Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Festplatte weg, windows - delayed write failed & weitere Fehler

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.02.2012, 00:10   #1
royal18
 
Festplatte weg, windows - delayed write failed & weitere Fehler - Standard

Festplatte weg, windows - delayed write failed & weitere Fehler



Hallo!

Ich habe ein großes Problem mit meinem PC! ( Schreibe vom Laptop )

Bin nicht wirklich ein Computerexperte, aber habe bisher eigentlich immer alle Probleme beheben können, bis auf dieses:


Ich war gerade am Surfen als Avira irgndeine Fehlermeldung fand, ich dachte es wurde entfernt und surfte weiter. Doch kurz danach wurde auf einmal der Bildschirm schwarz & es tauchten viele Fehlermeldungen auf ( Windows - Delayed Write Failed:Failed to save all the components for file:\\system32\ und dann immer verschieden Zahlen)

Dann fingen die Probleme an: es war auf einmal das Programm System Check installiert und dann wusste ich das es wohl ein Trojaner ist. Diese Programm berichtet von lauter Fehlern auf meinem Computer, ich kann es nicht mal schließen oder minimieren. Der Task Manager ist auch blockiert und meine ganze Festplatte leer.

Ich wecheslte danach mal auf meinen nebenbenutzer, der vorerst in ordnung war. ich schaute auf meinem laufwerk C und dort war nur eine Datei mit der Endung .bak vorhanden, sonst nichts

Außerdem bemerkte ich das die Windows Defender ausgeschaltet war, obwohl ich es selbst sie nie ausgeschaltet habe....
Naja und als ich dann meinen PC scannen wollte kamen die selben Probleme wie bei dem Hauptbenutzer und der Bildschirm wurde wieder schwarz...


wie kann ich das problem beheben?

Geändert von royal18 (06.02.2012 um 00:19 Uhr)

Alt 06.02.2012, 08:46   #2
Chris4You
 
Festplatte weg, windows - delayed write failed & weitere Fehler - Standard

Festplatte weg, windows - delayed write failed & weitere Fehler



Hi,

OTL downloaden und auf einen USB-Stick kopieren, dann den Rechner im abgesicherten Modus mit Eingabeaufforderung hochfahren (F8 beim Booten drücken).
Kopiere dann die OTL.exe von dem Stick auf den Rechner (copy E:\OTL.EXE .)(wenn E Dein USB-Stick ist). Otl ausführen, Logs zurückkopieren und hier posten...
Wichtig:Du musst mit dem verseuchten Konto booten!

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

chris
__________________

__________________

Alt 06.02.2012, 17:23   #3
royal18
 
Festplatte weg, windows - delayed write failed & weitere Fehler - Standard

Festplatte weg, windows - delayed write failed & weitere Fehler



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.02.2012 17:19:55 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mathias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
4,25 Gb Paging File | 3,12 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,69 Gb Total Space | 21,32 Gb Free Space | 18,91% Space Free | Partition Type: NTFS
Drive D: | 112,39 Gb Total Space | 46,71 Gb Free Space | 41,56% Space Free | Partition Type: NTFS
Drive F: | 5,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,64 Gb Total Space | 1,17 Gb Free Space | 15,28% Space Free | Partition Type: FAT32
 
Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mathias\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.99\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\3DataManager\WTGService.exe ()
PRC - C:\Program Files\3DataManager\3DataManager.exe (WebToGo Mobile Internet GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\3DataManager\bmctl.exe (Bytemobile, Inc.)
PRC - C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\Unlocker\UnlockerCOM.dll ()
MOD - C:\Program Files\3DataManager\H3GA_WTGSMSPCClientGer.dll ()
MOD - C:\Program Files\3DataManager\H3GA_OneClickAssistantGer.dll ()
MOD - C:\Program Files\3DataManager\WtgDriverInstallX.dll ()
MOD - C:\Program Files\3DataManager\WTGSMSPCClient.dll ()
MOD - C:\Program Files\3DataManager\WtgCore.dll ()
MOD - C:\Program Files\3DataManager\WtgDriverInstall.dll ()
MOD - C:\Program Files\3DataManager\WtgBluetooth.dll ()
MOD - C:\Program Files\3DataManager\WtgDialup.dll ()
MOD - C:\Program Files\3DataManager\WtgDetection.dll ()
MOD - C:\Program Files\3DataManager\WtgDatabase.dll ()
MOD - C:\Program Files\3DataManager\WtgPorts.dll ()
MOD - C:\Program Files\3DataManager\WtgUtil.dll ()
MOD - C:\Program Files\3DataManager\WTGDebugs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (iPod Service) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (WTGService) -- C:\Program Files\3DataManager\WTGService.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (hwusbfake) -- C:\Windows\System32\drivers\ewusbfake.sys (Huawei Technologies Co., Ltd.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (CdaC15BA) -- C:\Windows\System32\drivers\CDAC15BA.SYS ()
DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..extensions.enabledItems: codiprog@fbplus.plugin:1.5
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=3kQFs3eO&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.live.com/results.aspx?mkt=de-AT&FORM=MIC8E5&q="
 
FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL: "hxxp://www.sicto.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=3kQFs3eO&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\3-addons\addon [2010.09.15 01:14:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.10.29 11:26:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.12 19:01:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.06 17:16:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.06 17:16:07 | 000,000,000 | ---D | M]
 
[2011.12.17 07:20:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions
[2009.05.29 16:48:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2012.02.06 14:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\mw7gam1n.default\extensions
[2012.01.11 18:59:55 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\mw7gam1n.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2011.08.16 09:08:20 | 000,000,931 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Mozilla\Firefox\Profiles\mw7gam1n.default\searchplugins\conduit.xml
[2012.01.04 23:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.10.29 20:26:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.21 12:26:13 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.10.29 11:26:16 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012.01.04 23:01:31 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.06 22:59:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.19 14:38:17 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.10.06 22:59:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 22:59:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 22:59:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.16 09:51:55 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2011.10.06 22:59:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 22:59:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.2_0\
CHR - Extension: Google-Suche = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Google Mail = C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.4_0\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - No CLSID value found.
O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [UIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller 2010\UIWatcher.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\Program Files\Common Files\WebSpeech.4.0\LgxIEBar.dll (G DATA Software AG)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59BE314F-DB6E-4667-AD4E-D54436E77B94}: NameServer = 213.94.78.17 213.94.78.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6BD94DC-1049-4C17-88CA-1A95E28EE6A7}: NameServer = 213.94.78.16 213.94.78.17
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.06.28 14:21:08 | 000,000,277 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell - "" = AutoRun
O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell - "" = AutoRun
O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell - "" = AutoRun
O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell - "" = AutoRun
O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell\AutoRun\command - "" = L:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun
O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun
O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell - "" = AutoRun
O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell\AutoRun\command - "" = K:\LiteAuto.exe
O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.08.29 12:29:54 | 001,131,832 | R--- | M] ()
O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell - "" = AutoRun
O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell - "" = AutoRun
O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell - "" = AutoRun
O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell - "" = AutoRun
O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell - "" = AutoRun
O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell - "" = AutoRun
O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun
O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun
O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun
O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell - "" = AutoRun
O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.06 17:19:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.02.06 14:02:36 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\system check
[2012.02.06 13:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.06 13:11:44 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.06 13:11:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.02.06 02:41:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes
[2012.02.06 02:41:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.27 16:04:34 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012.01.27 16:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012.01.27 15:58:29 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2012.01.27 15:58:29 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2012.01.27 15:58:27 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012.01.27 15:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\RailSimulator.com
[2012.01.27 15:12:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.01.27 15:00:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\DAEMON Tools Lite
[2012.01.27 15:00:16 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.01.11 17:12:06 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 17:12:06 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.11 17:12:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 17:11:57 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 17:11:51 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2009.09.05 13:52:00 | 000,155,648 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2009.09.05 13:52:00 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009.09.05 13:52:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2009.09.05 13:52:00 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2008.02.01 11:15:16 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[23 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.06 17:25:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{ACCB2B73-7376-4D85-961A-F9F10035963C}.job
[2012.02.06 17:22:28 | 010,682,270 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.06 17:22:27 | 033,002,562 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.06 17:22:27 | 009,767,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.06 17:22:25 | 010,691,444 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.06 17:22:00 | 000,000,430 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3878B4AC-7B06-48BA-ABB8-506B25B244BF}.job
[2012.02.06 16:50:37 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 16:50:36 | 000,003,296 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.06 16:50:33 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.06 16:50:16 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2012.02.06 16:50:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.06 16:45:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.06 16:30:28 | 000,106,496 | ---- | M] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.06 13:49:01 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.06 13:11:49 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 01:23:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Desktop\OTL.exe
[2012.02.05 22:58:32 | 000,000,456 | ---- | M] () -- C:\ProgramData\iBo3rsBV5BPdeD
[2012.02.05 22:56:51 | 000,000,304 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeD
[2012.02.05 22:55:08 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.02.05 22:42:53 | 000,000,192 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeDr
[2012.01.27 16:05:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.01.27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.01.26 06:34:59 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.01.09 21:36:18 | 000,002,337 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[23 C:\*.tmp files -> C:\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.06 13:11:49 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.06 02:07:34 | 000,002,337 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.02.06 02:07:34 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012.02.06 02:07:34 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.02.06 02:07:34 | 000,001,914 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2012.02.06 02:07:34 | 000,001,902 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims 2.lnk
[2012.02.06 02:07:34 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2012.02.06 02:07:34 | 000,001,772 | ---- | C] () -- C:\Users\Public\Desktop\3DataManager.lnk
[2012.02.06 02:07:34 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.06 02:07:34 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2012.02.06 02:07:34 | 000,000,840 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.02.06 02:07:29 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk
[2012.02.06 02:07:29 | 000,001,565 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk
[2012.02.06 02:07:28 | 000,001,901 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2012.02.06 02:07:28 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk
[2012.02.06 02:07:28 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.02.06 02:07:28 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk
[2012.02.06 02:07:28 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.02.06 02:07:28 | 000,001,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works-Start.lnk
[2012.02.06 02:07:28 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk
[2012.02.06 02:07:28 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk
[2012.02.06 02:07:28 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk
[2012.02.06 02:07:28 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.02.06 02:07:28 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk
[2012.02.06 02:07:28 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.02.06 02:07:28 | 000,001,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk
[2012.02.06 02:07:28 | 000,001,094 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2012.02.06 02:07:28 | 000,001,056 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2012.02.06 02:07:28 | 000,000,822 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.06 02:07:28 | 000,000,730 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2012.02.05 22:55:08 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.02.05 22:42:53 | 000,000,304 | ---- | C] () -- C:\ProgramData\~iBo3rsBV5BPdeD
[2012.02.05 22:42:53 | 000,000,192 | ---- | C] () -- C:\ProgramData\~iBo3rsBV5BPdeDr
[2012.02.05 22:42:46 | 000,000,456 | ---- | C] () -- C:\ProgramData\iBo3rsBV5BPdeD
[2011.11.26 12:11:41 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.11.17 09:11:49 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2011.07.01 00:18:46 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2011.05.03 17:01:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.17 13:38:01 | 000,000,158 | ---- | C] () -- C:\Windows\TSDataEx.ini
[2011.03.17 13:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\FileOut.cns
[2011.03.17 13:34:57 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\FileIn.cns
[2010.10.05 22:52:17 | 000,000,012 | ---- | C] () -- C:\Windows\System32\language.ini
[2010.09.26 16:21:25 | 000,000,049 | ---- | C] () -- C:\Windows\cdplayer.ini
[2010.06.12 18:36:51 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.06.12 18:36:51 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.04.03 13:57:41 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.03.22 18:09:10 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009.09.29 15:51:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.29 15:51:13 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.05 13:52:04 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2009.09.05 13:52:02 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2009.09.05 13:52:02 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2009.09.05 13:52:01 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009.08.07 00:04:37 | 000,000,095 | ---- | C] () -- C:\Users\Mathias\AppData\Local\fusioncache.dat
[2009.06.16 19:09:50 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.03.19 21:05:54 | 000,455,503 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\NMM-MetaData.db
[2008.09.18 16:12:53 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.07.24 16:51:25 | 000,000,751 | ---- | C] () -- C:\Windows\Bti.ini
[2008.06.25 20:22:53 | 000,000,268 | R--- | C] () -- C:\ProgramData\Dictionaries
[2008.06.25 20:22:53 | 000,000,268 | R--- | C] () -- C:\Users\Mathias\AppData\Roaming\Desktop Pictures
[2008.06.25 20:22:53 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2008.06.25 20:22:53 | 000,000,012 | R--- | C] () -- C:\ProgramData\Distortion
[2008.05.22 15:47:19 | 000,000,053 | ---- | C] () -- C:\Windows\3dtrack.INI
[2008.05.22 15:45:50 | 000,002,840 | ---- | C] () -- C:\Windows\Track.INI
[2008.04.12 12:42:57 | 000,036,074 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2008.03.12 21:49:18 | 000,000,355 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008.02.09 20:03:33 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2008.02.09 18:11:19 | 000,000,950 | ---- | C] () -- C:\Windows\eReg.dat
[2008.02.01 18:25:38 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.02.01 18:21:00 | 000,008,864 | ---- | C] () -- C:\Windows\System32\drivers\CDAC15BA.SYS
[2008.02.01 17:45:29 | 000,005,032 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\wklnhst.dat
[2008.02.01 12:48:16 | 000,106,496 | ---- | C] () -- C:\Users\Mathias\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.02.01 11:16:16 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.02.01 11:16:15 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.02.01 11:15:16 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2008.02.01 10:20:37 | 000,008,268 | ---- | C] () -- C:\Users\Mathias\AppData\Local\d3d9caps.dat
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2007.05.07 09:41:16 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.07 08:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.07 08:22:38 | 000,000,130 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.07 08:22:34 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007.05.07 08:22:34 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.05.07 08:22:34 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2006.11.02 16:33:31 | 033,002,562 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 010,691,444 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,356,024 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 010,682,270 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 009,767,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
         
--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.02.2012 17:19:55 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Mathias\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
4,25 Gb Paging File | 3,12 Gb Available in Paging File | 73,42% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 112,69 Gb Total Space | 21,32 Gb Free Space | 18,91% Space Free | Partition Type: NTFS
Drive D: | 112,39 Gb Total Space | 46,71 Gb Free Space | 41,56% Space Free | Partition Type: NTFS
Drive F: | 5,57 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,64 Gb Total Space | 1,17 Gb Free Space | 15,28% Space Free | Partition Type: FAT32
 
Computer Name: MATHIAS-PC | User Name: Mathias | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1723684492-1119337897-2682288371-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption
"C:\Program Files\Mozilla Firefox\update.exe" = C:\Program Files\Mozilla Firefox\update.exe:*:Enabled:ldrsoft
"" = :*:Enabled:ldrsoft
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E6786B0-E88E-4669-9381-F40544316F6C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{317EED68-3952-480D-ABAF-5673C357FBBF}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00901846-18DB-4384-8B5D-128236A5A47F}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 
"{0CA65C21-C832-4758-843F-19044F17892D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0CB34526-D54B-4893-B843-98FC796F3991}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0CD31391-E5E9-45FC-9DAC-22C2F57C9751}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F76EBAD-41C6-46FB-BC4D-55683E5FEC2B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F9161CD-A55C-4567-9A16-85ACC4851570}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0F9A1FFB-D6AD-4FDC-8568-FD1FFCF3AE8D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{0FD129D8-E12E-4F92-92F5-B1313DCF0A5C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{12893BC6-768E-456E-AF5D-789E9FD89E85}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{17C04A19-611D-4EDF-BAFD-E70017DA7989}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1B3EF32F-A8B1-4AB8-A172-99653593324D}" = protocol=6 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | 
"{203A4DFC-CC9E-4127-BC08-EE258F81295F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe | 
"{24817410-2DD9-4004-B435-C899A4D6F526}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe | 
"{2816AA20-B235-49E9-91EA-558E5E385E03}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{285E08A3-92B2-48F5-8BDC-A3EDC518C54D}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{2A8F5F02-7F77-4A81-8552-A4C7FB7D30E1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3788A14F-2BFF-4781-8AEF-F45FD2807889}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E491FF3-96FD-4F56-A736-10FDC25A6D6C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{3E950545-AE4D-48B0-93EE-FD645616637A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe | 
"{58918602-00A9-4972-80C9-083465CA83D8}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{5AA8B5C7-05C0-4D4C-9D9A-12202CF66530}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe | 
"{63DA1678-8DA9-4218-8907-D247CFA23CAF}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{699B9900-F72E-482E-BCBC-C5FCCC8FD04F}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6E0C9577-4EE2-4660-A4EC-DF3014EE8E8A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{77A26F11-D97B-42DC-A351-FA744D67BD21}" = protocol=6 | dir=in | app=c:\users\mathias\music\limewire\limewire.exe | 
"{7C135A64-5037-4076-9A41-714E515FA330}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{8EE9ACFC-C350-4B58-A5DD-E8D2F9C72129}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe | 
"{9207EBD7-94C5-40B7-8717-51C185650878}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{943BC599-F756-43DC-ADBA-96AAC9BD51CD}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe | 
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe | 
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe | 
"{A3B091FC-9D54-4D15-B12C-738ACEE4ED3F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A6B28209-5CD5-4263-8066-8CCA5622D805}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{A9E3BE7F-B234-4F60-BEB7-A17755535E8B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 
"{AC80CDBF-7E91-4D22-AE24-8F6C5CB20CED}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{BC826F75-5321-4C1C-990D-68192B5733EA}" = protocol=17 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{BF447880-3399-4DA7-A2EF-4123833FB174}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{C046FF61-84AC-42C6-98AB-CB1F52D94E95}" = protocol=6 | dir=in | app=c:\program files\bearshare applications\bearshare\bearshare.exe | 
"{C92A53AB-085F-41EB-9CCE-BD270B43073F}" = protocol=17 | dir=in | app=c:\program files\sony\media manager for walkman\mediamanager.exe | 
"{CB691722-B74E-4C58-A6CE-83732992AC40}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{CB993806-6468-4516-BDDE-A76ECFB6B32B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{DB044A76-CA54-4C8C-86B6-5FEC60D5ADEA}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe | 
"{DE7A4B05-F291-47FB-8057-4E80104C3F2C}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{E676AD52-911A-4D37-913A-AF7EE3EEDCFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E7E07E95-D982-4EF5-A701-8ECCFD81B7E0}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{E906F03E-1F1C-4F9A-9806-EC76D4122009}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe | 
"{F6D0CE5C-4887-4C1F-BEFC-60986305A184}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{F9B99C37-7D1E-4DD5-B458-1B67098CA151}" = protocol=17 | dir=in | app=c:\users\mathias\music\limewire\limewire.exe | 
"{FD45E6C6-7F98-4211-8AEC-A0C540E75E83}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{20F12E8E-4A89-42F3-89B3-BA9D89166C40}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{2915F6A5-DF25-4CA7-935C-A27995601D04}C:\users\mathias\appdata\local\mediaget2\mediaget.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\local\mediaget2\mediaget.exe | 
"TCP Query User{562D6F31-1E49-4363-B753-87095AD1975B}C:\users\mathias\appdata\local\temp\rarsfx1\hl.exe" = protocol=6 | dir=in | app=c:\users\mathias\appdata\local\temp\rarsfx1\hl.exe | 
"TCP Query User{6328E34C-1C93-4832-AA8B-269BD5EA8319}C:\program files\bearflix\bearflix.exe" = protocol=6 | dir=in | app=c:\program files\bearflix\bearflix.exe | 
"TCP Query User{78F34482-2F41-42D6-B194-102CFE3A6EEF}C:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe | 
"TCP Query User{93069BB7-AF2B-4BB8-85E8-B2FE1C7FAA73}C:\program files\edonkey2000\edonkey2000.exe" = protocol=6 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe | 
"TCP Query User{9C083F7E-EFEF-4F0E-9A56-1001250B4F1C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"TCP Query User{9D4B4D00-2E3D-4749-B4B4-4D808EF7BF6B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{A0747A12-BE21-4AD9-8970-6B961B7197E9}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D4804D79-3D33-4C3E-B754-B88EEECB9800}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{E2C6A21A-1389-473A-8D36-C16DEB43DFBF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{EE79ED53-CDD6-409D-8640-3C7BDDB9A60D}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{F065099C-3875-4B7C-A37F-B02B8E579906}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{049C8085-A5C2-42E7-87EE-37051466EC38}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{1C4FE8C8-CB32-4C3D-8160-33372373B4CE}C:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon demo\rct.exe | 
"UDP Query User{3183255B-758B-4D07-886E-274FDCB1E82D}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{3DB92F30-1FDC-48DD-A5D2-7E25CF2D5323}C:\program files\bearflix\bearflix.exe" = protocol=17 | dir=in | app=c:\program files\bearflix\bearflix.exe | 
"UDP Query User{4965D930-7F4F-426B-BE59-378967EEC820}C:\users\mathias\appdata\local\temp\rarsfx1\hl.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\local\temp\rarsfx1\hl.exe | 
"UDP Query User{6C045AC9-9CA2-45E4-A471-C4D865C4C5FF}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{71826DE5-2939-4818-94A4-4FE2F5C60E70}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{77311670-A658-416D-885C-81BFC2713815}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe | 
"UDP Query User{8BB755E5-59F7-4C6B-9B71-AB385EFE2322}C:\users\mathias\appdata\local\mediaget2\mediaget.exe" = protocol=17 | dir=in | app=c:\users\mathias\appdata\local\mediaget2\mediaget.exe | 
"UDP Query User{9EB46821-591A-4AE3-B046-F6240F4D88FC}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{ABD3D440-956B-42C7-A246-A7E96F23B12A}C:\program files\edonkey2000\edonkey2000.exe" = protocol=17 | dir=in | app=c:\program files\edonkey2000\edonkey2000.exe | 
"UDP Query User{DC76747E-8DBD-4F71-BD82-C9798D59BE3D}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{ED6DEAF9-3DCA-493E-A645-D5D45EE2B7E6}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AA3AF26-2FA7-4719-9A97-664CD6D332F6}" = Magic Lernprogramm
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}" = Die ersten 10 Jahre
"{1F0D5576-C383-4E5E-9906-0B47BECBB8B6}" = Hama Webcam Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20F1FFAF-1BFF-450C-A8C7-03D1BE24B950}" = Microsoft .NET Framework (German)
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 29
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{315393A0-F849-41EE-86EB-BC577C2B3561}" = MAGIX PC Check & Tuning Free
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B2B78EC-5111-4C0E-A955-0D84BBA49740}" = Animation Shop 3 Try And Buy
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{681734DF-28F0-4842-855C-91CCE610FA67}" = Aerosoft's - Strassenbahn Berlin-Koepenick
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = Systemsteuerung "MobileMe"
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A908524F-7045-402C-BEC5-C387A3B739CD}" = MAGIX Screenshare
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = T-Mobile Internet Manager
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E3A64E20-EDA4-4B93-9176-FD3B4C7B085F}" = TransportGigant: Down Under
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Hama Webcam AC-150
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F37E7087-2309-49CD-914F-9000CD95ED26}_is1" = Steig auf! 3.0
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"0900Warner" = 0900 Warner 3.50
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"3DataManager" = 3DataManager
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 5.0" = Adobe Acrobat 4.0, 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ashampoo UnInstaller 2010_is1" = Ashampoo UnInstaller 2010
"ATI Uninstaller" = ATI Uninstaller
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows-Treiberpaket - Nokia Modem  (02/15/2007 3.1)
"Canon MP210 series Benutzerregistrierung" = Canon MP210 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Windows-Treiberpaket - Nokia Modem  (05/24/2007 6.84.0.1)
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"Fraps" = Fraps
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Magic Set Editor 2_is1" = Magic Set Editor 2 - 0.3.7 beta
"MAGIX_MSI_PC_Check_Tuning_2010_Free" = MAGIX PC Check & Tuning Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework Full v1.0.3705 (1031)" = Microsoft .NET Framework (German) v1.0.3705
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"ProTrain 2.1 2.1" = ProTrain 2.1 2.1
"ProTrain Rheintal 1.0" = ProTrain Rheintal 1.0
"RealPlayer 12.0" = RealPlayer
"Train Simulator 1.0" = Microsoft Train Simulator
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WebPost" = Microsoft Web Publishing Wizard 1.52
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Techno Design IP Notify" = LiveSearch Notification Tool
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---
__________________

Geändert von royal18 (06.02.2012 um 17:41 Uhr)

Alt 06.02.2012, 17:37   #4
royal18
 
Festplatte weg, windows - delayed write failed & weitere Fehler - Standard

Festplatte weg, windows - delayed write failed & weitere Fehler



Hallo,

habe noch bevor ich das gelesen habe eine hilfreiche Seite hier auf dieser Website gefunden. Folgendes habe ich gemacht:

1. Mit dem Programm Unhide wurden endlich meine Dateien wieder sichtbar
2. Rootkill stoppte das nervige Programm System Check bzw. Fehlermeldungen.
3. Vollscann mit Malwarebytes ( mehrere Dateien gefunden und entfernt, danach nochmal Quickscan ( noch eine weitere Datei gefunden und entfernt )
4. Es wurde mir geraten, mit OTL die Logfiles zu machen.

Bei OTL gibt es aber ein Problem, ich habe alles gemacht wie beschrieben aber es kommen immer folgende Fehlermeldungen:

Es befindet sich kein Datenträger im Laufwerk.Legen Sie einen Datenträger in Laufwerk\Device\Harddisk1\DR1,DR3,Dr4 & DR5 ein.

Wenn ich es wegklicke geht es dann weiter, die .txt Dateien habe ich oben gepostet

Alt 07.02.2012, 16:02   #5
Chris4You
 
Festplatte weg, windows - delayed write failed & weitere Fehler - Standard

Festplatte weg, windows - delayed write failed & weitere Fehler



Hi,

poste das Log von MAM...

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

Fix für OTL...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:
ATTFilter
:OTL
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0388BA0C-C7F1-4E6A-BD7A-B59623F33363} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.

O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{007e8e9c-de4e-11dc-b726-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell - "" = AutoRun
O33 - MountPoints2\{038c501d-8e25-11df-94be-fee8bd1c9662}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell - "" = AutoRun
O33 - MountPoints2\{038c5027-8e25-11df-94be-cef161e277b6}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell - "" = AutoRun
O33 - MountPoints2\{054d7348-97c3-11df-b2dd-d89c6a6be0b8}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{09e165ad-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{09e1675e-42e5-11dd-9ef8-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell - "" = AutoRun
O33 - MountPoints2\{185f4386-c05f-11df-8dde-bf965a5e2885}\Shell\AutoRun\command - "" = L:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun
O33 - MountPoints2\{185f43bc-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell - "" = AutoRun
O33 - MountPoints2\{185f43c6-c05f-11df-8dde-f389d6e8203d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell - "" = AutoRun
O33 - MountPoints2\{27190c50-70b8-11df-b33a-c2454cad8f64}\Shell\AutoRun\command - "" = K:\LiteAuto.exe
O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{3fff55d1-d6a5-11dd-92fa-001c253c60aa}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- [2007.08.29 12:29:54 | 001,131,832 | R--- | M] ()
O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell - "" = AutoRun
O33 - MountPoints2\{412d53f7-de8f-11df-80a4-eb121e2db78e}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab221-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab283-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab2be-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{681ab2e4-4392-11dd-834d-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{7a3cb81f-d0e3-11dc-b026-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{8814bd81-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{8814bda2-4924-11dd-9851-001c253c60aa}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell - "" = AutoRun
O33 - MountPoints2\{90564adb-c223-11df-bbd4-f66f07c11859}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{9ba37098-4b4e-11dd-aa3a-001c253c60aa}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{a053985d-d329-11dc-93b3-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell - "" = AutoRun
O33 - MountPoints2\{a275f448-c151-11df-8e92-c161453f84d0}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell - "" = AutoRun
O33 - MountPoints2\{ac365a6a-9194-11df-a525-c59eaa9f350d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell - "" = AutoRun
O33 - MountPoints2\{ac365a72-9194-11df-a525-b5bbc2b8d827}\Shell\AutoRun\command - "" = L:\AutoRun.exe
O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell - "" = AutoRun
O33 - MountPoints2\{c17a6de7-0927-11e0-b747-fecb77f11683}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{c870ff67-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{c870ff69-d4b7-11dc-9e55-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{c8e08fb4-d333-11dc-981b-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{cd1170a0-d0d9-11dc-8da4-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun
O33 - MountPoints2\{db4856a0-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun
O33 - MountPoints2\{db4856a8-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell - "" = AutoRun
O33 - MountPoints2\{db4856e7-2562-11e0-afd3-b85fdb90c4af}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e3c2ce9a-45e5-11dd-9c2c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e459ffd0-b0df-11df-b1c8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{f7cc0edf-ba60-11de-a5ed-001c253c60aa}\Shell\AutoRun\command - "" = F:\Install.exe
O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell - "" = AutoRun
O33 - MountPoints2\{fa170abd-b0ea-11df-b575-e82d304f3a8b}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1
O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0d5f79-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell - "" = AutoRun
O33 - MountPoints2\{fc0d5f7b-e61f-11dc-a818-001c253c60aa}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = LiteAuto.exe
[2012.02.05 22:56:51 | 000,000,304 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeD
[2012.02.05 22:42:53 | 000,000,192 | ---- | M] () -- C:\ProgramData\~iBo3rsBV5BPdeDr

:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = dword:0x00
"InternetSettingsDisableNotify" = dword:0x00
"AutoUpdateDisableNotify" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00
 
:Commands
[CREATERESTOREPOINT]
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Festplatte weg, windows - delayed write failed & weitere Fehler
avira, bildschirm, bildschirm schwarz, blockiert, check, datei, defender, failed, fehler, fehlermeldung, fehlermeldungen, festplatte, file, laptop, laufwerk, laufwerk c, problem, probleme, programm, scan, schließen, surfen, system, system32, trojaner, windows, windows - delayed write failed



Ähnliche Themen: Festplatte weg, windows - delayed write failed & weitere Fehler


  1. Windows Delayed write failed | ESET-LOG | Malwarebytes-LOG
    Log-Analyse und Auswertung - 02.04.2012 (18)
  2. Windows-Delayed Write Failed
    Log-Analyse und Auswertung - 25.03.2012 (3)
  3. Windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 13.03.2012 (1)
  4. Fehlermeldung Windows - Delayed Write Failed. Alle Daten weg?
    Plagegeister aller Art und deren Bekämpfung - 03.03.2012 (18)
  5. windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 14.02.2012 (37)
  6. Windows - Delayed Write Failed (2012-01-25)
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (45)
  7. Windows - Delayed Write Failed
    Log-Analyse und Auswertung - 25.12.2011 (2)
  8. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  9. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\0000428
    Log-Analyse und Auswertung - 15.11.2011 (35)
  10. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\ - St
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (16)
  11. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  12. Windows - Delayed Write Failed - Failed to save...
    Log-Analyse und Auswertung - 10.11.2011 (7)
  13. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  14. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (10)
  15. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)
  16. schwarzer Bildschirm, windows delayed write failed
    Plagegeister aller Art und deren Bekämpfung - 19.10.2011 (16)
  17. schwarzer Bildschirm, windows delayed write failed
    Log-Analyse und Auswertung - 18.10.2011 (17)

Zum Thema Festplatte weg, windows - delayed write failed & weitere Fehler - Hallo! Ich habe ein großes Problem mit meinem PC! ( Schreibe vom Laptop ) Bin nicht wirklich ein Computerexperte, aber habe bisher eigentlich immer alle Probleme beheben können, bis auf - Festplatte weg, windows - delayed write failed & weitere Fehler...
Archiv
Du betrachtest: Festplatte weg, windows - delayed write failed & weitere Fehler auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.