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{136BE515-A0F4-47DD-874C-62A1016B5915}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B944643E-156E-41D3-AA72-3BF7312A2F96}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0199B579-CE78-4239-9199-875AF2ADC9E9}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe | 
"{0B2B6F81-B930-4AC8-ABA2-4D8648051AE0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{133C8804-56D9-4433-B918-06356E394C88}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{164E6D78-07EB-42E7-8891-133095DCCD69}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\game.exe | 
"{422D00E9-D3D3-4BEA-B1BB-B8A4ECDBE33E}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\game.exe | 
"{616220D1-7558-4DC0-B17D-109483E6B53C}" = protocol=6 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{73DB8122-DE7A-482C-9EAE-24D7F2F8A9F7}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011 demo\farmingsimulator2011.exe | 
"{7FB8A410-B49B-4DC8-AF1A-F0C4DDA58AAE}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{80DC0D68-7C42-4AC5-A2FA-4C37872F9837}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{823354B6-4FF8-4D81-A51E-8584D8238F97}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{869746B3-16CB-44AF-A778-A1F1D2725524}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{947DAA6B-0875-493C-B50D-631430FE5131}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{99ADF6A8-C495-40E3-A636-E33574D6F499}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{A0947422-491E-4C93-BEFE-989AE9A790F2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{A5A505D5-DCB9-458A-A960-F2356829C842}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe | 
"{A6AA0D33-F556-4A92-85C9-1E7A9AABB3E0}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{B1E53E8C-9737-4F42-AFCE-A1129A85BD2E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{BBAD519D-AE91-46C4-9B74-36173D9866F8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{D574A8C7-FF3C-42C2-A2B4-3E28342B868A}" = protocol=17 | dir=in | app=c:\program files\nero\nero mediahome 4\nmmediaserverservice.exe | 
"{DE9EC858-5F68-4DBF-A11E-0A6A6F6D1341}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe | 
"{ED2994FF-76A9-42D2-8F45-B28AE9E70211}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe | 
"{FC50900C-842F-47FD-86B2-EF1A5C45BB01}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AA13EDC-F527-47E7-8E12-BA76D97AB400}" = Charma
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{406292d8-c5c1-4c82-ad60-88e93ad0bb9e}" = Nero MediaHome 4 Essentials
"{42DE248E-1390-46D9-9380-9CA36F4B16AB}" = Superbike Racing
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5ED9E38C-9A96-49D8-89B3-92E278003FCF}" = PTP
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69fc3b9a-4149-43db-a557-6ed0c8d8ba44}" = Nero MediaHome 4 Help
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8704D51E-25B7-4F23-81E7-AA4F54790220}" = Microsoft AutoRoute v11.0
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{99ef387e-633e-4cfb-bfa3-ab961b685ddf}" = Nero MediaHome 4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A19BCA5B-8295-43E9-9100-3BC3680F9CE9}" = LA Rush
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D178746E-0919-424E-88A7-81A0E46FF03E}" = Christmasville
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Reisewelten
"{D1D03459-D6D5-4BDA-0082-6C86E591EE18}" = NHL07
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ALDI Süd Foto Manager Free D" = ALDI Süd Foto Manager Free
"ALDI Süd Foto Service D" = ALDI Süd Foto Service
"Aldi Süd Fotoservice_is1" = Aldi Süd Fotoservice
"ALDI Süd Online Druck Service" = ALDI Süd Online Druck Service 4.6
"ALDI Süd Online Druck Service D" = ALDI Süd Online Druck Service
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Beetle Ju" = Beetle Ju
"BFG-Azada" = Azada 
"BFGC" = Big Fish Games Client
"BH - RT" = BH - RT
"Bowling Evolution 1.09" = Bowling Evolution 1.09
"Der Stein der Weisen" = Der Stein der Weisen
"Euro Truck Simulator" = Euro Truck Simulator 1.00
"FarmingSimulator2011DemoDE_is1" = Landwirtschafts Simulator 2011 Demo
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GridVista" = Acer GridVista
"Holly im Wunderland" = Holly im Wunderland
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mein eigener Bauernhof_is1" = Mein eigener Bauernhof
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSC" = McAfee SecurityCenter
"NBA Basketball 2000" = Fox NBA Basketball 2000
"NVIDIA Drivers" = NVIDIA Drivers
"Paris Chase" = Paris Chase 1.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 5" = TeamViewer 5
"Vietcong" = Vietcong
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2004Setup" = Setup-Start von Microsoft Works 2004
"YDKJG" = YOU DON'T KNOW JACK®
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Angel-Simulator" = Angel-Simulator
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---





OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.04.2011 19:41:23 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Laptop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,54 Gb Total Space | 28,98 Gb Free Space | 20,33% Space Free | Partition Type: NTFS
Drive D: | 142,54 Gb Total Space | 137,78 Gb Free Space | 96,66% Space Free | Partition Type: NTFS
Drive E: | 94,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: LAPTOP-PC | User Name: Laptop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Laptop\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Users\Laptop\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Windows\PLFSetI.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Laptop\Desktop\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (NeroMediaHomeService.4) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe (Nero AG)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (McNASvc) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_7730g
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_7730g
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0209&m=aspire_7730g
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011.03.29 14:43:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.24 20:36:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 20:36:02 | 000,000,000 | ---D | M]
 
[2009.04.10 22:16:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Extensions
[2011.04.03 11:04:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\d6996fi6.default\extensions
[2010.04.28 10:39:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Laptop\AppData\Roaming\mozilla\Firefox\Profiles\d6996fi6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.02 10:37:28 | 000,000,950 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\d6996fi6.default\searchplugins\icqplugin-1.xml
[2010.01.04 00:30:16 | 000,000,950 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\d6996fi6.default\searchplugins\icqplugin-2.xml
[2009.12.17 21:50:34 | 000,000,950 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\d6996fi6.default\searchplugins\icqplugin-3.xml
[2009.09.08 13:52:30 | 000,000,944 | ---- | M] () -- C:\Users\Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\d6996fi6.default\searchplugins\icqplugin.xml
[2010.09.19 17:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.08.23 20:18:41 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.19 17:49:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.29 14:43:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.12 21:43:25 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.12 21:43:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.12 21:43:26 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.12 21:43:26 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.12 21:43:26 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
[2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober35074001.gif
[2009.11.09 20:52:11 | 000,000,201 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober35074001.src
 
Hosts file not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - Startup: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Laptop\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.24 10:25:46 | 000,000,298 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{02bbfc1d-7aba-11df-b63a-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{02bbfc1d-7aba-11df-b63a-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{06aac29c-7a2c-11df-b2f9-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{06aac29c-7a2c-11df-b2f9-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{11026da2-7380-11df-ba22-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{11026da2-7380-11df-ba22-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40f1cf96-d7bd-11df-abd9-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{40f1cf96-d7bd-11df-abd9-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{40f1cf99-d7bd-11df-abd9-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{40f1cf99-d7bd-11df-abd9-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a284bf5-79e3-11df-8dd1-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{4a284bf5-79e3-11df-8dd1-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a2f7c32-73ef-11df-9192-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2f7c32-73ef-11df-9192-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a2f7c33-73ef-11df-9192-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2f7c33-73ef-11df-9192-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{54d4053b-256f-11de-896f-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{54d4053b-256f-11de-896f-00238b6e0bc4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{7f45ccda-f07a-11dd-94f9-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7f45ccda-f07a-11dd-94f9-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SetupX.exe -- [2009.06.24 09:50:59 | 002,053,416 | R--- | M] (Nero AG)
O33 - MountPoints2\{ae3170ec-e661-11df-8496-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{ae3170ec-e661-11df-8496-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ae3170ef-e661-11df-8496-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{ae3170ef-e661-11df-8496-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{b303f9e4-df3f-11df-86db-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{b303f9e4-df3f-11df-86db-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e0467a79-732a-11df-bbc6-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{e0467a79-732a-11df-bbc6-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e0467a90-732a-11df-bbc6-00238b6e0bc4}\Shell - "" = AutoRun
O33 - MountPoints2\{e0467a90-732a-11df-bbc6-00238b6e0bc4}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.03 19:40:18 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
[2011.04.03 17:20:44 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Malwarebytes
[2011.04.03 17:20:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.03 17:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.03 17:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.03 17:20:36 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.03 17:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.04.03 14:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\jGa31001fGlCf31001
[2011.03.23 16:16:48 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 16:16:47 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.03.18 18:19:07 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Roaming\Nero
[2011.03.18 18:18:42 | 000,000,000 | ---D | C] -- C:\Users\Laptop\AppData\Local\Nero
[2011.03.18 18:13:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011.03.18 18:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011.03.18 18:12:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.03.18 18:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011.03.09 17:47:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.09 17:47:28 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.09 17:47:28 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.09 17:47:28 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009.01.11 05:36:44 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.03 19:40:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Laptop\Desktop\OTL.exe
[2011.04.03 19:25:25 | 000,011,531 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011.04.03 19:02:28 | 000,048,318 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.04.03 19:01:48 | 000,000,130 | ---- | M] () -- C:\Users\Laptop\Desktop\hosts-perm.bat
[2011.04.03 18:59:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.03 18:38:36 | 000,674,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.03 18:38:36 | 000,634,400 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.03 18:38:36 | 000,146,234 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.03 18:38:36 | 000,119,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.03 18:32:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.04.03 18:32:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.03 18:32:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.03 18:31:46 | 3184,386,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.03 17:20:39 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.03 17:16:04 | 000,001,356 | ---- | M] () -- C:\Users\Laptop\AppData\Local\d3d9caps.dat
[2011.04.03 14:37:11 | 000,110,592 | ---- | M] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.03 13:40:33 | 000,048,318 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.03.23 21:37:07 | 227,105,819 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.03.18 18:13:55 | 000,002,192 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
 
========== Files Created - No Company Name ==========
 
[2011.04.03 19:01:47 | 000,000,130 | ---- | C] () -- C:\Users\Laptop\Desktop\hosts-perm.bat
[2011.04.03 18:24:44 | 3184,386,048 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.03 17:20:39 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.03.18 18:13:55 | 000,002,192 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHome 4.lnk
[2011.01.15 20:29:44 | 000,000,478 | ---- | C] () -- C:\Windows\eReg.dat
[2011.01.04 16:08:06 | 000,000,190 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.03.10 21:51:57 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.21 11:15:28 | 000,006,991 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\UserTile.png
[2010.02.01 19:24:31 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.27 14:07:51 | 000,000,005 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\closedListSW.awt
[2009.12.27 14:06:32 | 000,000,005 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\openList.awt
[2009.12.27 14:06:32 | 000,000,005 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\closedList.awt
[2009.11.28 15:01:54 | 000,001,356 | ---- | C] () -- C:\Users\Laptop\AppData\Local\d3d9caps.dat
[2009.11.14 22:02:12 | 000,000,762 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\ParisChase3.MCS
[2009.11.14 20:06:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.11.14 20:06:47 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.10 20:48:24 | 000,000,000 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\wklnhst.dat
[2009.10.10 17:37:10 | 000,000,362 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009.10.10 17:34:20 | 000,036,864 | ---- | C] () -- C:\Windows\System32\MKSetting.exe
[2009.09.11 13:05:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 13:05:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.26 13:12:37 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.07.26 13:12:37 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2009.06.27 21:13:04 | 000,449,804 | ---- | C] () -- C:\Users\Laptop\AppData\Roaming\mdbu.bin
[2009.06.27 21:04:33 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.06.27 21:02:17 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.05.07 18:59:16 | 000,000,062 | ---- | C] () -- C:\Windows\pcvcdbr.INI
[2009.05.07 18:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\pcvcdvw.INI
[2009.04.29 17:00:29 | 000,000,020 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009.04.24 17:02:14 | 000,451,928 | ---- | C] () -- C:\Program Files\setup.exe
[2009.04.24 17:01:52 | 140,387,071 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2009.04.24 17:01:34 | 009,819,136 | ---- | C] () -- C:\Program Files\openofficeorg31.msi
[2009.04.23 18:29:54 | 000,000,336 | ---- | C] () -- C:\Program Files\setup.ini
[2009.04.11 21:52:53 | 000,037,418 | R--- | C] () -- C:\Program Files\Mousometer.gadget
[2009.04.11 21:47:43 | 000,047,867 | R--- | C] () -- C:\Program Files\Kalender.gadget
[2009.04.10 22:16:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.04.09 21:40:35 | 000,048,318 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.04.09 21:39:45 | 000,048,318 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.09 21:37:43 | 000,110,592 | ---- | C] () -- C:\Users\Laptop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.01 17:50:31 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.02.01 17:50:31 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.02.01 17:50:31 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.01.11 05:35:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.10 23:10:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2009.01.10 23:10:31 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2009.01.10 22:51:43 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009.01.10 22:28:29 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2009.01.10 22:16:14 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009.01.10 22:16:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.01.10 22:16:14 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.01.10 22:16:14 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.01.10 21:23:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.01.21 09:15:58 | 000,674,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,146,234 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,366,432 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,634,400 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,119,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.10.15 15:25:20 | 000,028,672 | ---- | C] () -- C:\Windows\System32\myodbc3i.exe
[2005.10.15 15:25:20 | 000,011,776 | ---- | C] () -- C:\Windows\System32\myodbc3m.exe
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9
 
< End of report >
--- --- ---
 

Themen zu MS Removal Tool auf Vista
adobe, alternate, autorun, avgntflt.sys, avira, bho, defender, diner dash, druck, entfernen, error, euro, explorer, flash player, google, home, install.exe, intranet, launch, location, logfile, maßnahme, mozilla, nvlddmkm.sys, oldtimer, otl.exe, phishing, popup, realtek, registry, rundll, saver, sched.exe, searchplugins, security, shell32.dll, shortcut, siteadvisor, software, start menu, svchost.exe, temp, vista


« Taskleistendesign ändert sich automatisch und diverse andere Probleme nach Spywareattacke. | Trojaner: CleanThis, MS Removal Tool und Windows Restore »


Ähnliche Themen: MS Removal Tool auf Vista


  1. erst ms removal tool und nun sheur3
    Log-Analyse und Auswertung - 23.06.2011 (22)
  2. Ms Removal tool
    Plagegeister aller Art und deren Bekämpfung - 22.05.2011 (1)
  3. Backup nach MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (4)
  4. MS Removal Tool - dwn.exe + csrss.exe
    Plagegeister aller Art und deren Bekämpfung - 16.05.2011 (11)
  5. Befall mit MS Removal Tool
    Log-Analyse und Auswertung - 26.04.2011 (18)
  6. Endgültige Beseitigung von MS Removal Tool
    Log-Analyse und Auswertung - 20.04.2011 (1)
  7. Trojaner, Viren und MS Removal Tool etc.
    Antiviren-, Firewall- und andere Schutzprogramme - 16.04.2011 (8)
  8. MS Removal Tool wehrt sich -.-
    Plagegeister aller Art und deren Bekämpfung - 15.04.2011 (5)
  9. MS Removal Tool
    Plagegeister aller Art und deren Bekämpfung - 13.04.2011 (23)
  10. MS Removal Tool entfernen
    Anleitungen, FAQs & Links - 27.03.2011 (2)
  11. BitDefender-Stuxnet-Removal-Tool.exe
    Plagegeister aller Art und deren Bekämpfung - 22.10.2010 (15)
  12. Conficker/ cleanup tool oder removal tool ?
    Plagegeister aller Art und deren Bekämpfung - 23.04.2009 (0)
  13. boot - removal tool
    Plagegeister aller Art und deren Bekämpfung - 31.01.2007 (4)
  14. Removal Tool zum Entfernen des 1&1 Trojaners ist da!
    Plagegeister aller Art und deren Bekämpfung - 13.01.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MS Removal Tool auf Vista - Hallo zusammen, mein Laptop hatte sich heute morgen das MS Removal Tool Fake eingefangen. Alle Schritte der Anleitung zum Entfernen hier im Forum habe ich bereits durchgeführt, momentan bestehen auch - MS Removal Tool auf Vista...
Archiv
Du betrachtest: MS Removal Tool auf Vista auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131