Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows Recovery eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 21.04.2011, 13:40   #1
Cerize
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



Hallo liebe Community,

wie schon im Titel genannt habe ich mir Windows Recovery eingefangen!
Ich muss zugeben, ich habe dieses Programm schon etwas länger, da ich jedoch kein Computer-Fachmann bin und mir die Fake-Fehlermeldungen ziemlich Angst gemacht haben, habe ich vor ca. 1 Monat eine Systemwiederherstellung durchgeführt und das Problem schien für mich behoben zu sein.

Heute jedoch trat es wieder auf und ich habe das ungewöhnliche Programm mal gegoogelt. So traf ich auf diese super Website!

Jetzt habe ich folgendes Problem, dass Daten auf meinem Desktop und in sonstigen Regionen des PC's nicht mehr angezeigt werden, heißt das nun dass sie weg sind?

Ich habe bereits die den Malware-Scan durchgeführt und konnte 12 infizierte Objekte entfernen. Dies stimmte mich zunächst sehr glücklich, jedoch beim Neustart des Systems waren die verschwundenen Daten immernoch nicht aufzufinden.

Somit wende ich mich nun an dieses Hilfeforum um individuelle Hilfe in Anspruch zu nehmen, dafür möchte ich mich im Vorraus schonmal bei euch bedanken!


Edit: An alle ebenso Betroffenen: Habe einen Teil des Problems gelöst. Die "verschwundenen Dateien" sind nur versteckt, sie lassen sich unter Systemsteuerung und den Ordneroptionen wieder anzeigen, dann müsst ihr nur noch auf die betroffene Datei rechtsklicken > Eigenschaften und den Haken bei "versteckt" rausmachen.


Meine OTL scans:

1)OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.04.2011 14:25:50 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dustin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,43 Gb Total Space | 242,34 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive D: | 457,58 Gb Total Space | 457,47 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 616,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4068604662-3315403880-2981492770-1000]
"EnableNotificationsRef" = 5
"EnableNotifications" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E7D517-BEEE-44AD-94A1-C36DA5BEB0F3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0AE1ED9D-B4F6-4D7F-9FA8-C19D406B9953}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{1763A203-C3BC-43A7-9483-17F0E1C55E36}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{20F6E8DA-AA0D-4660-A2A4-7B3C091EAA27}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{239EA44B-EC31-4E7E-973C-1382C2696990}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2491781D-1B0C-46B8-AC0F-11D76657FCF8}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{2D7146AD-AF70-4B86-B502-C26BBC0E14B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{346AB336-7FC8-4622-8289-8C8E9AA5EB2E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4AB68A8F-CD28-4D19-B1E8-DE6AC3F55902}" = lport=137 | protocol=17 | dir=in | app=system | 
"{5BAD145E-DF01-4C82-8292-F5AAFF6C5FCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{753ED6C2-00E9-4F0C-9D0B-61AC360EA7D1}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{7B76E318-B2C0-410D-B90D-13F4985C5BCB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{95D35855-6E78-45B9-94AE-ACE934209221}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9DB927DD-A3FE-4619-83E5-FD4F90FA01A3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A1159293-F00A-49BB-A5C0-D1634C7AA0BC}" = lport=6955 | protocol=17 | dir=in | name=league of legends launcher | 
"{A38986F4-CB72-4418-B60B-F2519C596494}" = rport=445 | protocol=6 | dir=out | app=system | 
"{BBE76C31-8FE0-4857-8832-9A90AEC0ADE5}" = lport=6955 | protocol=6 | dir=in | name=league of legends launcher | 
"{C04377B7-76F2-4583-8B46-18DA8AC70F9A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D77A92AD-82C8-48E4-BFAC-0BA0419BC550}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E95FC3-EB88-44D8-9314-55137C5EE7D9}" = protocol=17 | dir=in | app=c:\program files\assassinscreed_dx10.exe | 
"{015978DF-A9E0-4307-90A5-7B144B75ECDC}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{09237C0C-DD46-4E9A-A602-3B1D468A0A58}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe | 
"{0AEE86FC-1C16-4FA7-A1F5-09EDA3221F71}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{12F887A9-3075-4CCC-A533-333C49394802}" = protocol=6 | dir=in | app=i:\setup.exe | 
"{164C7668-F906-4C2B-96F4-66313A3BBBFB}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{17747848-77A9-49A4-97DC-F4D4FFE8C7B8}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{1A70900D-51D6-4CC4-943D-835296B580DE}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia\acer homemedia.exe | 
"{1B926057-F267-4E44-B747-6772AF5441AA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{23D852BF-1B67-478B-9A83-669F4F2E1BB1}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{2B971EAE-DCFD-44B9-9E92-ACCF40E65443}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2E534F35-91F1-4C91-8387-A57C0F4E9942}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{31A65301-7D3A-4DE0-ABA2-87F28B947862}" = protocol=6 | dir=out | app=system | 
"{35ECC122-F1ED-4362-9D0F-2EBFED4CE9A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{362A493D-8664-4C0E-BD15-5A483E117D84}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3EF2433B-CE0A-43D3-BA27-8D9C4993C6EA}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{410696E1-48D2-4952-BC0A-23DCA03420F0}" = protocol=17 | dir=in | app=c:\program files\assassinscreed_dx9.exe | 
"{456738B4-3BB4-4908-B2BB-61D7B15A2D86}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{48EE1BF2-DF85-4744-8D58-80D14E9F1D58}" = dir=in | app=c:\program files (x86)\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{4D450E45-194C-46C2-A8CF-F987B1E612FD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{4E19B8EA-BF92-4E2E-920C-F6D11DE4C46C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4F7001B9-D5FC-43B6-8157-1302C5783DEA}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5090FD8D-754A-4310-A93E-6E3406DB76D3}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{55339E43-EEE4-4AF7-84DF-33AA128469FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{604799C7-A6CC-4925-9534-183E1CEEAAE0}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dvdivine\acer dvdivine.exe | 
"{669BAC8A-063B-42C4-AA3F-043DFBDBEDE9}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{72E64F5B-4765-42DF-992F-F56E4EC6B491}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{76A38D04-BCE3-455F-8CF9-B812FF0A2037}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe | 
"{7CD898FA-8E9C-4B4A-8863-471D3FC63FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\t-mobile\web'n'walk manager\web'n'walk manager.exe | 
"{7D12BA8C-DB3D-4B82-BDF0-0BBC5C51EEC7}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe | 
"{81B64606-AED5-4A6A-B0E0-EB29383D8F50}" = protocol=17 | dir=in | app=c:\program files\assassinscreed_launcher.exe | 
"{835010F2-9F7C-4FF0-90B4-E9981FCB6EA0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8A840579-9284-4D98-ABFE-3818131232DE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{941EA53D-0C3C-473B-9049-D612CB2D18BA}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{95E089AB-A8AD-4148-8F5E-B3345FE8FB1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{AAD4EC7F-DFEC-43AB-AA06-1B0AF3258C0D}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 
"{AE9D319B-7730-4A91-88CC-60A6BB445F05}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{B147995B-6C59-4E86-B409-C1EDFF994073}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{B32263AA-EBEB-4CC4-9FD8-09608FD31B0F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer videomagician\acer videomagician.exe | 
"{B59FAFDC-11B2-4F93-99BA-AA1FC1BFD2A7}" = dir=in | app=c:\program files (x86)\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{C8A3CD3A-5E86-402F-B3DB-045728C28C57}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{C8CDF29E-480F-47B0-ACC2-35FD0E918C65}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CF3F39D1-A0AA-483D-B4F1-464BF20DFB1E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{D1A81DA6-A6F6-4BE1-BAF7-59C4EC24D296}" = dir=in | app=c:\program files (x86)\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{D75929B4-6012-432E-AE31-7BAB5F3A179C}" = protocol=6 | dir=in | app=c:\program files\assassinscreed_dx10.exe | 
"{D8CCDCEA-E976-4FEF-95C0-D8866488FA13}" = protocol=6 | dir=in | app=c:\program files\assassinscreed_dx9.exe | 
"{DD334E04-7B11-436B-938C-45A0C9630D41}" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\air\lolclient.exe | 
"{E06FBCE3-3A84-4651-B3D6-11086927268B}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{E22C263B-E311-4859-84C5-FD4958544DFA}" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\game\league of legends.exe | 
"{E3FAB2DD-1EA5-4EFF-BDED-2930631AA733}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe | 
"{E4AA1109-23EF-46A7-A23C-10A6CCF4DA8F}" = dir=in | app=c:\program files (x86)\acer arcade live\acer dv magician\acer dv magician.exe | 
"{E567CFBF-3905-4FA1-994E-35254A7BA26E}" = protocol=6 | dir=in | app=c:\program files\assassinscreed_launcher.exe | 
"{E5F70818-FBA9-420C-913B-8EDE69E777AA}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2.exe | 
"{EE651584-C3AE-40B1-8849-621927969EAA}" = protocol=17 | dir=in | app=c:\program files (x86)\t-mobile\web'n'walk manager\web'n'walk manager.exe | 
"{F49B581F-F7B0-462E-8533-690A3052A735}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{F51E3BA7-22A9-443F-BE5C-F953ABD61527}" = protocol=17 | dir=in | app=i:\setup.exe | 
"{F67587C7-5A4D-4604-9A3B-F737AD61D4F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{FC6ACC92-7929-405C-9DBA-7F80CD229915}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter 2\graw2_dedicated.exe | 
"{FE84A563-DC70-4F56-9FFE-B6D03D2A896C}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"TCP Query User{2F2FF8C4-72C6-44E8-AD67-10DD7651EF3E}C:\program files (x86)\ea games\command and conquer generäle\game.dat" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\command and conquer generäle\game.dat | 
"TCP Query User{A5057F8F-F38E-48B1-9E31-F39871A419F4}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{A52A25D7-86E8-4CF7-BF44-61EAD5206DBE}C:\users\public\games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe | 
"UDP Query User{2AA09504-925C-4D02-B863-249C610B5869}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{4588434A-4F72-421C-84B7-28BC928B303F}C:\users\public\games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\league of legends\lol.launcher.exe | 
"UDP Query User{4E7AD523-E794-4968-9F5E-F636DEA5C10A}C:\program files (x86)\ea games\command and conquer generäle\game.dat" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\command and conquer generäle\game.dat | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{2FEB0360-525D-C76A-DA39-51CEA1D00290}" = ATI Catalyst Install Manager
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{727E94E5-584F-4463-B4F5-93D3779C610B}_x" = GlobeTrotter Connect 
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BF8003C9-11CC-4D69-B802-3DE46B22841D}" = web'n'walk Manager
"{BF8003C9-11CC-4D69-B802-3DE46B22841D}_x" = web'n'walk Manager 
"{C0AD3BF1-8CBC-49BE-6AC0-0F56B226975B}" = ccc-utility64
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8B2C435-8737-431E-8784-24CD13B0B821}" = PE585QAEncoder-64
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA4DA5D7-5140-4024-BADD-FCB540833E5D}" = Labtec WebCam
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0235AB73-63DD-5544-4744-FBDEC2E4FDCB}" = Catalyst Control Center Graphics Previews Vista
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0EBA5DDE-D68F-4137-9F85-878A36839585}" = Brother HL-2035
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{14D0B48E-E222-4183-93E3-EEE0489A5025}" = Labtec Wireless Desktop
"{15886D4F-CBFC-7943-217A-D035561C4E4B}" = CCC Help Spanish
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1C596F4C-2771-9EF6-4755-B8EFAE48D7D2}" = Catalyst Control Center Localization Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27DC856A-0916-4988-8198-8714DDD3183D}" = AGEIA PhysX v7.05.17
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{2F4714C3-2FEE-A1D5-BC30-3C42540D0D96}" = Catalyst Control Center Graphics Full Existing
"{2FEFABB1-C318-B3C0-FE93-1C9CA101ED6D}" = CCC Help Finnish
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32C0A3EA-E824-1FBD-09A9-34E17BF1D85F}" = CCC Help Norwegian
"{3315E5D3-A2A7-7B09-5209-1B473747949C}" = CCC Help German
"{3594EE90-B157-4519-9E82-8B6F4711A0A1}" = Catalyst Control Center - Branding
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{42CA6365-0777-FA79-1BD5-5FB967E0A708}" = Catalyst Control Center Localization Norwegian
"{43AA03F5-785D-E4EA-A807-716CD4690734}" = Catalyst Control Center Localization French
"{45D1C008-BC8C-BB47-34AD-BE4AB0791E76}" = Catalyst Control Center Localization German
"{4960E719-9264-9E83-5F26-3CB7CB2554B6}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1D4EE7-EBD0-E04B-DA43-BF94ADA36618}" = Catalyst Control Center Localization Swedish
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65F4830E-3098-7764-B551-8F077FB799E9}" = CCC Help English
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8A8C135A-F9ED-5EC6-C7D5-CE5923583654}" = Catalyst Control Center Core Implementation
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{8D96012C-6DCC-92AE-E428-615651B63D2C}" = CCC Help Danish
"{8DE40268-220A-4AF6-90EC-09966CBE8772}" = ArcSoft PhotoImpression 6
"{8E732D82-FBFB-0D08-5A00-506AB54EADC7}" = Catalyst Control Center Graphics Full New
"{8F18881C-AEA8-820B-D723-EE62FAE55BA3}" = Catalyst Control Center Localization Finnish
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{93078533-C867-D67B-5AD9-E68B8FC119B1}" = CCC Help Swedish
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9CE2FAE0-D562-2FF2-8856-8A1B57997F1F}" = CCC Help Italian
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A6011F20-8EAA-E783-5C7A-BF6D8DC694C4}" = Skins
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9B5DBA2-5480-E883-5FA7-DAF5927247DA}" = Catalyst Control Center Localization Italian
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C47AFB4C-9581-7BF7-351C-886ED95E2AC9}" = Catalyst Control Center Graphics Light
"{C51FF8A2-D1A3-2A14-B088-26C861DA642D}" = CCC Help Japanese
"{C90C99AC-6F1E-7F55-F91B-D81A12F4540B}" = Catalyst Control Center Localization Dutch
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D47F9C63-D544-09FC-E03E-09405C0215C8}" = CCC Help French
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"{E1C3A1AD-7254-CFCA-135E-7B1390267659}" = Catalyst Control Center Localization Japanese
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E8A2C0F7-A196-5A59-C6EF-B2D6698D0999}" = ccc-core-static
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Hama Wireless LAN Adapter
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F028F7CF-BFAF-C420-1E75-429D9C354C89}" = CCC Help Dutch
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F78AC3C0-578C-49AB-BD4E-3107A6036A13}" = Tom Clancy's Ghost Recon Advanced Warfighter® 2
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FF88B174-8326-29B5-3B2E-3850523AD94F}" = Catalyst Control Center Localization Spanish
"AC Tool" = AC Tool
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audacity_is1" = Audacity 1.2.6
"Dark Age of Camelot" = Dark Age of Camelot
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Garena" = Garena 2010
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{B9B02A9E-8074-4C3F-AAE5-311528F34FED}" = NTI Photo Maker Hot Fix
"InstallShield_{DDA223A7-627F-4173-9CA4-A9C531BCBB62}" = NTI JewelCase Maker Hot Fix
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"mIRC" = mIRC
"MobMap_is1" = MobMap 3.55
"MSC" = McAfee SecurityCenter
"OpenAL" = OpenAL
"QcDrv" = Labtec® Camera-Treiber
"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2
"Steam App 500" = Left 4 Dead
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---








2)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.04.2011 14:25:50 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Dustin\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 64,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,43 Gb Total Space | 242,34 Gb Free Space | 53,21% Space Free | Partition Type: NTFS
Drive D: | 457,58 Gb Total Space | 457,47 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive E: | 616,37 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: DUSTIN-PC | User Name: Dustin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dustin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe (Egis inc.)
PRC - C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
PRC - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - c:\PROGRA~2\mcafee\msc\mcuimgr.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\labtec\WebCam10\WebCam10.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\LVComSX.exe (Labtec Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dustin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - c:\PROGRA~2\mcafee\SITEAD~1\saHook.dll (McAfee, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (SiteAdvisor Service) -- C:\Program Files (x86)\SiteAdvisor\6172\SAService.exe ()
SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (McNASvc) -- c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Labtec Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (GTUHSSER) -- C:\Windows\SysNative\DRIVERS\gtuhsser.sys ()
DRV:64bit: - (GTUHSOMS) -- C:\Windows\SysNative\DRIVERS\gtuhsoms.sys ()
DRV:64bit: - (GTUHSNDISIPXP) -- C:\Windows\SysNative\DRIVERS\gtuhs51.sys ()
DRV:64bit: - (GTUHSBUS) -- C:\Windows\SysNative\DRIVERS\gtuhsbus.sys ()
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys ()
DRV:64bit: - (psdvdisk) -- C:\Windows\SysNative\DRIVERS\PSDVdisk.sys ()
DRV:64bit: - (PSDNServ) -- C:\Windows\SysNative\DRIVERS\PSDNServ.sys ()
DRV:64bit: - (PSDFilter) -- C:\Windows\SysNative\DRIVERS\psdfilter.sys ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\DRIVERS\netr7364.sys ()
DRV:64bit: - (ITEIO.SYS) -- C:\Windows\SysNative\drivers\ITEIO.sys ()
DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\DRIVERS\Gt51Ip.sys ()
DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\DRIVERS\gt72ubus.sys ()
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\Drivers\NTIDrvr.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys ()
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys ()
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys ()
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys ()
DRV:64bit: - (MPFP) -- C:\Windows\SysNative\Drivers\Mpfp.sys ()
DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\DRIVERS\gtptser.sys ()
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\DRIVERS\LVUSBS64.sys ()
DRV:64bit: - (LVMVDrv) -- C:\Windows\SysNative\DRIVERS\LVMVDrv.sys ()
DRV:64bit: - (LVcKap64) -- C:\Windows\SysNative\DRIVERS\LVcKap64.sys ()
DRV:64bit: - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\SysNative\DRIVERS\LV561V64.SYS ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=0909&m=aspire_x1700
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/?ref=home"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011.04.21 09:45:10 | 000,000,000 | ---D | M]
 
[2010.01.04 15:17:48 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Extensions
[2011.04.20 15:05:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\r6x0fl0v.default\extensions
[2011.03.21 21:00:44 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Dustin\AppData\Roaming\mozilla\Firefox\Profiles\r6x0fl0v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.19 19:27:05 | 000,001,583 | -H-- | M] () -- C:\Users\Dustin\AppData\Roaming\Mozilla\Firefox\Profiles\r6x0fl0v.default\searchplugins\web-search.xml
[2011.04.21 09:45:10 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR
[2009.12.24 23:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\MCAPBH~1.DLL ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe ()
O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated)
O4:64bit: - HKLM..\Run: [EmpoweringTechnology]  File not found
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files (x86)\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Labtec Inc,)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files (x86)\Labtec\WebCam10\WebCam10.exe ()
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.exe ()
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAd64.dll ()
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files (x86)\SiteAdvisor\6172\SiteAdv.dll ()
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Dustin\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.09 13:53:23 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:32 | 001,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 06:59:54 | 000,001,982 | R--- | M] () - E:\autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.06.20 07:01:00 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:30 | 000,087,060 | R--- | M] () - E:\autorun.obj -- [ CDFS ]
O33 - MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\Shell - "" = AutoRun
O33 - MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O33 - MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2003.06.25 12:17:32 | 001,101,824 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 14:07:29 | 000,000,000 | ---D | C] -- C:\Users\Dustin\AppData\Roaming\Malwarebytes
[2011.04.21 14:06:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.21 14:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.21 14:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.21 14:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.21 14:05:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Dustin\Desktop\mbam-setup.exe
[2011.04.21 13:51:29 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.16 23:44:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.04.16 23:37:51 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Schule
[2011.04.10 23:00:54 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Documents\Command and Conquer Generals Data
[2011.04.10 21:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.04.10 21:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011.03.27 18:23:01 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\Documents\Mama
[2011.03.23 01:03:35 | 000,000,000 | RH-D | C] -- C:\Users\Dustin\AppData\Roaming\SecuROM
[2008.11.01 03:58:44 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Dustin\Desktop\*.tmp files -> C:\Users\Dustin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 14:24:11 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.21 14:24:11 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.21 14:24:11 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.21 14:24:11 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.21 14:24:11 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.21 14:16:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.04.21 14:16:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 14:16:47 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 14:16:45 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 14:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 14:15:49 | 000,011,073 | ---- | M] () -- C:\Windows\SysNative\Config.MPF
[2011.04.21 14:06:42 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 14:05:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Dustin\Desktop\mbam-setup.exe
[2011.04.21 14:04:01 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 13:51:30 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~45080328
[2011.04.21 13:51:30 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~45080328r
[2011.04.21 13:51:29 | 000,000,587 | -H-- | M] () -- C:\Users\Dustin\Desktop\Windows Recovery.lnk
[2011.04.21 13:51:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\45080328
[2011.04.21 12:28:48 | 000,000,250 | -H-- | M] () -- C:\Windows\Brownie.ini
[2011.04.18 00:19:47 | 000,014,640 | -H-- | M] () -- C:\Users\Dustin\Desktop\lucas.jpg
[2011.04.17 23:54:07 | 000,022,654 | -H-- | M] () -- C:\Users\Dustin\Desktop\200792710302-brandt.jpg
[2011.04.17 22:30:19 | 000,055,633 | -H-- | M] () -- C:\Users\Dustin\Desktop\207876_1924566283047_1508846874_32111602_3408150_n.jpg
[2011.04.11 13:29:32 | 000,327,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.10 21:51:05 | 000,000,614 | -H-- | M] () -- C:\Windows\eReg.dat
[2011.04.10 21:46:11 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle.lnk
[2011.04.08 17:59:19 | 468,721,284 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.04.06 14:31:55 | 000,023,518 | -H-- | M] () -- C:\Users\Dustin\Documents\gattungen.odt
[2011.04.02 14:42:49 | 001,811,479 | -H-- | M] () -- C:\Users\Dustin\Desktop\Jasper Forks - River Flows In You.mp3
[2011.04.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2011.03.29 19:00:50 | 000,108,858 | -H-- | M] () -- C:\Users\Dustin\Desktop\woyzeck personenkonstellation.jpg
[2011.03.27 18:19:19 | 000,000,432 | -H-- | M] () -- C:\Windows\BRWMARK.INI
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Dustin\Desktop\*.tmp files -> C:\Users\Dustin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 14:06:42 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.21 14:06:38 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.21 13:51:30 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~45080328r
[2011.04.21 13:51:29 | 000,000,587 | -H-- | C] () -- C:\Users\Dustin\Desktop\Windows Recovery.lnk
[2011.04.21 13:51:29 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~45080328
[2011.04.21 13:51:25 | 000,000,336 | -H-- | C] () -- C:\ProgramData\45080328
[2011.04.18 00:19:47 | 000,014,640 | -H-- | C] () -- C:\Users\Dustin\Desktop\lucas.jpg
[2011.04.17 23:54:06 | 000,022,654 | -H-- | C] () -- C:\Users\Dustin\Desktop\200792710302-brandt.jpg
[2011.04.17 22:30:18 | 000,055,633 | -H-- | C] () -- C:\Users\Dustin\Desktop\207876_1924566283047_1508846874_32111602_3408150_n.jpg
[2011.04.10 21:51:05 | 000,000,614 | -H-- | C] () -- C:\Windows\eReg.dat
[2011.04.10 21:46:11 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\Command & Conquer(TM) Generäle.lnk
[2011.04.06 14:31:54 | 000,023,518 | -H-- | C] () -- C:\Users\Dustin\Documents\gattungen.odt
[2011.04.02 14:42:46 | 001,811,479 | -H-- | C] () -- C:\Users\Dustin\Desktop\Jasper Forks - River Flows In You.mp3
[2011.03.29 19:00:50 | 000,108,858 | -H-- | C] () -- C:\Users\Dustin\Desktop\woyzeck personenkonstellation.jpg
[2011.03.21 20:13:26 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~47308552r
[2011.03.21 20:13:26 | 000,000,104 | -H-- | C] () -- C:\ProgramData\~47308552
[2011.03.21 20:13:22 | 000,000,336 | -H-- | C] () -- C:\ProgramData\47308552
[2010.11.08 21:19:18 | 000,113,152 | ---- | C] () -- C:\Programme\1031.MST
[2010.11.08 21:19:18 | 000,015,832 | ---- | C] () -- C:\Programme\0x0407.ini
[2010.11.08 21:19:09 | 108,341,760 | ---- | C] () -- C:\Programme\Samsung New PC Studio.msi
[2010.07.27 00:23:24 | 000,001,242 | -H-- | C] () -- C:\Windows\WinInit.Ini
[2010.07.25 18:50:12 | 000,094,208 | -H-- | C] () -- C:\Windows\ImageSearchDLL.dll
[2010.07.25 18:50:12 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\ImageSearchDLL.dll
[2010.04.14 12:41:53 | 000,000,680 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\d3d9caps.dat
[2010.01.15 20:51:36 | 000,000,151 | -H-- | C] () -- C:\Windows\BRVIDEO.INI
[2010.01.15 20:51:36 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2010.01.15 20:51:24 | 000,009,030 | -H-- | C] () -- C:\Windows\HL-2030.INI
[2010.01.15 20:51:24 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2010.01.15 20:45:22 | 000,000,432 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2010.01.15 20:44:49 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2010.01.15 20:44:23 | 000,000,250 | -H-- | C] () -- C:\Windows\Brownie.ini
[2010.01.05 00:34:52 | 000,000,750 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\RT73_{EB59AAE2-D068-42D3-9D56-708E63CC4D05}_sta
[2010.01.05 00:34:37 | 000,000,760 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\RT73_{EB59AAE2-D068-42D3-9D56-708E63CC4D05}_prof
[2010.01.04 15:17:49 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009.12.26 23:38:57 | 000,032,768 | -H-- | C] () -- C:\Users\Dustin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.24 23:38:00 | 000,000,044 | -H-- | C] () -- C:\Windows\Acer(Normal).ini
[2009.12.24 23:38:00 | 000,000,042 | -H-- | C] () -- C:\Windows\Acer(Wide).ini
[2009.09.22 22:17:57 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2009.09.22 13:23:59 | 000,000,000 | -H-- | C] () -- C:\Windows\ativpsrm.bin
[2008.10.31 20:59:55 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2008.10.31 20:59:55 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2008.10.31 19:43:50 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.10.31 19:43:50 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.05.15 19:06:58 | 000,071,208 | ---- | C] () -- C:\Windows\SysWow64\PhysXLoader.dll
[2007.04.14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2007.04.14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2007.04.14 15:57:06 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2007.04.14 15:57:04 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA

< End of report >
         
--- --- ---


Ich hoffe sehr, dass ihr mir weiterhelfen könnte, nochmals vielen Dank!!!

Geändert von Cerize (21.04.2011 um 13:54 Uhr)

Alt 21.04.2011, 16:41   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



Zitat:
Ich habe bereits die den Malware-Scan durchgeführt und konnte 12 infizierte Objekte entfernen.
Auch davon müsssen alle Logs gepostet werden...
__________________

__________________

Alt 21.04.2011, 17:02   #3
Cerize
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



ups das habe ich wohl vergessen

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6412

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

21.04.2011 14:15:21
mbam-log-2011-04-21 (14-15-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 185424
Laufzeit: 7 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syscheckrt.exe (Trojan.SpyEyes) -> Value: syscheckrt.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\syscheckrt (Trojan.SpyEyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\45080328.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Dustin\AppData\Local\Temp\1363E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dustin\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dustin\AppData\Local\Temp\ldr657a.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dustin\AppData\Local\Temp\ldr80e9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Dustin\AppData\Local\Temp\tmp656A.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Dustin\AppData\Local\Temp\tmp7F35.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\syscheckrt\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully.


waren doch nur 9
__________________

Alt 21.04.2011, 18:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.04.2011, 02:26   #5
Cerize
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



Achso, ich hatte den Quick Scan durchgeführt weil dies so in einem anderen von euch verfassten thema beschrieben wurde.

Habe jetzt nochmals einen vollständigen durchlaufen lassen:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6415

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

22.04.2011 03:21:09
mbam-log-2011-04-22 (03-21-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 431375
Laufzeit: 2 Stunde(n), 0 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


scheint ja nichts gefunden zu haben. Konntest du bisher schon irgendetwas defektes an meinem system feststellen?

Außerdem habe ich noch ein Problem, welches erst seit erstem Auftreten des Malwares besteht. Wenn ich meinen Pc hochfahre, erscheinen 2 Fehlermeldung die beide das gleiche besagen:
ATI Catalyst Control Center funktioniert nicht mehr.

Ich kann mir nicht erklären woran das liegt :s Hoffe du hast da bereits eine Antwort drauf, vielen dank nochmal!


Alt 22.04.2011, 12:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: []  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.09 13:53:23 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:32 | 001,101,824 | R--- | M] () - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 06:59:54 | 000,001,982 | R--- | M] () - E:\autorun.csf -- [ CDFS ]
O32 - AutoRun File - [2003.06.20 07:01:00 | 000,000,027 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.06.25 12:17:30 | 000,087,060 | R--- | M] () - E:\autorun.obj -- [ CDFS ]
O33 - MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\Shell - "" = AutoRun
O33 - MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\Shell\AutoRun\command - "" = I:\setup.exe AUTORUN=1
O33 - MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\Shell - "" = AutoRun
O33 - MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2003.06.25 12:17:32 | 001,101,824 | R--- | M] ()
[2011.04.21 13:51:29 | 000,000,000 | -H-D | C] -- C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.21 13:51:30 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~45080328
[2011.04.21 13:51:30 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~45080328r
[2011.04.21 13:51:29 | 000,000,587 | -H-- | M] () -- C:\Users\Dustin\Desktop\Windows Recovery.lnk
[2011.04.21 13:51:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\45080328
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:C95B63DA
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Windows Recovery eingefangen

Alt 22.04.2011, 14:46   #7
Cerize
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.csf scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.obj scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012b89e0-f0ec-11de-b6dd-002197c731a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{012b89e0-f0ec-11de-b6dd-002197c731a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{012b89e0-f0ec-11de-b6dd-002197c731a9}\ not found.
File I:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b904d9b2-aec1-11df-9074-002197c731a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b904d9b2-aec1-11df-9074-002197c731a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b904d9b2-aec1-11df-9074-002197c731a9}\ not found.
File F:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bda1c17a-a769-11de-8759-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bda1c17a-a769-11de-8759-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bda1c17a-a769-11de-8759-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
C:\Users\Dustin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery folder moved successfully.
C:\ProgramData\~45080328 moved successfully.
C:\ProgramData\~45080328r moved successfully.
C:\Users\Dustin\Desktop\Windows Recovery.lnk moved successfully.
C:\ProgramData\45080328 moved successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:C95B63DA deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 34826 bytes
->Temporary Internet Files folder emptied: 140070 bytes
->FireFox cache emptied: 15029602 bytes
->Flash cache emptied: 75 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dustin
->Temp folder emptied: 3809090728 bytes
->Temporary Internet Files folder emptied: 51298631 bytes
->Java cache emptied: 14789971 bytes
->FireFox cache emptied: 113268025 bytes
->Flash cache emptied: 169987 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 58243649 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 54714893 bytes

Total Files Cleaned = 3.928,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04222011_153914

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\autorun.csf scheduled to be moved on reboot.
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\autorun.obj scheduled to be moved on reboot.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Windows\temp\mcmsc_9nl27oZDKSmdbv0 moved successfully.
File\Folder C:\Windows\temp\mcmsc_D2W0u7rEkMcvbHe not found!
File\Folder C:\Windows\temp\mcmsc_Ylmc7ulUjyoVfVd not found!
C:\Windows\temp\sqlite_e21HXBnryeaRP7l moved successfully.
C:\Windows\temp\sqlite_Qtpan8TI1FJmbL4 moved successfully.
C:\Windows\temp\sqlite_RTaItkUlVt4RlWR moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VRK8BPDO\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TIEAQGLW\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRFRCPEJ\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EW8ZM52A\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot.

Registry entries deleted on Reboot...



hoffe ich habs richtig gemacht

Alt 23.04.2011, 14:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows Recovery eingefangen - Standard

Windows Recovery eingefangen



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Windows Recovery eingefangen
64-bit, alternate, audacity, bho, bonjour, converter, desktop, diner dash, error, excel, flash player, google, helper.exe, home, install.exe, league of legends, location, logfile, microsoft office word, mp3, object, office 2007, oldtimer, otl.exe, phishing, plug-in, popup, problem, programm, realtek, saver, searchplugins, security, security update, senden, shell32.dll, shortcut, siteadvisor, software, start menu, super, svchost.exe, syswow64, t-mobile, teamspeak, vista, windows



Ähnliche Themen: Windows Recovery eingefangen


  1. File Recovery Virus eingefangen
    Log-Analyse und Auswertung - 11.09.2012 (1)
  2. Data Recovery Malware eingefangen und gemäß Anleitung hier bekämpft
    Log-Analyse und Auswertung - 06.11.2011 (1)
  3. Windows XP Recovery GAU
    Plagegeister aller Art und deren Bekämpfung - 18.06.2011 (15)
  4. Windows Recovery
    Log-Analyse und Auswertung - 10.06.2011 (20)
  5. windows xp recovery eingefangen!!
    Plagegeister aller Art und deren Bekämpfung - 03.06.2011 (7)
  6. Windows 7 recovery
    Log-Analyse und Auswertung - 24.05.2011 (9)
  7. Windows Recovery eingefangen!
    Log-Analyse und Auswertung - 18.05.2011 (37)
  8. Trojaner eingefangen: Windows Recovery
    Log-Analyse und Auswertung - 10.05.2011 (20)
  9. Windows Recovery eingefangen
    Log-Analyse und Auswertung - 09.05.2011 (24)
  10. Windows Recovery auf PC
    Log-Analyse und Auswertung - 08.05.2011 (6)
  11. Windows Recovery Trojaner eingefangen
    Log-Analyse und Auswertung - 08.05.2011 (1)
  12. Windows recovery eingefangen
    Log-Analyse und Auswertung - 04.05.2011 (31)
  13. Windows Recovery
    Log-Analyse und Auswertung - 04.05.2011 (7)
  14. Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
    Log-Analyse und Auswertung - 30.04.2011 (6)
  15. Windows Recovery eingefangen - OTL Logs angefügt
    Log-Analyse und Auswertung - 27.04.2011 (1)
  16. Windows recovery
    Log-Analyse und Auswertung - 26.04.2011 (13)
  17. Windows Recovery :(
    Plagegeister aller Art und deren Bekämpfung - 24.04.2011 (1)

Zum Thema Windows Recovery eingefangen - Hallo liebe Community, wie schon im Titel genannt habe ich mir Windows Recovery eingefangen! Ich muss zugeben, ich habe dieses Programm schon etwas länger, da ich jedoch kein Computer-Fachmann bin - Windows Recovery eingefangen...
Archiv
Du betrachtest: Windows Recovery eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.