| |
| |||||||
Log-Analyse und Auswertung: Virus "System Error. Hard disk failure detected"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
07.05.2012, 18:11
| #1 |
 |  Virus "System Error. Hard disk failure detected" Hallo, ich hoffe mir kann jemand helfen? Die oben genannte Fehlermeldung steht bei mir sowie x-viele andere und ich bin gerade am Verzweifeln... Kann dadurch was mit meinen Dateien passieren?!? Die genannten Schritte habe ich ausgeführt... Jetzt finde ich die Dateien nicht mehr... Bin ich echt so blöd? Ou man... Ich versuche es gleich nochmal :-( So, anbei die beiden ersten Dateien und hier noch der Inhalt der GMER-Datei... Hab ich das jetzt so in etwa richtig gemacht?!? GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-07 20:37:09
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: grx5cy7z.exe; Driver: C:\Users\JAMIE-~1\AppData\Local\Temp\fwtdipob.sys
---- System - GMER 1.0.15 ----
SSDT 90ED0326 ZwCreateSection
SSDT 90ED0330 ZwRequestWaitReplyPort
SSDT 90ED032B ZwSetContextThread
SSDT 90ED0335 ZwSetSecurityObject
SSDT 90ED033A ZwSystemDebugControl
SSDT 90ED02C7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 83EBE998 4 Bytes [26, 03, ED, 90]
.text ntkrnlpa.exe!KeSetEvent + 539 83EBECBC 4 Bytes [30, 03, ED, 90] {XOR [EBX], AL; IN EAX, DX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 56D 83EBECF0 4 Bytes [2B, 03, ED, 90] {SUB EAX, [EBX]; IN EAX, DX; NOP }
.text ntkrnlpa.exe!KeSetEvent + 5D1 83EBED54 4 Bytes [35, 03, ED, 90]
.text ntkrnlpa.exe!KeSetEvent + 619 83EBED9C 4 Bytes [3A, 03, ED, 90] {CMP AL, [EBX]; IN EAX, DX; NOP }
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E404340, 0x39C277, 0xE8000020]
? C:\Users\JAMIE-~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1164] ntdll.dll!LdrLoadDll 776F9378 5 Bytes JMP 5DCDC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1164] kernel32.dll!MapViewOfFile 77426B10 5 Bytes JMP 5DF0E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1164] kernel32.dll!VirtualAlloc 7742AF75 5 Bytes JMP 5DF0E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1164] GDI32.dll!CreateDIBSection 77657461 3 Bytes JMP 5DF0E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1164] GDI32.dll!CreateDIBSection + 4 77657465 1 Byte [E6]
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!InSendMessageEx + 4C9 771DE7C8 7 Bytes JMP 10053940 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!CreateIconFromResourceEx + 340 771E0E45 7 Bytes JMP 100537F0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!DdeQueryStringW + 5CE 771FFA2D 7 Bytes JMP 10053920 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!MessageBoxIndirectA + F5 7722D5CE 7 Bytes JMP 10053990 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!MessageBoxIndirectW + 61 7722D634 7 Bytes JMP 10053A60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!MessageBoxExA + 1F 7722D658 7 Bytes JMP 10053A10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!SetWindowLongA 771DE7CD 5 Bytes JMP 5E065EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!SetWindowLongW 771E13B4 5 Bytes JMP 5E065E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!GetWindowInfo 771E428E 5 Bytes JMP 5DE54822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!TrackPopupMenu 771F14F3 5 Bytes JMP 5DE54DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy2 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy3 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy4 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volsnap \Device\HarddiskVolumeShadowCopy7 NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0019c1ea12d4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb1b0716 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb8cb00a (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019c1ea12d4
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb1b0716
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb8cb00a
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0019c1ea12d4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfb1b0716 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfb8cb00a (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS06648.log 131072 bytes
File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS06649.log 131072 bytes
---- EOF - GMER 1.0.15 ----
So, habe jetzt noch das Malware-Programm durchlaufen lassen - kann man die Funde einfach löschen?!? Anbei die Logdatei... Ist das alles richtig so? Habe Angst, dass ich noch mehr Schaden anrichte?!? |
|
08.05.2012, 13:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Virus "System Error. Hard disk failure detected" Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
08.05.2012, 20:57
| #3 | |
| | Virus "System Error. Hard disk failure detected" Mh... Also das mit den Malwarebytes hatte ich ja eigentlich schon gemacht?!? Oder war das so nicht richtig?
__________________Also bei mir läuft der Scan mit "Malwarebytes" nund schon über 2 Stunden und ich falle gleich vom Stuhl vor Müdigkeit... Oder hätte auch der Quick Scan nochmal gereicht? (Obwohl ich den ja schon gemacht habe?) So, da mal die Datei von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.08.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 7.0.6002.18005 Jamie-Anthony :: TEDDYBÄR [Administrator] Schutz: Aktiviert 08.05.2012 20:55:10 mbam-log-2012-05-08 (20-55-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449605 Laufzeit: 3 Stunde(n), 10 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\Uncompressor\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Zitat:
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3d83703d8e9a2b42adc31e9054d2558f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-09 08:46:07
# local_time=2012-05-09 10:46:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 125694743 125694743 0 0
# compatibility_mode=1792 16777215 100 0 1128022 1128022 0 0
# compatibility_mode=5892 16776573 100 100 154443 174075447 0 0
# compatibility_mode=8192 67108863 100 0 39669 39669 0 0
# scanned=251245
# found=11
# cleaned=0
# scan_time=10448
C:\Users\Jamie-Anthony\AppData\Local\Temp\FreemakeVideoConverter_3.0.1.3.exe Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\AppData\Local\Temp\ICReinstall\Facemoods.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\AppData\Local\Temp\is1293846689\MyBabylonTB.exe Win32/Toolbar.Babylon application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Facemoods(1).exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Facemoods.exe probably a variant of Win32/InstallCore.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Setup19_FreeConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter(2).exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter(3).exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter(4).exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Jamie-Anthony\Downloads\vlc-1.1.6-win32.exe Win32/StartPage.OIE trojan (unable to clean) 00000000000000000000000000000000 I
Und wie kann ich den Hintergrund auf meinen Desktop bzw. die Programmanzeige unter dem Startmenü wieder herstellen? Vielen Dank für eure Mühe... |
|
11.05.2012, 10:03
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "System Error. Hard disk failure detected" Du hast aber vorher mit Malwarebytes nur einen Quickscan gemacht! Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
11.05.2012, 16:15
| #5 |
| | Virus "System Error. Hard disk failure detected" Ok, alles klar wegen dem Quickscan... Also an sich geht alles soweit... Allerdings ist eben der Hintergrund schwarz und die Symbole auf dem Desktop waren alle weg - mittlerweile sind sie aber wieder da (habe das mit dem - irgendein Wort mit h?!? - weiß nicht mehr wie es heißt - versucht... Weiß nicht, ob deswegen etwas wieder da ist?) Und das Startmenü ist eben auch weg... Ja... :-( Also da steht nur noch "alle Programme" und darunter ist glaube ich alles da - kann ich nur nicht so gut einschätzen, weil ich sogut wie nie über diesen Weg Ordner geöffnet habe... Geht aber soweit alles auf... Ansonten geht auch alles - also ich gehe dann immer über den Explorer, um die Programme zu starten, die ich sonst über das Startmenü aufrufe... Habe gerade nochmal geschaut... "Unhide" hieß das eine, womit ich eventl. wieder paar Symbole hergestellt habe... Wenn es denn daran lag... |
|
11.05.2012, 20:26
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "System Error. Hard disk failure detected" Ja unhide ist das Tool für den Fall der Fälle wenn ich nicht sicher bin ob bei dir nun alles angezeigt wird oder nicht Das hat NICHTS mit Schlosssymbolen auf den Ordnern die du nicht öffnen kannst zu tun (falls du fragst  )Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ --> Virus "System Error. Hard disk failure detected" |
|
12.05.2012, 09:11
| #7 |
| | Virus "System Error. Hard disk failure detected" Also ich hatte unhide doch schon installiert und auch ausgeführt?!? Ist aber nichts weiter passiert, außer dass die Symbole auf dem Desktop wieder sichtbar waren (weiß abr auch nicht, ob das wirklich davon kam)... Wenn ich unhide öffne, kommt nur das schwarze Fenster und dann passiert nichts mehr?!? Und: Wie bekomme ich den Virus denn jetzt weg?!? Habe Angst, dass meine Daten die ganze Zeit geklaut werden, etc.?!? Also immerhin wurden ja 12 Funde auffindig gemacht?!? |
|
12.05.2012, 20:21
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "System Error. Hard disk failure detected" Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2012, 10:01
| #9 |
| | Virus "System Error. Hard disk failure detected" So, hier die OTL in mehreren Teilen - in einem hat es leider nicht rein gepasst... Code:
ATTFilter OTL logfile created on: 13.05.2012 09:57:32 - Run 4 OTL by OldTimer - Version 3.2.42.3 Folder = c:\Users\Jamie-Anthony\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,47% Memory free 4,23 Gb Paging File | 2,48 Gb Available in Paging File | 58,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 176,24 Gb Total Space | 18,41 Gb Free Space | 10,44% Space Free | Partition Type: NTFS Computer Name: TEDDYBÄR | User Name: Jamie-Anthony | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Windows\Installer\MSI207E.tmp (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files\avira\antivir desktop\ipmGui.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - c:\Users\Jamie-Anthony\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SoftwareDistribution\Download\Install\Silverlight.exe (Microsoft Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - c:\85d803f3aac8145630d2d3933ef1\install.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Silverlight\4.1.10329.0\coregen.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () PRC - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () PRC - C:\Windows\System32\lxeacoms.exe ( ) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe (DisplayLink Corp.) PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation) PRC - C:\Program Files\Sony\VCM Manager Setting\VcmMgrNotification.exe (Sony Corporation) PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll () MOD - C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Program Files\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Program Files\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Sony\Sony PC Companion\Report.dll () MOD - C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll () MOD - C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () MOD - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () MOD - C:\Program Files\Sony\Sony PC Companion\VObject.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\lxeaDRS.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\EPOEMDll.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\epstring.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\EPWizRes.dll () MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll () MOD - C:\Windows\System32\LXEAsmr.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\iptk.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\Epwizard.DLL () MOD - C:\Program Files\Lexmark S300-S400 Series\customui.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\Epfunct.DLL () MOD - C:\Program Files\Lexmark S300-S400 Series\Eputil.DLL () MOD - C:\Program Files\Lexmark S300-S400 Series\Imagutil.DLL () MOD - C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll () MOD - C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll () MOD - C:\Windows\System32\LXEAsm.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Program Files\LitexMedia\All To WMA Converter\WMAShellExt.dll () ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( ) SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe () SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe (DisplayLink Corp.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation) SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.) SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION) SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (dsltestSp5) -- System32\Drivers\dsltestSp5.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG) DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation) DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation) DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation) DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation) DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation) DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation) DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation) DRV - (dlkmd) -- C:\Windows\System32\drivers\dlkmd.sys (DisplayLink Corp.) DRV - (dlkmdldr) -- C:\Windows\System32\drivers\dlkmdldr.sys (DisplayLink Corp.) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation) DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation) DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/service/redir/ie7_start.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKLM\..\SearchScopes\{4813470F-6B8C-4FEA-949B-526F953262C0}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 IE - HKLM\..\SearchScopes\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKLM\..\SearchScopes\{C93EA644-5BF8-49CB-B277-2602FD0C0433}: "URL" = hxxp://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=100478&tt=290412_4_vs&babsrc=SP_ss&mntrId=ccc35b19000000000000544249676659 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=6zOq04dR1_74GZkqAM7_3CckmCc?q={searchTerms} IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}: "URL" = hxxp://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms} IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{E0B4A2C7-7699-432C-B096-C9B9367FA553}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms} IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659" FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2009.7.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 FF - prefs.js..extensions.enabledItems: {6b9c3e37-fcbd-4834-a71a-fa45c106a001}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {D250ED92-1791-42C4-B441-E90BF89B9BEF}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=KW_ss&mntrId=ccc35b19000000000000544249676659&q=" FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.01.05 12:50:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.04 07:38:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.30 08:31:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D250ED92-1791-42C4-B441-E90BF89B9BEF}: C:\Users\Jamie-Anthony\AppData\Local\{D250ED92-1791-42C4-B441-E90BF89B9BEF} [2011.04.02 09:21:37 | 000,000,000 | -H-D | M] [2008.08.31 13:51:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Extensions [2012.05.07 20:49:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions [2010.07.14 21:45:31 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.07 20:49:30 | 000,000,000 | ---D | M] (Babylon Toolbar by Visicom) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{51dd3535-abea-484a-b1cf-06ab7b092c0c} [2012.05.07 09:56:41 | 000,000,000 | -H-D | M] (ST-de Community Toolbar) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001} [2011.05.15 20:51:35 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.03.29 20:17:26 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.16 06:59:53 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\engine@conduit.com [2012.04.26 06:33:37 | 000,000,000 | -H-D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\toolbar@ask.com [2009.05.19 11:28:48 | 000,000,884 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\conduit.xml [2012.05.05 14:38:05 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-1.xml [2010.07.22 20:40:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-10.xml [2010.07.24 21:28:38 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-11.xml [2010.09.10 08:22:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-12.xml [2010.09.17 07:58:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-13.xml [2010.10.23 14:32:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-14.xml [2010.10.29 20:43:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-15.xml [2010.12.13 19:23:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-16.xml [2011.03.03 14:58:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-17.xml [2011.03.08 13:13:00 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-18.xml [2011.03.24 22:46:27 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-19.xml [2009.08.24 10:44:09 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-2.xml [2011.05.01 18:35:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-20.xml [2011.05.15 11:19:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-21.xml [2011.07.13 08:56:31 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-22.xml [2011.07.21 20:31:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-23.xml [2011.08.25 07:49:25 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-24.xml [2011.09.01 18:55:37 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-25.xml [2011.09.11 13:32:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-26.xml [2011.10.12 16:23:44 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-27.xml [2011.11.10 17:10:52 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-28.xml [2011.12.10 16:43:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-29.xml [2009.09.21 11:09:12 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-3.xml [2011.12.10 18:58:07 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-30.xml [2011.12.30 11:17:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-31.xml [2012.02.15 20:47:42 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-32.xml [2009.10.31 08:31:55 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-4.xml [2009.12.17 22:29:16 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-5.xml [2010.01.06 18:40:33 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-6.xml [2010.03.13 09:21:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-7.xml [2010.04.05 19:25:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-8.xml [2010.04.06 19:37:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-9.xml [2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin.xml [2010.01.22 00:07:01 | 000,003,915 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\sweetim.xml [2012.02.15 20:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2009.06.09 20:17:31 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} [2009.07.22 13:09:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.01.19 17:40:30 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE} [2011.04.02 09:21:37 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JAMIE-ANTHONY\APPDATA\LOCAL\{D250ED92-1791-42C4-B441-E90BF89B9BEF} [2012.05.04 07:38:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.15 20:39:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.05.07 20:48:22 | 000,002,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2012.02.15 20:39:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.15 20:39:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.07.21 20:27:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.05.15 20:52:37 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml [2012.02.15 20:39:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.15 20:39:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.15 20:39:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: facemoods (Enabled) CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 CHR - default_search_provider: suggest_url = CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Facemoods = C:\Users\Jamie-Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll () O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe () O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000..\Run: [ALBATTTOOL] C:\Program Files\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe File not found O4 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk = File not found O4 - Startup: C:\Users\Jamie-Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O7 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites) O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.) O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E356E30-94D2-4B82-AD4A-32260CB60786}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F709309A-CB43-4219-9489-BAB633F2CC47}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell - "" = AutoRun O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell\AutoRun\command - "" = G:\DPFMate.exe O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Jamie-Anthony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Jamie-Anthony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk - - File not found MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google) MsConfig - StartUpReg: ICQ - hkey= - key= - File not found MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) MsConfig - StartUpReg: ISTray - hkey= - key= - File not found MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe (MAGIX AG) MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 |
|
13.05.2012, 10:03
| #10 |
| | Virus "System Error. Hard disk failure detected"Code:
ATTFilter
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CACE1E62-59B0-4F7F-87D4-DD335EBBC8F5} - T-Online Toolbar 2.0
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: >{F1FD268A-521D-46F0-B304-8E2794E6ADD3} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.05.13 10:06:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.08 20:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.08 20:47:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.07 22:36:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.07 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Malwarebytes
[2012.05.07 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.07 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.07 20:58:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.07 20:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.07 20:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\babylon01
[2012.05.07 20:48:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
[2012.05.07 20:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Uncompressor
[2012.05.07 20:47:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Local\Babylon
[2012.05.07 20:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.05.07 20:47:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
[2012.05.04 07:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.04 07:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.01 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Local\AskToolbar
[2012.04.26 06:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.26 06:33:44 | 000,000,000 | -H-D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Avira
[2012.04.26 06:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.04.26 06:31:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.26 06:31:43 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.26 06:31:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.26 06:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.26 06:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.18 07:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2010.08.24 19:59:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFEE7.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.05.13 10:12:20 | 000,638,802 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.13 10:12:20 | 000,604,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 10:12:20 | 000,130,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.13 10:12:20 | 000,107,814 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.13 09:50:37 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.13 09:38:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.13 09:38:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 09:38:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 09:38:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.13 09:36:51 | 2143,784,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 19:15:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.11 18:13:05 | 001,148,598 | ---- | M] () -- C:\Users\Jamie-Anthony\Documents\Diversität.pdf
[2012.05.11 17:54:17 | 000,002,631 | -H-- | M] () -- C:\Users\Jamie-Anthony\Desktop\Microsoft Office Word 2007.lnk
[2012.05.10 16:17:51 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.09 18:28:27 | 000,000,680 | ---- | M] () -- C:\Users\Jamie-Anthony\AppData\Local\d3d9caps.dat
[2012.05.08 20:48:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.08 12:04:15 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 12:04:15 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.08 05:48:08 | 303,917,277 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.07 20:58:35 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.07 20:48:31 | 000,000,854 | ---- | M] () -- C:\Users\Jamie-Anthony\Desktop\Uncompressor.lnk
[2012.05.07 18:53:53 | 000,000,000 | ---- | M] () -- C:\Users\Jamie-Anthony\defogger_reenable
[2012.05.07 17:41:42 | 000,001,748 | -H-- | M] () -- C:\Users\Jamie-Anthony\Desktop\Mozilla Firefox.lnk
[2012.05.07 17:40:58 | 000,252,545 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\nvModes.001
[2012.05.07 15:17:09 | 000,227,840 | ---- | M] () -- C:\Users\Jamie-Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.07 09:56:13 | 000,252,545 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\nvModes.dat
[2012.05.02 09:19:02 | 000,002,673 | -H-- | M] () -- C:\Users\Jamie-Anthony\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.04.18 16:14:16 | 000,372,013 | -H-- | M] () -- C:\Users\Jamie-Anthony\Documents\Mechthild.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.05.11 18:13:03 | 001,148,598 | ---- | C] () -- C:\Users\Jamie-Anthony\Documents\Diversität.pdf
[2012.05.07 20:58:35 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.07 20:48:31 | 000,000,854 | ---- | C] () -- C:\Users\Jamie-Anthony\Desktop\Uncompressor.lnk
[2012.05.07 18:53:53 | 000,000,000 | ---- | C] () -- C:\Users\Jamie-Anthony\defogger_reenable
[2012.05.07 17:41:42 | 000,001,748 | -H-- | C] () -- C:\Users\Jamie-Anthony\Desktop\Mozilla Firefox.lnk
[2012.05.07 17:26:37 | 2143,784,960 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.18 16:14:16 | 000,372,013 | -H-- | C] () -- C:\Users\Jamie-Anthony\Documents\Mechthild.pdf
[2012.04.01 00:22:47 | 000,004,962 | ---- | C] () -- C:\ProgramData\etgxespc.rpo
[2012.04.01 00:22:47 | 000,004,884 | ---- | C] () -- C:\ProgramData\homrfjdr.aqx
[2011.07.16 18:42:49 | 000,227,840 | ---- | C] () -- C:\Users\Jamie-Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.07 08:51:31 | 000,000,000 | -H-- | C] () -- C:\Users\Jamie-Anthony\AppData\Local\{64525025-8827-4190-A310-38F60339D8C0}
[2011.06.30 12:07:36 | 000,000,680 | ---- | C] () -- C:\Users\Jamie-Anthony\AppData\Local\d3d9caps.dat
[2011.01.02 18:32:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2011.01.02 18:32:03 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2011.01.02 18:31:51 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2011.01.02 18:31:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2011.01.02 18:31:48 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2011.01.02 18:28:24 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2011.01.02 18:28:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2011.01.02 18:28:05 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2011.01.02 18:28:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2011.01.02 18:28:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2011.01.02 18:28:05 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2011.01.02 18:28:04 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2011.01.02 18:28:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2011.01.02 18:28:01 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2011.01.02 18:28:01 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2011.01.02 18:28:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2011.01.02 18:28:00 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2011.01.02 18:28:00 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2011.01.02 18:28:00 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2011.01.02 18:28:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2011.01.02 18:27:59 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2011.01.02 18:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2011.01.02 18:27:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2011.01.02 18:27:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2011.01.02 18:27:58 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2011.01.02 18:27:58 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2011.01.02 18:27:58 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
[2011.01.02 18:27:58 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2011.01.02 18:27:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2011.01.02 18:27:08 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2010.06.15 20:16:17 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
========== LOP Check ==========
[2011.12.16 14:28:50 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Academic Software Zurich
[2010.06.15 20:30:55 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\AnvSoft
[2012.05.07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
[2008.06.08 13:39:20 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Cuttermaran
[2009.10.02 14:34:05 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DeepBurner
[2012.01.03 21:45:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoft
[2011.05.15 20:51:33 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.02.11 19:15:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\EPSON
[2010.06.15 20:16:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeAudioPack
[2010.06.15 20:18:01 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeCDRipper
[2008.08.22 21:47:26 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant
[2010.08.07 09:27:58 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\ICQ
[2008.04.20 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\InterVideo
[2011.02.05 13:31:18 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.06.17 20:13:21 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\LaunchPad
[2010.01.02 11:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Leadertech
[2008.06.09 13:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\MAGIX
[2012.04.01 00:23:10 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Need4Video
[2010.11.20 08:14:29 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\OpenOffice.org
[2008.02.16 16:08:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Opera
[2009.10.02 08:49:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Pegasys Inc
[2011.10.12 19:02:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\RavensburgerTipToi
[2009.06.04 20:31:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Sony
[2008.02.26 22:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\T-Online
[2008.02.08 20:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\temp
[2008.02.16 14:10:07 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Template
[2011.05.25 16:22:44 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Ulead Systems
[2010.06.15 20:34:39 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Uniblue
[2012.05.11 19:15:25 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.12.16 14:28:50 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Academic Software Zurich
[2010.09.10 11:50:55 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Adobe
[2010.06.15 20:30:55 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\AnvSoft
[2012.04.26 06:33:44 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Avira
[2012.05.07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
[2008.06.08 13:39:20 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Cuttermaran
[2009.10.02 14:34:05 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DeepBurner
[2008.02.10 12:58:36 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DivX
[2012.04.01 15:30:07 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\dvdcss
[2012.01.03 21:45:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoft
[2011.05.15 20:51:33 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.02.11 19:15:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\EPSON
[2010.06.15 20:16:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeAudioPack
[2010.06.15 20:18:01 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeCDRipper
[2008.02.24 19:10:57 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Google
[2008.08.22 21:47:26 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant
[2010.08.07 09:27:58 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\ICQ
[2007.07.20 15:00:04 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Identities
[2007.08.10 13:53:23 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\InstallShield
[2008.04.20 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\InterVideo
[2011.02.05 13:31:18 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.06.17 20:13:21 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\LaunchPad
[2010.01.02 11:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Leadertech
[2007.07.20 17:31:39 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Macromedia
[2008.06.09 13:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\MAGIX
[2012.05.07 21:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Media Center Programs
[2011.12.18 13:43:49 | 000,000,000 | --SD | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Microsoft
[2008.08.31 13:51:25 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla
[2012.04.01 00:23:10 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Need4Video
[2010.11.20 08:14:29 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\OpenOffice.org
[2008.02.16 16:08:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Opera
[2009.10.02 08:49:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Pegasys Inc
[2011.10.12 19:02:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\RavensburgerTipToi
[2008.05.02 20:06:46 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Roxio
[2011.01.14 22:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Skype
[2011.01.14 21:12:16 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\skypePM
[2009.06.04 20:31:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Sony
[2009.06.04 22:25:42 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Sony Corporation
[2008.02.25 18:20:57 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Symantec
[2008.02.26 22:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\T-Online
[2008.02.08 20:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\temp
[2008.02.16 14:10:07 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Template
[2011.05.25 16:22:44 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Ulead Systems
[2010.06.15 20:34:39 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Uniblue
[2011.02.01 15:52:43 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\vlc
< %APPDATA%\*.exe /s >
[2007.01.01 23:22:02 | 003,739,648 | -H-- | M] (Google) -- C:\Users\Jamie-Anthony\AppData\Roaming\Google\Google Talk\googletalk.exe
[2008.02.24 19:11:03 | 000,079,367 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Google\Google Talk\uninstall.exe
[2009.05.08 21:22:05 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\1675E721-3B46-44BF-95D0-E728D662D998\AutoRunCE.exe
[2009.05.08 21:22:07 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\1675E721-3B46-44BF-95D0-E728D662D998\1\module.exe
[2009.05.08 21:22:14 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\445946F7-51D3-4347-B681-370657140002\AutoRunCE.exe
[2009.05.08 21:22:16 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\445946F7-51D3-4347-B681-370657140002\1\module.exe
[2009.05.08 21:20:47 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4B15BDE1-3A77-4063-A296-34D462338FFF\AutoRunCE.exe
[2009.05.08 21:21:00 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4B15BDE1-3A77-4063-A296-34D462338FFF\1\module.exe
[2009.05.08 21:21:40 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4C2FEFBA-6383-45FB-89AF-273D92FB3F85\AutoRunCE.exe
[2009.05.08 21:21:44 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4C2FEFBA-6383-45FB-89AF-273D92FB3F85\1\module.exe
[2009.05.08 21:21:55 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\519E8FE4-0FCE-45E6-B2B4-F0FC2CD562D1\AutoRunCE.exe
[2009.05.08 21:21:58 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\519E8FE4-0FCE-45E6-B2B4-F0FC2CD562D1\1\module.exe
[2009.05.08 21:22:02 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\5B951398-8563-4AED-8F69-D781081B9940\AutoRunCE.exe
[2009.05.08 21:22:04 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\5B951398-8563-4AED-8F69-D781081B9940\1\module.exe
[2009.05.08 21:21:28 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\76ABC327-6702-4E21-ADDB-E278E468F2F7\AutoRunCE.exe
[2009.05.08 21:21:31 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\76ABC327-6702-4E21-ADDB-E278E468F2F7\1\module.exe
[2009.05.08 21:21:52 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\8D191AF8-79EC-4372-91C8-F80C60F786D1\AutoRunCE.exe
[2009.05.08 21:21:54 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\8D191AF8-79EC-4372-91C8-F80C60F786D1\1\module.exe
[2009.05.08 21:21:49 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\90C63287-5C0E-4139-A12C-AF150E4EEB44\AutoRunCE.exe
[2009.05.08 21:21:51 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\90C63287-5C0E-4139-A12C-AF150E4EEB44\1\module.exe
[2009.05.08 21:21:18 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9937E393-19B4-4535-9452-2B85F9FA5FFD\AutoRunCE.exe
[2009.05.08 21:21:21 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9937E393-19B4-4535-9452-2B85F9FA5FFD\1\module.exe
[2009.05.08 21:21:46 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9BDDFA4D-A91A-45FE-A1A0-D6066BD01551\AutoRunCE.exe
[2009.05.08 21:21:47 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9BDDFA4D-A91A-45FE-A1A0-D6066BD01551\1\module.exe
[2009.05.08 21:22:11 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9F4E9777-D0FC-4699-967F-3411D3CB55A9\AutoRunCE.exe
[2009.05.08 21:22:13 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9F4E9777-D0FC-4699-967F-3411D3CB55A9\1\module.exe
[2009.05.08 21:21:59 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\B12043A4-1398-446D-9220-C30E57DBB399\AutoRunCE.exe
[2009.05.08 21:22:00 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\B12043A4-1398-446D-9220-C30E57DBB399\1\module.exe
[2009.05.08 21:21:02 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\BCCCC94C-3ED6-41F6-81B6-D7F7AD769FDC\AutoRunCE.exe
[2009.05.08 21:21:04 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\BCCCC94C-3ED6-41F6-81B6-D7F7AD769FDC\1\module.exe
[2009.05.08 21:21:23 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E47752B6-4AC2-4AC8-841B-68B8DF784CEE\AutoRunCE.exe
[2009.05.08 21:21:26 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E47752B6-4AC2-4AC8-841B-68B8DF784CEE\1\module.exe
[2009.05.08 21:46:10 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E7C17A34-BFA3-4B43-A04D-A4DD9D1B6B68\AutoRunCE.exe
[2009.05.08 21:46:14 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E7C17A34-BFA3-4B43-A04D-A4DD9D1B6B68\1\module.exe
[2009.05.08 21:22:08 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\ED55893A-BC84-42B7-A01A-935AA6FC6D85\AutoRunCE.exe
[2009.05.08 21:22:10 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\ED55893A-BC84-42B7-A01A-935AA6FC6D85\1\module.exe
[2009.05.08 21:21:33 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\F284F578-98F8-4C98-BFD0-1A4A49CC1097\AutoRunCE.exe
[2009.05.08 21:21:37 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\F284F578-98F8-4C98-BFD0-1A4A49CC1097\1\module.exe
[2012.02.11 13:24:34 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\Jamie-Anthony\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.21 04:10:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.21 04:10:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.21 04:10:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: IASTOR.SYS >
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\SATA Driver (Intel) (Non-RAID) 7.0A - 7.0.0.1020\iastor.sys
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.07.20 15:18:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.07.20 15:18:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WININIT.EXE >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
========== Alternate Data Streams ==========
@Alternate Data Stream - 518 bytes -> C:\Users\Jamie-Anthony\Documents\mailhpt.eml:OECustomProperty
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
|
|
13.05.2012, 15:51
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "System Error. Hard disk failure detected" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie7_start.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{4813470F-6B8C-4FEA-949B-526F953262C0}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKLM\..\SearchScopes\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{C93EA644-5BF8-49CB-B277-2602FD0C0433}: "URL" = http://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=http://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=100478&tt=290412_4_vs&babsrc=SP_ss&mntrId=ccc35b19000000000000544249676659
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=6zOq04dR1_74GZkqAM7_3CckmCc?q={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}: "URL" = http://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=http://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{E0B4A2C7-7699-432C-B096-C9B9367FA553}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=KW_ss&mntrId=ccc35b19000000000000544249676659&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2010.07.14 21:45:31 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.07 20:49:30 | 000,000,000 | ---D | M] (Babylon Toolbar by Visicom) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{51dd3535-abea-484a-b1cf-06ab7b092c0c}
[2012.05.07 09:56:41 | 000,000,000 | -H-D | M] (ST-de Community Toolbar) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}
[2011.05.15 20:51:35 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.16 06:59:53 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\engine@conduit.com
[2012.04.26 06:33:37 | 000,000,000 | -H-D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\toolbar@ask.com
[2009.05.19 11:28:48 | 000,000,884 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\conduit.xml
[2012.05.05 14:38:05 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-1.xml
[2010.07.22 20:40:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-10.xml
[2010.07.24 21:28:38 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-11.xml
[2010.09.10 08:22:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-12.xml
[2010.09.17 07:58:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-13.xml
[2010.10.23 14:32:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-14.xml
[2010.10.29 20:43:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-15.xml
[2010.12.13 19:23:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-16.xml
[2011.03.03 14:58:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-17.xml
[2011.03.08 13:13:00 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-18.xml
[2011.03.24 22:46:27 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-19.xml
[2009.08.24 10:44:09 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-2.xml
[2011.05.01 18:35:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-20.xml
[2011.05.15 11:19:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-21.xml
[2011.07.13 08:56:31 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-22.xml
[2011.07.21 20:31:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-23.xml
[2011.08.25 07:49:25 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-24.xml
[2011.09.01 18:55:37 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-25.xml
[2011.09.11 13:32:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-26.xml
[2011.10.12 16:23:44 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-27.xml
[2011.11.10 17:10:52 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-28.xml
[2011.12.10 16:43:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-29.xml
[2009.09.21 11:09:12 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-3.xml
[2011.12.10 18:58:07 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-30.xml
[2011.12.30 11:17:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-31.xml
[2012.02.15 20:47:42 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-32.xml
[2009.10.31 08:31:55 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-4.xml
[2009.12.17 22:29:16 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-5.xml
[2010.01.06 18:40:33 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-6.xml
[2010.03.13 09:21:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-7.xml
[2010.04.05 19:25:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-8.xml
[2010.04.06 19:37:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin.xml
[2010.01.22 00:07:01 | 000,003,915 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\sweetim.xml
[2009.06.09 20:17:31 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2009.07.22 13:09:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.07 20:48:22 | 000,002,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.15 20:39:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.07.21 20:27:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.15 20:52:37 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
[2012.05.07 20:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\babylon01
[2012.05.01 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Local\AskToolbar
[2012.04.26 06:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.04.01 00:22:47 | 000,004,962 | ---- | C] () -- C:\ProgramData\etgxespc.rpo
[2012.04.01 00:22:47 | 000,004,884 | ---- | C] () -- C:\ProgramData\homrfjdr.aqx
[2012.05.07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.05.2012, 19:42
| #12 |
| | Virus "System Error. Hard disk failure detected" Also ich habe es jetzt 2 Mal ausprobiert, und einmal kamen zwei Fehlermeldungen, dass ein Fehler aufgetreten ist und der PC ist abgestürzt und beim zweiten Mal ist es wieder hängen geblieben, sodass ich den PC neu starten musste... Mache ich was falsch? Muss ich irgendwas anderes anklicken? |
|
14.05.2012, 09:01
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "System Error. Hard disk failure detected" Wiederhol den Fix im abgesicherten Modus bitte
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.05.2012, 09:12
| #14 |
| | Virus "System Error. Hard disk failure detected" Hi, also der Fix hat jetzt im etwa 5. Versuch - warum auch immer - funktioniert, aber nun sind alle meine Dateien weg?!? Oder kann sie zumindest nicht mehr finden?!? Auch Fotos, Bilder, Videos, etc. :-( Und vor allem das Powerpointprogramm... Das benötige ich aber unbedingt - habe dafür viel Geld bezahlt... Kann ich das irgendwie wiederholen? Und warum ist das jetzt alles weg? Sollte das alles gelöscht werden? Ansonsten ist die Ansicht auf dem Desktop unverändert... Die Log-Datei: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4813470F-6B8C-4FEA-949B-526F953262C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4813470F-6B8C-4FEA-949B-526F953262C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C93EA644-5BF8-49CB-B277-2602FD0C0433}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C93EA644-5BF8-49CB-B277-2602FD0C0433}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E0B4A2C7-7699-432C-B096-C9B9367FA553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0B4A2C7-7699-432C-B096-C9B9367FA553}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Softonic-de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=KW_ss&mntrId=ccc35b19000000000000544249676659&q=" removed from keyword.URL
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\engine@conduit.com\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\toolbar@ask.com\ not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\conduit.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-19.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-20.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-21.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-22.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-23.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-24.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-25.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-26.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-27.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-28.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-29.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-30.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-31.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-32.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\sweetim.xml not found.
Folder C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Folder C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
File C:\Program Files\babylon01\babylon01X.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{51dd3535-abea-484a-b1cf-06ab7b092c0c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
File C:\Program Files\babylon01\babylon01X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
File G:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Autorun\Autorun.exe not found.
Folder C:\Program Files\babylon01\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Local\AskToolbar\ not found.
Folder C:\Program Files\Ask.com\ not found.
File C:\ProgramData\etgxespc.rpo not found.
File C:\ProgramData\homrfjdr.aqx not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\Babylon\ not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
User: Jamie-Anthony
->Temp folder emptied: 667851 bytes
->Temporary Internet Files folder emptied: 303851098 bytes
->Java cache emptied: 6726529 bytes
->FireFox cache emptied: 52940311 bytes
->Google Chrome cache emptied: 14586026 bytes
->Flash cache emptied: 177499 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5607 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 481153646 bytes
RecycleBin emptied: 1190912 bytes
Total Files Cleaned = 821,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
User: Jamie-Anthony
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_093406
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj07.dll not found!
Registry entries deleted on Reboot...
|
|
14.05.2012, 09:38
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Virus "System Error. Hard disk failure detected" Warum da alles angeblich weg sein soll kann ich nicht nachvollziehen! Probier erstmal einen Neustart von Windows!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Virus "System Error. Hard disk failure detected" |
| andere, blöd, dateien, detected, failure, fehlermeldung, getwindowinfo, hard disk, hoffe, löschen?, ntdll.dll, passieren, schritte, system, versuche, verzweifel, virus |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
