Plagegeister aller Art und deren Bekämpfung: Festplatte weg, windows - delayed write failed & weitere Fehler
![]() | ![]() Festplatte weg, windows - delayed write failed & weitere Fehler Hallo! Ich habe ein großes Problem mit meinem PC! ( Schreibe vom Laptop ) Bin nicht wirklich ein Computerexperte, aber habe bisher eigentlich immer alle Probleme beheben können, bis auf dieses: Ich war gerade am Surfen als Avira irgndeine Fehlermeldung fand, ich dachte es wurde entfernt und surfte weiter. Doch kurz danach wurde auf einmal der Bildschirm schwarz & es tauchten viele Fehlermeldungen auf ( Windows - Delayed Write Failed:Failed to save all the components for file:\\system32\ und dann immer verschieden Zahlen) Dann fingen die Probleme an: es war auf einmal das Programm System Check installiert und dann wusste ich das es wohl ein Trojaner ist. Diese Programm berichtet von lauter Fehlern auf meinem Computer, ich kann es nicht mal schließen oder minimieren. Der Task Manager ist auch blockiert und meine ganze Festplatte leer. Ich wecheslte danach mal auf meinen nebenbenutzer, der vorerst in ordnung war. ich schaute auf meinem laufwerk C und dort war nur eine Datei mit der Endung .bak vorhanden, sonst nichts Außerdem bemerkte ich das die Windows Defender ausgeschaltet war, obwohl ich es selbst sie nie ausgeschaltet habe.... Naja und als ich dann meinen PC scannen wollte kamen die selben Probleme wie bei dem Hauptbenutzer und der Bildschirm wurde wieder schwarz... wie kann ich das problem beheben? Geändert von royal18 (06.02.2012 um 00:19 Uhr) |
Festplatte weg, windows - delayed write failed & weitere Fehler

Hi,
__________________OTL downloaden und auf einen USB-Stick kopieren, dann den Rechner im abgesicherten Modus mit Eingabeaufforderung hochfahren (F8 beim Booten drücken). Kopiere dann die OTL.exe von dem Stick auf den Rechner (copy E:\OTL.EXE .)(wenn E Dein USB-Stick ist). Otl ausführen, Logs zurückkopieren und hier posten... Wichtig:Du musst mit dem verseuchten Konto booten! OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

![]() | ![]() Festplatte weg, windows - delayed write failed & weitere Fehler OTL Logfile:
ATTFilter OTL logfile created on: 06.02.2012 17:19:55 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Mathias\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free 4,25 Gb Paging File | 3,12 Gb Available in Paging File | 73,42% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,69 Gb Total Space | 21,32 Gb Free Space | 18,91% Space Free | Partition Type: NTFS Drive D: | 112,39 Gb Total Space | 46,71 Gb Free Space | 41,56% Space Free | Partition Type: NTFS Drive F: | 5,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,64 Gb Total Space | 1,17 Gb Free Space | 15,28% Space Free | Partition Type: FAT32 Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mathias\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Google\Update\\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\3DataManager\WTGService.exe () PRC - C:\Program Files\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\3DataManager\bmctl.exe (Bytemobile, Inc.) PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Unlocker\UnlockerCOM.dll () MOD - C:\Program Files\3DataManager\H3GA_WTGSMSPCClientGer.dll () MOD - C:\Program Files\3DataManager\H3GA_OneClickAssistantGer.dll () MOD - C:\Program Files\3DataManager\WtgDriverInstallX.dll () MOD - C:\Program Files\3DataManager\WTGSMSPCClient.dll () MOD - C:\Program Files\3DataManager\WtgCore.dll () MOD - C:\Program Files\3DataManager\WtgDriverInstall.dll () MOD - C:\Program Files\3DataManager\WtgBluetooth.dll () MOD - C:\Program Files\3DataManager\WtgDialup.dll () MOD - C:\Program Files\3DataManager\WtgDetection.dll () MOD - C:\Program Files\3DataManager\WtgDatabase.dll () MOD - C:\Program Files\3DataManager\WtgPorts.dll () MOD - C:\Program Files\3DataManager\WtgUtil.dll () MOD - C:\Program Files\3DataManager\WTGDebugs.dll () ========== Win32 Services (SafeList) ========== SRV - (iPod Service) -- File not found SRV - (CLTNetCnService) -- File not found SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (WTGService) -- C:\Program Files\3DataManager\WTGService.exe () SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - (CdaC15BA) -- C:\Windows\System32\drivers\CDAC15BA.SYS () DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..extensions.enabledItems: toolbar@ask.com: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2 FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.5 FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=3kQFs3eO&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-AT&FORM=MIC8E5&q=" FF - user.js..browser.search.selectedEngine: "Search" FF - user.js..keyword.URL: "hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=3kQFs3eO&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version= c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version= c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version= C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version= C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version= c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2010.09.15 01:14:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 11:26:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.12 19:01:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.06 17:16:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.06 17:16:07 | 000,000,000 | ---D | M] [2011.12.17 07:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2009.05.29 16:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012.02.06 14:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\mw7gam1n.default\extensions [2012.01.11 18:59:55 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\mw7gam1n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.08.16 09:08:20 | 000,000,931 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\mw7gam1n.default\searchplugins\conduit.xml [2012.01.04 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.10.29 20:26:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.11.21 12:26:13 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2011.10.29 11:26:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.01.04 23:01:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.10.06 22:59:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.08.19 14:38:17 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.06 22:59:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.06 22:59:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.06 22:59:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.16 09:51:55 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml [2011.10.06 22:59:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.06 22:59:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\\npGoogleUpdate3.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\ CHR - Extension: Google-Suche = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\\ CHR - Extension: Google Mail = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\ O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found. O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found. O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe File not found O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59BE314F-DB6E-4667-AD4E-D54436E77B94}: NameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6BD94DC-1049-4C17-88CA-1A95E28EE6A7}: NameServer = O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.06.28 14:21:08 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell - "" = AutoRun O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell - "" = AutoRun O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell - "" = AutoRun O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell - "" = AutoRun O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell\AutoRun\command - "" = L:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell - "" = AutoRun O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell\AutoRun\command - "" = K:\LiteAuto.exe O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.08.29 12:29:54 | 001,131,832 | R--- | M] () O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell - "" = AutoRun O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell - "" = AutoRun O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell - "" = AutoRun O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell - "" = AutoRun O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell - "" = AutoRun O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell - "" = AutoRun O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell - "" = AutoRun O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = LiteAuto.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.02.06 17:19:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.02.06 14:02:36 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\system check [2012.02.06 13:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.02.06 13:11:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.06 13:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.06 02:41:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes [2012.02.06 02:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.01.27 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation [2012.01.27 16:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2012.01.27 15:58:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2012.01.27 15:58:29 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2012.01.27 15:58:27 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2012.01.27 15:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\RailSimulator.com [2012.01.27 15:12:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2012.01.27 15:00:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite [2012.01.27 15:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.01.11 17:12:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll [2012.01.11 17:12:06 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.01.11 17:12:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll [2012.01.11 17:11:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll [2012.01.11 17:11:51 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2009.09.05 13:52:00 | 000,155,648 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll [2009.09.05 13:52:00 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2009.09.05 13:52:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll [2009.09.05 13:52:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll [2008.02.01 11:15:16 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe [23 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.06 17:25:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACCB2B73-7376-4D85-961A-F9F10035963C}.job [2012.02.06 17:22:28 | 010,682,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.06 17:22:27 | 033,002,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.06 17:22:27 | 009,767,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.06 17:22:25 | 010,691,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.06 17:22:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3878B4AC-7B06-48BA-ABB8-506B25B244BF}.job [2012.02.06 16:50:37 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.06 16:50:36 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.06 16:50:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.06 16:50:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.02.06 16:50:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.06 16:45:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.06 16:30:28 | 000,106,496 | ---- | M] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.06 13:49:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.02.06 13:11:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.06 01:23:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe [2012.02.05 22:58:32 | 000,000,456 | ---- | M] () -- C:\ProgramData\iBo3rsBV5BPdeD [2012.02.05 22:56:51 | 000,000,304 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeD [2012.02.05 22:55:08 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.02.05 22:42:53 | 000,000,192 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeDr [2012.01.27 16:05:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.01.26 06:34:59 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.01.09 21:36:18 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [23 C:\*.tmp files -> C:\*.tmp -> ] [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.06 13:11:49 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.06 02:07:34 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.02.06 02:07:34 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2012.02.06 02:07:34 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.02.06 02:07:34 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2012.02.06 02:07:34 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2.lnk [2012.02.06 02:07:34 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk [2012.02.06 02:07:34 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\3DataManager.lnk [2012.02.06 02:07:34 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.02.06 02:07:34 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk [2012.02.06 02:07:34 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk [2012.02.06 02:07:29 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk [2012.02.06 02:07:29 | 000,001,565 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk [2012.02.06 02:07:28 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk [2012.02.06 02:07:28 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk [2012.02.06 02:07:28 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012.02.06 02:07:28 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2012.02.06 02:07:28 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.02.06 02:07:28 | 000,001,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk [2012.02.06 02:07:28 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk [2012.02.06 02:07:28 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk [2012.02.06 02:07:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk [2012.02.06 02:07:28 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2012.02.06 02:07:28 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk [2012.02.06 02:07:28 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.02.06 02:07:28 | 000,001,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk [2012.02.06 02:07:28 | 000,001,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk [2012.02.06 02:07:28 | 000,001,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk [2012.02.06 02:07:28 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.02.06 02:07:28 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk [2012.02.05 22:55:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.02.05 22:42:53 | 000,000,304 | ---- | C] () -- C:\ProgramData\~iBo3rsBV5BPdeD [2012.02.05 22:42:53 | 000,000,192 | ---- | C] () -- C:\ProgramData\~iBo3rsBV5BPdeDr [2012.02.05 22:42:46 | 000,000,456 | ---- | C] () -- C:\ProgramData\iBo3rsBV5BPdeD [2011.11.26 12:11:41 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2011.11.17 09:11:49 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe [2011.07.01 00:18:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.05.03 17:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.03.17 13:38:01 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini [2011.03.17 13:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\FileOut.cns [2011.03.17 13:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\FileIn.cns [2010.10.05 22:52:17 | 000,000,012 | ---- | C] () -- C:\Windows\System32\language.ini [2010.09.26 16:21:25 | 000,000,049 | ---- | C] () -- C:\Windows\cdplayer.ini [2010.06.12 18:36:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.06.12 18:36:51 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.04.03 13:57:41 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll [2010.03.22 18:09:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll [2009.09.29 15:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.09.29 15:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.05 13:52:04 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe [2009.09.05 13:52:02 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2009.09.05 13:52:02 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe [2009.09.05 13:52:01 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini [2009.08.07 00:04:37 | 000,000,095 | ---- | C] () -- C:\Users\Mathias\AppData\Local\fusioncache.dat [2009.06.16 19:09:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2009.03.19 21:05:54 | 000,455,503 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\NMM-MetaData.db [2008.09.18 16:12:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.07.24 16:51:25 | 000,000,751 | ---- | C] () -- C:\Windows\Bti.ini [2008.06.25 20:22:53 | 000,000,268 | R--- | C] () -- C:\ProgramData\Dictionaries [2008.06.25 20:22:53 | 000,000,268 | R--- | C] () -- C:\Users\Mathias\AppData\Roaming\Desktop Pictures [2008.06.25 20:22:53 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2008.06.25 20:22:53 | 000,000,012 | R--- | C] () -- C:\ProgramData\Distortion [2008.05.22 15:47:19 | 000,000,053 | ---- | C] () -- C:\Windows\3dtrack.INI [2008.05.22 15:45:50 | 000,002,840 | ---- | C] () -- C:\Windows\Track.INI [2008.04.12 12:42:57 | 000,036,074 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate [2008.03.12 21:49:18 | 000,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI [2008.02.09 20:03:33 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll [2008.02.09 18:11:19 | 000,000,950 | ---- | C] () -- C:\Windows\eReg.dat [2008.02.01 18:25:38 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI [2008.02.01 18:21:00 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS [2008.02.01 17:45:29 | 000,005,032 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\wklnhst.dat [2008.02.01 12:48:16 | 000,106,496 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.02.01 11:16:16 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.02.01 11:16:15 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.02.01 11:15:16 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe [2008.02.01 10:20:37 | 000,008,268 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.05.07 09:41:16 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 08:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 08:22:38 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.07 08:22:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat [2007.05.07 08:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2007.05.07 08:22:34 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll [2006.11.02 16:33:31 | 033,002,562 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:33:31 | 010,691,444 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,356,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 010,682,270 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 009,767,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.02.2012 17:19:55 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Mathias\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free 4,25 Gb Paging File | 3,12 Gb Available in Paging File | 73,42% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,69 Gb Total Space | 21,32 Gb Free Space | 18,91% Space Free | Partition Type: NTFS Drive D: | 112,39 Gb Total Space | 46,71 Gb Free Space | 41,56% Space Free | Partition Type: NTFS Drive F: | 5,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive L: | 7,64 Gb Total Space | 1,17 Gb Free Space | 15,28% Space Free | Partition Type: FAT32 Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 "InternetSettingsDisableNotify" = 1 "AutoUpdateDisableNotify" = 1 "AntiVirusOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1723684492-1119337897-2682288371-1000] "EnableNotifications" = 0 "EnableNotificationsRef" = 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption "C:\Program Files\Mozilla Firefox\update.exe" = C:\Program Files\Mozilla Firefox\update.exe:*:Enabled:ldrsoft "" = :*:Enabled:ldrsoft ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0E6786B0-E88E-4669-9381-F40544316F6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{317EED68-3952-480D-ABAF-5673C357FBBF}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00901846-18DB-4384-8B5D-128236A5A47F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | "{0CA65C21-C832-4758-843F-19044F17892D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0CB34526-D54B-4893-B843-98FC796F3991}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0CD31391-E5E9-45FC-9DAC-22C2F57C9751}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0F76EBAD-41C6-46FB-BC4D-55683E5FEC2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0F9161CD-A55C-4567-9A16-85ACC4851570}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0F9A1FFB-D6AD-4FDC-8568-FD1FFCF3AE8D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{0FD129D8-E12E-4F92-92F5-B1313DCF0A5C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{12893BC6-768E-456E-AF5D-789E9FD89E85}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | "{17C04A19-611D-4EDF-BAFD-E70017DA7989}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1B3EF32F-A8B1-4AB8-A172-99653593324D}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | "{203A4DFC-CC9E-4127-BC08-EE258F81295F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe | "{24817410-2DD9-4004-B435-C899A4D6F526}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | "{2816AA20-B235-49E9-91EA-558E5E385E03}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{285E08A3-92B2-48F5-8BDC-A3EDC518C54D}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{2A8F5F02-7F77-4A81-8552-A4C7FB7D30E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{3788A14F-2BFF-4781-8AEF-F45FD2807889}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E491FF3-96FD-4F56-A736-10FDC25A6D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{3E950545-AE4D-48B0-93EE-FD645616637A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe | "{58918602-00A9-4972-80C9-083465CA83D8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{5AA8B5C7-05C0-4D4C-9D9A-12202CF66530}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | "{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe | "{63DA1678-8DA9-4218-8907-D247CFA23CAF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{699B9900-F72E-482E-BCBC-C5FCCC8FD04F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6E0C9577-4EE2-4660-A4EC-DF3014EE8E8A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{77A26F11-D97B-42DC-A351-FA744D67BD21}" = protocol=6 | dir=in | app=c:\users\mathias\music\limewire\limewire.exe | "{7C135A64-5037-4076-9A41-714E515FA330}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{8EE9ACFC-C350-4B58-A5DD-E8D2F9C72129}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe | "{9207EBD7-94C5-40B7-8717-51C185650878}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{943BC599-F756-43DC-ADBA-96AAC9BD51CD}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | "{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe | "{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe | "{A3B091FC-9D54-4D15-B12C-738ACEE4ED3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A6B28209-5CD5-4263-8066-8CCA5622D805}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{A9E3BE7F-B234-4F60-BEB7-A17755535E8B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{AC80CDBF-7E91-4D22-AE24-8F6C5CB20CED}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{BC826F75-5321-4C1C-990D-68192B5733EA}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{BF447880-3399-4DA7-A2EF-4123833FB174}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{C046FF61-84AC-42C6-98AB-CB1F52D94E95}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | "{C92A53AB-085F-41EB-9CCE-BD270B43073F}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | "{CB691722-B74E-4C58-A6CE-83732992AC40}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{CB993806-6468-4516-BDDE-A76ECFB6B32B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{DB044A76-CA54-4C8C-86B6-5FEC60D5ADEA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | "{DE7A4B05-F291-47FB-8057-4E80104C3F2C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{E676AD52-911A-4D37-913A-AF7EE3EEDCFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E7E07E95-D982-4EF5-A701-8ECCFD81B7E0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{E906F03E-1F1C-4F9A-9806-EC76D4122009}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe | "{F6D0CE5C-4887-4C1F-BEFC-60986305A184}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{F9B99C37-7D1E-4DD5-B458-1B67098CA151}" = protocol=17 | dir=in | app=c:\users\mathias\music\limewire\limewire.exe | "{FD45E6C6-7F98-4211-8AEC-A0C540E75E83}" = dir=in | app=c:\program files\skype\phone\skype.exe | "TCP Query User{20F12E8E-4A89-42F3-89B3-BA9D89166C40}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "TCP Query User{2915F6A5-DF25-4CA7-935C-A27995601D04}C:\users\mathias\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\local\mediaget2\mediaget.exe | "TCP Query User{562D6F31-1E49-4363-B753-87095AD1975B}C:\users\mathias\appdata\local\temp\rarsfx1\hl.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\local\temp\rarsfx1\hl.exe | "TCP Query User{6328E34C-1C93-4832-AA8B-269BD5EA8319}C:\program files\bearflix\bearflix.exe" = protocol=6 | dir=in | app=c:\program files\bearflix\bearflix.exe | "TCP Query User{78F34482-2F41-42D6-B194-102CFE3A6EEF}C:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe | "TCP Query User{93069BB7-AF2B-4BB8-85E8-B2FE1C7FAA73}C:\program files\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe | "TCP Query User{9C083F7E-EFEF-4F0E-9A56-1001250B4F1C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "TCP Query User{9D4B4D00-2E3D-4749-B4B4-4D808EF7BF6B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | "TCP Query User{A0747A12-BE21-4AD9-8970-6B961B7197E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{D4804D79-3D33-4C3E-B754-B88EEECB9800}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{E2C6A21A-1389-473A-8D36-C16DEB43DFBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | "TCP Query User{EE79ED53-CDD6-409D-8640-3C7BDDB9A60D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{F065099C-3875-4B7C-A37F-B02B8E579906}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{049C8085-A5C2-42E7-87EE-37051466EC38}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{1C4FE8C8-CB32-4C3D-8160-33372373B4CE}C:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe | "UDP Query User{3183255B-758B-4D07-886E-274FDCB1E82D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{3DB92F30-1FDC-48DD-A5D2-7E25CF2D5323}C:\program files\bearflix\bearflix.exe" = protocol=17 | dir=in | app=c:\program files\bearflix\bearflix.exe | "UDP Query User{4965D930-7F4F-426B-BE59-378967EEC820}C:\users\mathias\appdata\local\temp\rarsfx1\hl.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\local\temp\rarsfx1\hl.exe | "UDP Query User{6C045AC9-9CA2-45E4-A471-C4D865C4C5FF}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | "UDP Query User{71826DE5-2939-4818-94A4-4FE2F5C60E70}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | "UDP Query User{77311670-A658-416D-885C-81BFC2713815}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | "UDP Query User{8BB755E5-59F7-4C6B-9B71-AB385EFE2322}C:\users\mathias\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\local\mediaget2\mediaget.exe | "UDP Query User{9EB46821-591A-4AE3-B046-F6240F4D88FC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | "UDP Query User{ABD3D440-956B-42C7-A246-A7E96F23B12A}C:\program files\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe | "UDP Query User{DC76747E-8DBD-4F71-BD82-C9798D59BE3D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "UDP Query User{ED6DEAF9-3DCA-493E-A645-D5D45EE2B7E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}" = Magic Lernprogramm "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series "{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre "{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20F1FFAF-1BFF-450C-A8C7-03D1BE24B950}" = Microsoft .NET Framework (German) "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{315393A0-F849-41EE-86EB-BC577C2B3561}" = MAGIX PC Check & Tuning Free "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD "{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B2B78EC-5111-4C0E-A955-0D84BBA49740}" = Animation Shop 3 Try And Buy "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7 "{681734DF-28F0-4842-855C-91CCE610FA67}" = Aerosoft's - Strassenbahn Berlin-Koepenick "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe" "{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver "{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A908524F-7045-402C-BEC5-C387A3B739CD}" = MAGIX Screenshare "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite "{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager "{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8 "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center "{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64 "{E3A64E20-EDA4-4B93-9176-FD3B4C7B085F}" = TransportGigant: Down Under "{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0 "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer "{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked "{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Hama Webcam AC-150 "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F37E7087-2309-49CD-914F-9000CD95ED26}_is1" = Steig auf! 3.0 "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician "0900Warner" = 0900 Warner 3.50 "0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "3DataManager" = 3DataManager "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Ashampoo UnInstaller 2010_is1" = Ashampoo UnInstaller 2010 "ATI Uninstaller" = ATI Uninstaller "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) "Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung "CanonMyPrinter" = Canon My Printer "CanonSolutionMenu" = Canon Utilities Solution Menu "CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem (05/24/2007 "Cheat Engine 5.5_is1" = Cheat Engine 5.5 "DivX Setup" = DivX-Setup "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Fraps" = Fraps "Google Chrome" = Google Chrome "Google Updater" = Google Updater "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00 "Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.7 beta "MAGIX_MSI_PC_Check_Tuning_2010_Free" = MAGIX PC Check & Tuning Free "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework Full v1.0.3705 (1031)" = Microsoft .NET Framework (German) v1.0.3705 "Mobile Partner" = Mobile Partner "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "MP Navigator EX 1.0" = Canon MP Navigator EX 1.0 "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "ProTrain 2.1 2.1" = ProTrain 2.1 2.1 "ProTrain Rheintal 1.0" = ProTrain Rheintal 1.0 "RealPlayer 12.0" = RealPlayer "Train Simulator 1.0" = Microsoft Train Simulator "Unlocker" = Unlocker 1.9.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.11 "WebPost" = Microsoft Web Publishing Wizard 1.52 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) "Yahoo! Internet Mail" = Yahoo! Internet Mail "YTdetect" = Yahoo! Detect ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Techno Design IP Notify" = LiveSearch Notification Tool ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > Geändert von royal18 (06.02.2012 um 17:41 Uhr) |
![]() | ![]() Festplatte weg, windows - delayed write failed & weitere Fehler Hallo, habe noch bevor ich das gelesen habe eine hilfreiche Seite hier auf dieser Website gefunden. Folgendes habe ich gemacht: 1. Mit dem Programm Unhide wurden endlich meine Dateien wieder sichtbar 2. Rootkill stoppte das nervige Programm System Check bzw. Fehlermeldungen. 3. Vollscann mit Malwarebytes ( mehrere Dateien gefunden und entfernt, danach nochmal Quickscan ( noch eine weitere Datei gefunden und entfernt ) 4. Es wurde mir geraten, mit OTL die Logfiles zu machen. Bei OTL gibt es aber ein Problem, ich habe alles gemacht wie beschrieben aber es kommen immer folgende Fehlermeldungen: Es befindet sich kein Datenträger im Laufwerk.Legen Sie einen Datenträger in Laufwerk\Device\Harddisk1\DR1,DR3,Dr4 & DR5 ein. Wenn ich es wegklicke geht es dann weiter, die .txt Dateien habe ich oben gepostet |
![]() ![]() ![]() ![]() ![]() | ![]() Festplatte weg, windows - delayed write failed & weitere Fehler Hi, poste das Log von MAM... TDSS-Killer Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)! Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe. Nach dem Start erscheint ein Fenster, dort dann "Start Scan". Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten... Fix für OTL...
![]() Code:
ATTFilter :OTL IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell - "" = AutoRun O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell - "" = AutoRun O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell - "" = AutoRun O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell - "" = AutoRun O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell\AutoRun\command - "" = L:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell - "" = AutoRun O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell\AutoRun\command - "" = K:\LiteAuto.exe O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.08.29 12:29:54 | 001,131,832 | R--- | M] () O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell - "" = AutoRun O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = K:\AutoRun.exe O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell - "" = AutoRun O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell - "" = AutoRun O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell - "" = AutoRun O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell - "" = AutoRun O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell\AutoRun\command - "" = L:\AutoRun.exe O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell - "" = AutoRun O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell - "" = AutoRun O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1 O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\J\Shell - "" = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = LiteAuto.exe [2012.02.05 22:56:51 | 000,000,304 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeD [2012.02.05 22:42:53 | 000,000,192 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeDr :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "UacDisableNotify" = dword:0x00 "InternetSettingsDisableNotify" = dword:0x00 "AutoUpdateDisableNotify" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = dword:0x00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = dword:0x00 :Commands [CREATERESTOREPOINT] [emptytemp] [Reboot]
:Commands
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]
