Windows Recovery eingefangen Hallo liebe Community,
wie schon im Titel genannt habe ich mir Windows Recovery eingefangen!
Ich muss zugeben, ich habe dieses Programm schon etwas länger, da ich jedoch kein Computer-Fachmann bin und mir die Fake-Fehlermeldungen ziemlich Angst gemacht haben, habe ich vor ca. 1 Monat eine Systemwiederherstellung durchgeführt und das Problem schien für mich behoben zu sein.
Heute jedoch trat es wieder auf und ich habe das ungewöhnliche Programm mal gegoogelt. So traf ich auf diese super Website!
Jetzt habe ich folgendes Problem, dass Daten auf meinem Desktop und in sonstigen Regionen des PC's nicht mehr angezeigt werden, heißt das nun dass sie weg sind?
Ich habe bereits die den Malware-Scan durchgeführt und konnte 12 infizierte Objekte entfernen. Dies stimmte mich zunächst sehr glücklich, jedoch beim Neustart des Systems waren die verschwundenen Daten immernoch nicht aufzufinden.
Somit wende ich mich nun an dieses Hilfeforum um individuelle Hilfe in Anspruch zu nehmen, dafür möchte ich mich im Vorraus schonmal bei euch bedanken! Edit: An alle ebenso Betroffenen: Habe einen Teil des Problems gelöst. Die "verschwundenen Dateien" sind nur versteckt, sie lassen sich unter Systemsteuerung und den Ordneroptionen wieder anzeigen, dann müsst ihr nur noch auf die betroffene Datei rechtsklicken > Eigenschaften und den Haken bei "versteckt" rausmachen.
Meine OTL scans:
1)OTL Logfile: Code:
OTL Extras logfile created on: 21.04.2011 14:25:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dustin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,43 Gb Total Space | 242,34 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive D: | 457,58 Gb Total Space | 457,47 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 616,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4068604662-3315403880-2981492770-1000]
"EnableNotificationsRef" = 5
"EnableNotifications" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E7D517-BEEE-44AD-94A1-C36DA5BEB0F3}" = lport=139 | protocol=6 | dir=in | app=system |
"{0AE1ED9D-B4F6-4D7F-9FA8-C19D406B9953}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{1763A203-C3BC-43A7-9483-17F0E1C55E36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{20F6E8DA-AA0D-4660-A2A4-7B3C091EAA27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{239EA44B-EC31-4E7E-973C-1382C2696990}" = lport=445 | protocol=6 | dir=in | app=system |
"{2491781D-1B0C-46B8-AC0F-11D76657FCF8}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher |
"{2D7146AD-AF70-4B86-B502-C26BBC0E14B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{346AB336-7FC8-4622-8289-8C8E9AA5EB2E}" = rport=139 | protocol=6 | dir=out | app=system |
"{4AB68A8F-CD28-4D19-B1E8-DE6AC3F55902}" = lport=137 | protocol=17 | dir=in | app=system |
"{5BAD145E-DF01-4C82-8292-F5AAFF6C5FCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{753ED6C2-00E9-4F0C-9D0B-61AC360EA7D1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher |
"{7B76E318-B2C0-410D-B90D-13F4985C5BCB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{95D35855-6E78-45B9-94AE-ACE934209221}" = lport=138 | protocol=17 | dir=in | app=system |
"{9DB927DD-A3FE-4619-83E5-FD4F90FA01A3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A1159293-F00A-49BB-A5C0-D1634C7AA0BC}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher |
"{A38986F4-CB72-4418-B60B-F2519C596494}" = rport=445 | protocol=6 | dir=out | app=system |
"{BBE76C31-8FE0-4857-8832-9A90AEC0ADE5}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher |
"{C04377B7-76F2-4583-8B46-18DA8AC70F9A}" = rport=138 | protocol=17 | dir=out | app=system |
"{D77A92AD-82C8-48E4-BFAC-0BA0419BC550}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E95FC3-EB88-44D8-9314-55137C5EE7D9}" = protocol=17 | dir=in | app=c:\program files\assassinscreed_dx10.exe |
"{015978DF-A9E0-4307-90A5-7B144B75ECDC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{09237C0C-DD46-4E9A-A602-3B1D468A0A58}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe |
"{0AEE86FC-1C16-4FA7-A1F5-09EDA3221F71}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{12F887A9-3075-4CCC-A533-333C49394802}" = protocol=6 | dir=in | app=i:\setup.exe |
"{164C7668-F906-4C2B-96F4-66313A3BBBFB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{17747848-77A9-49A4-97DC-F4D4FFE8C7B8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{1A70900D-51D6-4CC4-943D-835296B580DE}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe |
"{1B926057-F267-4E44-B747-6772AF5441AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{23D852BF-1B67-478B-9A83-669F4F2E1BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2B971EAE-DCFD-44B9-9E92-ACCF40E65443}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2E534F35-91F1-4C91-8387-A57C0F4E9942}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{31A65301-7D3A-4DE0-ABA2-87F28B947862}" = protocol=6 | dir=out | app=system |
"{35ECC122-F1ED-4362-9D0F-2EBFED4CE9A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{362A493D-8664-4C0E-BD15-5A483E117D84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3EF2433B-CE0A-43D3-BA27-8D9C4993C6EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe |
"{410696E1-48D2-4952-BC0A-23DCA03420F0}" = protocol=17 | dir=in | app=c:\program files\assassinscreed_dx9.exe |
"{456738B4-3BB4-4908-B2BB-61D7B15A2D86}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{48EE1BF2-DF85-4744-8D58-80D14E9F1D58}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{4D450E45-194C-46C2-A8CF-F987B1E612FD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4E19B8EA-BF92-4E2E-920C-F6D11DE4C46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4F7001B9-D5FC-43B6-8157-1302C5783DEA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5090FD8D-754A-4310-A93E-6E3406DB76D3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{55339E43-EEE4-4AF7-84DF-33AA128469FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{604799C7-A6CC-4925-9534-183E1CEEAAE0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{669BAC8A-063B-42C4-AA3F-043DFBDBEDE9}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{72E64F5B-4765-42DF-992F-F56E4EC6B491}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{76A38D04-BCE3-455F-8CF9-B812FF0A2037}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{7CD898FA-8E9C-4B4A-8863-471D3FC63FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\t-mobile\web'n'walk manager\web'n'walk manager.exe |
"{7D12BA8C-DB3D-4B82-BDF0-0BBC5C51EEC7}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe |
"{81B64606-AED5-4A6A-B0E0-EB29383D8F50}" = protocol=17 | dir=in | app=c:\program files\assassinscreed_launcher.exe |
"{835010F2-9F7C-4FF0-90B4-E9981FCB6EA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8A840579-9284-4D98-ABFE-3818131232DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{941EA53D-0C3C-473B-9049-D612CB2D18BA}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"{95E089AB-A8AD-4148-8F5E-B3345FE8FB1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AAD4EC7F-DFEC-43AB-AA06-1B0AF3258C0D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{AE9D319B-7730-4A91-88CC-60A6BB445F05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B147995B-6C59-4E86-B409-C1EDFF994073}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{B32263AA-EBEB-4CC4-9FD8-09608FD31B0F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe |
"{B59FAFDC-11B2-4F93-99BA-AA1FC1BFD2A7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{C8A3CD3A-5E86-402F-B3DB-045728C28C57}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{C8CDF29E-480F-47B0-ACC2-35FD0E918C65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CF3F39D1-A0AA-483D-B4F1-464BF20DFB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{D1A81DA6-A6F6-4BE1-BAF7-59C4EC24D296}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{D75929B4-6012-432E-AE31-7BAB5F3A179C}" = protocol=6 | dir=in | app=c:\program files\assassinscreed_dx10.exe |
"{D8CCDCEA-E976-4FEF-95C0-D8866488FA13}" = protocol=6 | dir=in | app=c:\program files\assassinscreed_dx9.exe |
"{DD334E04-7B11-436B-938C-45A0C9630D41}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe |
"{E06FBCE3-3A84-4651-B3D6-11086927268B}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E22C263B-E311-4859-84C5-FD4958544DFA}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe |
"{E3FAB2DD-1EA5-4EFF-BDED-2930631AA733}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{E4AA1109-23EF-46A7-A23C-10A6CCF4DA8F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe |
"{E567CFBF-3905-4FA1-994E-35254A7BA26E}" = protocol=6 | dir=in | app=c:\program files\assassinscreed_launcher.exe |
"{E5F70818-FBA9-420C-913B-8EDE69E777AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe |
"{EE651584-C3AE-40B1-8849-621927969EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\t-mobile\web'n'walk manager\web'n'walk manager.exe |
"{F49B581F-F7B0-462E-8533-690A3052A735}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F51E3BA7-22A9-443F-BE5C-F953ABD61527}" = protocol=17 | dir=in | app=i:\setup.exe |
"{F67587C7-5A4D-4604-9A3B-F737AD61D4F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FC6ACC92-7929-405C-9DBA-7F80CD229915}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe |
"{FE84A563-DC70-4F56-9FFE-B6D03D2A896C}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe |
"TCP Query User{2F2FF8C4-72C6-44E8-AD67-10DD7651EF3E}C:\program files (x86)\ea games\command and conquer generäle\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generäle\game.dat |
"TCP Query User{A5057F8F-F38E-48B1-9E31-F39871A419F4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{A52A25D7-86E8-4CF7-BF44-61EAD5206DBE}C:\users\public\games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe |
"UDP Query User{2AA09504-925C-4D02-B863-249C610B5869}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{4588434A-4F72-421C-84B7-28BC928B303F}C:\users\public\games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe |
"UDP Query User{4E7AD523-E794-4968-9F5E-F636DEA5C10A}C:\program files (x86)\ea games\command and conquer generäle\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generäle\game.dat |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2FEB0360-525D-C76A-DA39-51CEA1D00290}" = ATI Catalyst Install Manager
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF8003C9-11CC-4D69-B802-3DE46B22841D}" = web'n'walk Manager
"{BF8003C9-11CC-4D69-B802-3DE46B22841D}_x" = web'n'walk Manager
"{C0AD3BF1-8CBC-49BE-6AC0-0F56B226975B}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8B2C435-8737-431E-8784-24CD13B0B821}" = PE585QAEncoder-64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA4DA5D7-5140-4024-BADD-FCB540833E5D}" = Labtec WebCam
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0235AB73-63DD-5544-4744-FBDEC2E4FDCB}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0EBA5DDE-D68F-4137-9F85-878A36839585}" = Brother HL-2035
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14D0B48E-E222-4183-93E3-EEE0489A5025}" = Labtec Wireless Desktop
"{15886D4F-CBFC-7943-217A-D035561C4E4B}" = CCC Help Spanish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1C596F4C-2771-9EF6-4755-B8EFAE48D7D2}" = Catalyst Control Center Localization Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2F4714C3-2FEE-A1D5-BC30-3C42540D0D96}" = Catalyst Control Center Graphics Full Existing
"{2FEFABB1-C318-B3C0-FE93-1C9CA101ED6D}" = CCC Help Finnish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C0A3EA-E824-1FBD-09A9-34E17BF1D85F}" = CCC Help Norwegian
"{3315E5D3-A2A7-7B09-5209-1B473747949C}" = CCC Help German
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42CA6365-0777-FA79-1BD5-5FB967E0A708}" = Catalyst Control Center Localization Norwegian
"{43AA03F5-785D-E4EA-A807-716CD4690734}" = Catalyst Control Center Localization French
"{45D1C008-BC8C-BB47-34AD-BE4AB0791E76}" = Catalyst Control Center Localization German
"{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D4EE7-EBD0-E04B-DA43-BF94ADA36618}" = Catalyst Control Center Localization Swedish
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65F4830E-3098-7764-B551-8F077FB799E9}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8A8C135A-F9ED-5EC6-C7D5-CE5923583654}" = Catalyst Control Center Core Implementation
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D96012C-6DCC-92AE-E428-615651B63D2C}" = CCC Help Danish
"{8DE40268-220A-4AF6-90EC-09966CBE8772}" = ArcSoft PhotoImpression 6
"{8E732D82-FBFB-0D08-5A00-506AB54EADC7}" = Catalyst Control Center Graphics Full New
"{8F18881C-AEA8-820B-D723-EE62FAE55BA3}" = Catalyst Control Center Localization Finnish
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93078533-C867-D67B-5AD9-E68B8FC119B1}" = CCC Help Swedish
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9CE2FAE0-D562-2FF2-8856-8A1B57997F1F}" = CCC Help Italian
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6011F20-8EAA-E783-5C7A-BF6D8DC694C4}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B5DBA2-5480-E883-5FA7-DAF5927247DA}" = Catalyst Control Center Localization Italian
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C47AFB4C-9581-7BF7-351C-886ED95E2AC9}" = Catalyst Control Center Graphics Light
"{C51FF8A2-D1A3-2A14-B088-26C861DA642D}" = CCC Help Japanese
"{C90C99AC-6F1E-7F55-F91B-D81A12F4540B}" = Catalyst Control Center Localization Dutch
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D47F9C63-D544-09FC-E03E-09405C0215C8}" = CCC Help French
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E1C3A1AD-7254-CFCA-135E-7B1390267659}" = Catalyst Control Center Localization Japanese
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A2C0F7-A196-5A59-C6EF-B2D6698D0999}" = ccc-core-static
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F028F7CF-BFAF-C420-1E75-429D9C354C89}" = CCC Help Dutch
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF88B174-8326-29B5-3B2E-3850523AD94F}" = Catalyst Control Center Localization Spanish
"AC Tool" = AC Tool
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Dark Age of Camelot" = Dark Age of Camelot
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Garena" = Garena 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"mIRC" = mIRC
"MobMap_is1" = MobMap 3.55
"MSC" = McAfee SecurityCenter
"OpenAL" = OpenAL
"QcDrv" = Labtec® Camera-Treiber
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Steam App 500" = Left 4 Dead
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report > --- --- ---
2)OTL Logfile: Code:
OTL logfile created on: 21.04.2011 14:25:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dustin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,43 Gb Total Space | 242,34 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive D: | 457,58 Gb Total Space | 457,47 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 616,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Dustin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee\msc\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\labtec\WebCam10\WebCam10.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
========== Modules (SafeList) ==========
MOD - C:\Users\Dustin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Labtec Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (GTUHSSER) -- C:\Windows\SysNative\DRIVERS\gtuhsser.sys ()
DRV:64bit: - (GTUHSOMS) -- C:\Windows\SysNative\DRIVERS\gtuhsoms.sys ()
DRV:64bit: - (GTUHSNDISIPXP) -- C:\Windows\SysNative\DRIVERS\gtuhs51.sys ()
DRV:64bit: - (GTUHSBUS) -- C:\Windows\SysNative\DRIVERS\gtuhsbus.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys ()
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys ()
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys ()
DRV:64bit: - (ITEIO.SYS) -- C:\Windows\SysNative\drivers\ITEIO.sys ()
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys ()
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys ()
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys ()
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys ()
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys ()
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\DRIVERS\LVUSBS64.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys ()
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys ()
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.04.21 09:45:10 | 000,000,000 | ---D | M]
[2010.01.04 15:17:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions
[2011.04.20 15:05:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\r6x0fl0v.default\extensions
[2011.03.21 21:00:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\r6x0fl0v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.19 19:27:05 | 000,001,583 | -H-- | M] () -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\r6x0fl0v.default\searchplugins\web-search.xml
[2011.04.21 09:45:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2009.12.24 23:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\MCAPBH~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology] File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.09 13:53:23 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:32 | 001,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 06:59:54 | 000,001,982 | R--- | M] () - E:\autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.06.20 07:01:00 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:30 | 000,087,060 | R--- | M] () - E:\autorun.obj -- [ CDFS ]
O33 - MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\Shell - "" = AutoRun
O33 - MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O33 - MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2003.06.25 12:17:32 | 001,101,824 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.21 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Malwarebytes
[2011.04.21 14:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.21 14:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 14:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 14:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.21 14:05:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dustin\Desktop\mbam-setup.exe
[2011.04.21 13:51:29 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.16 23:44:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.16 23:37:51 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Schule
[2011.04.10 23:00:54 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Documents\Command and Conquer Generals Data
[2011.04.10 21:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.04.10 21:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011.03.27 18:23:01 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Documents\Mama
[2011.03.23 01:03:35 | 000,000,000 | RH-D | C] -- C:\Users\Dustin\AppData\Roaming\SecuROM
[2008.11.01 03:58:44 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Dustin\Desktop\*.tmp files -> C:\Users\Dustin\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.04.21 14:24:11 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.21 14:24:11 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.21 14:24:11 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.21 14:24:11 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.21 14:24:11 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.21 14:16:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.04.21 14:16:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 14:16:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 14:16:45 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 14:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 14:15:49 | 000,011,073 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.04.21 14:06:42 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 14:05:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dustin\Desktop\mbam-setup.exe
[2011.04.21 14:04:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 13:51:30 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~45080328
[2011.04.21 13:51:30 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~45080328r
[2011.04.21 13:51:29 | 000,000,587 | -H-- | M] () -- C:\Users\Dustin\Desktop\Windows Recovery.lnk
[2011.04.21 13:51:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\45080328
[2011.04.21 12:28:48 | 000,000,250 | -H-- | M] () -- C:\Windows\Brownie.ini
[2011.04.18 00:19:47 | 000,014,640 | -H-- | M] () -- C:\Users\Dustin\Desktop\lucas.jpg
[2011.04.17 23:54:07 | 000,022,654 | -H-- | M] () -- C:\Users\Dustin\Desktop\200792710302-brandt.jpg
[2011.04.17 22:30:19 | 000,055,633 | -H-- | M] () -- C:\Users\Dustin\Desktop\207876_1924566283047_1508846874_32111602_3408150_n.jpg
[2011.04.11 13:29:32 | 000,327,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.10 21:51:05 | 000,000,614 | -H-- | M] () -- C:\Windows\eReg.dat
[2011.04.10 21:46:11 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle.lnk
[2011.04.08 17:59:19 | 468,721,284 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.06 14:31:55 | 000,023,518 | -H-- | M] () -- C:\Users\Dustin\Documents\gattungen.odt
[2011.04.02 14:42:49 | 001,811,479 | -H-- | M] () -- C:\Users\Dustin\Desktop\Jasper Forks - River Flows In You.mp3
[2011.04.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011.03.29 19:00:50 | 000,108,858 | -H-- | M] () -- C:\Users\Dustin\Desktop\woyzeck personenkonstellation.jpg
[2011.03.27 18:19:19 | 000,000,432 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Dustin\Desktop\*.tmp files -> C:\Users\Dustin\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.04.21 14:06:42 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 14:06:38 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.21 13:51:30 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~45080328r
[2011.04.21 13:51:29 | 000,000,587 | -H-- | C] () -- C:\Users\Dustin\Desktop\Windows Recovery.lnk
[2011.04.21 13:51:29 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~45080328
[2011.04.21 13:51:25 | 000,000,336 | -H-- | C] () -- C:\ProgramData\45080328
[2011.04.18 00:19:47 | 000,014,640 | -H-- | C] () -- C:\Users\Dustin\Desktop\lucas.jpg
[2011.04.17 23:54:06 | 000,022,654 | -H-- | C] () -- C:\Users\Dustin\Desktop\200792710302-brandt.jpg
[2011.04.17 22:30:18 | 000,055,633 | -H-- | C] () -- C:\Users\Dustin\Desktop\207876_1924566283047_1508846874_32111602_3408150_n.jpg
[2011.04.10 21:51:05 | 000,000,614 | -H-- | C] () -- C:\Windows\eReg.dat
[2011.04.10 21:46:11 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle.lnk
[2011.04.06 14:31:54 | 000,023,518 | -H-- | C] () -- C:\Users\Dustin\Documents\gattungen.odt
[2011.04.02 14:42:46 | 001,811,479 | -H-- | C] () -- C:\Users\Dustin\Desktop\Jasper Forks - River Flows In You.mp3
[2011.03.29 19:00:50 | 000,108,858 | -H-- | C] () -- C:\Users\Dustin\Desktop\woyzeck personenkonstellation.jpg
[2011.03.21 20:13:26 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~47308552r
[2011.03.21 20:13:26 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~47308552
[2011.03.21 20:13:22 | 000,000,336 | -H-- | C] () -- C:\ProgramData\47308552
[2010.11.08 21:19:18 | 000,113,152 | ---- | C] () -- C:\Programme\1031.MST
[2010.11.08 21:19:18 | 000,015,832 | ---- | C] () -- C:\Programme\0x0407.ini
[2010.11.08 21:19:09 | 108,341,760 | ---- | C] () -- C:\Programme\Samsung New PC Studio.msi
[2010.07.27 00:23:24 | 000,001,242 | -H-- | C] () -- C:\Windows\WinInit.Ini
[2010.07.25 18:50:12 | 000,094,208 | -H-- | C] () -- C:\Windows\ImageSearchDLL.dll
[2010.07.25 18:50:12 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ImageSearchDLL.dll
[2010.04.14 12:41:53 | 000,000,680 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\d3d9caps.dat
[2010.01.15 20:51:36 | 000,000,151 | -H-- | C] () -- C:\Windows\BRVIDEO.INI
[2010.01.15 20:51:36 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2010.01.15 20:51:24 | 000,009,030 | -H-- | C] () -- C:\Windows\HL-2030.INI
[2010.01.15 20:51:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010.01.15 20:45:22 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.01.15 20:44:49 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2010.01.15 20:44:23 | 000,000,250 | -H-- | C] () -- C:\Windows\Brownie.ini
[2010.01.05 00:34:52 | 000,000,750 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\RT73_{EB59AAE2-D068-42D3-9D56-708E63CC4D05}_sta
[2010.01.05 00:34:37 | 000,000,760 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\RT73_{EB59AAE2-D068-42D3-9D56-708E63CC4D05}_prof
[2010.01.04 15:17:49 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.12.26 23:38:57 | 000,032,768 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.24 23:38:00 | 000,000,044 | -H-- | C] () -- C:\Windows\Acer(Normal).ini
[2009.12.24 23:38:00 | 000,000,042 | -H-- | C] () -- C:\Windows\Acer(Wide).ini
[2009.09.22 22:17:57 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.09.22 13:23:59 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2008.10.31 20:59:55 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.10.31 20:59:55 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.10.31 19:43:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.10.31 19:43:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.05.15 19:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2007.04.14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.04.14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.04.14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
< End of report > --- --- ---
Ich hoffe sehr, dass ihr mir weiterhelfen könnte, nochmals vielen Dank!!! |