Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Mysterious virtual harddrive without access - new try

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 9th, 2011, 10:02 am

I recognized a virtual harddrive which I did not create and I do not know where it comes from.
In addition I cannot access it.
I would be happy if you can help. Thx.

This is my third attempt to get help from your forum, now.
I did NOT edit the DDS.txt or attach.txt last time as you claimed.
However, I give it another try.

*******************************************
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Hartmut at 15:23:28 on 2011-10-09
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\windows\SYSTEM32\Rezip.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\Users\Hartmut\Install\HijackThis\DDS\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=smsn
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.6\pdfforgeToolbarIE.dll
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NWEReboot]
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - /105
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{56580737-D9B4-4690-8899-62B339230D1E} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{91E3CF70-F5FF-4CF5-A7B3-43D6744D0A0F} : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{91E3CF70-F5FF-4CF5-A7B3-43D6744D0A0F}\75C414E4 : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\hartmut\appdata\roaming\mozilla\firefox\profiles\2l1spfzd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tagesschau.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=gr ... =827316&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R? AVerPola;AVerMedia USB Polaris Series Capture Service
R? AVPolCIR;AVerMedia USB Polaris Series Custom IR Service
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety-Dienst
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update-Dienst (gupdatem)
R? MODRC;DiBcom Infrared Receiver
R? MpKsl25391a4f;MpKsl25391a4f
R? MpKsl3198201c;MpKsl3198201c
R? MpKsl3850d811;MpKsl3850d811
R? MpKsl57367506;MpKsl57367506
R? MpKsl5cbf6f6b;MpKsl5cbf6f6b
R? MpKsl6fa1d6bf;MpKsl6fa1d6bf
R? MpKsl72e083f2;MpKsl72e083f2
R? MpKsl747e7732;MpKsl747e7732
R? MpKsl8ea58ca4;MpKsl8ea58ca4
R? MpKsld3602999;MpKsld3602999
R? MSSQLServerADHelper100;SQL Server Hilfsdienst fr Active Directory
R? qamaptcu;qamaptcu
R? RsFx0150;RsFx0150 Driver
R? RTL8167;Realtek 8167 NT Driver
R? SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS)
R? TsUsbFlt;TsUsbFlt
S? AAV UpdateService;AAV UpdateService
S? AVerRemote;AVerRemote
S? AVerScheduleService;AVerScheduleService
S? cvhsvc;Client Virtualization Handler
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl3d1cfd5f;MpKsl3d1cfd5f
S? MpNWMon;Microsoft Malware Protection Network Driver
S? MsDepSvc;Webbereitstellungs-Agent-Dienst
S? NisDrv;Microsoft Network Inspection System
S? NisSrv;Microsoft-Netzwerkinspektion
S? NVHDA;Service for NVIDIA High Definition Audio Driver
S? OberonGameConsoleService;Oberon Media Game Console service
S? osppsvc;Office Software Protection Platform
S? Rezip;Rezip
S? rtl819xp;Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-) PCI NIC-NT-Treiber
S? SABI;SAMSUNG Kernel Driver For Windows 7
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
.
=============== Created Last 30 ================
.
2011-10-08 15:16:44 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d763eb0-c2b6-440a-910b-095d273f57ad}\MpKsl3d1cfd5f.sys
2011-10-08 15:16:39 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d763eb0-c2b6-440a-910b-095d273f57ad}\offreg.dll
2011-10-08 15:08:00 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{8d763eb0-c2b6-440a-910b-095d273f57ad}\mpengine.dll
2011-10-06 19:05:09 -------- d-----w- c:\users\hartmut\appdata\roaming\Broad Intelligence
2011-10-06 19:04:52 -------- d-----w- c:\program files\MediaCoder
2011-10-04 18:39:29 -------- d-----w- c:\users\hartmut\appdata\roaming\DVDVideoSoft
2011-10-03 16:58:52 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
2011-10-03 16:57:47 73568 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
2011-10-03 16:55:42 -------- d-----w- c:\windows\system32\RsFx
2011-10-03 16:45:33 -------- d-----w- c:\windows\system32\1031
.
==================== Find3M ====================
.
2011-10-04 18:28:37 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 15:25:37,48 ===============

.
==== Installed Programs ======================
.
AAVUpdateManager
ACDSee Foto-Manager 12
Acrobat.com
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.4.6 MUI
Alice Greenfingers
Amazon MP3-Downloader 1.0.9
AnyPC Client
Atheros Client Installation Program
AVerMedia Gaming Plug-in 2.0.10.0
AVerMedia H830 USB Hybrid TV 10.0.0.25
AVerTV
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
BatteryLifeExtender
CCleaner
CDex - Open Source Digital Audio CD Extractor
ChargeableUSB
CyberLink PowerDVD 8
CyberLink YouCam
Dairy Dash
Designer 2.0
DHTML Editing Component
Easy Display Manager
Easy Network Manager
Easy SpeedUp Manager
EasyBatteryManager
ESET Online Scanner v3
Farm Frenzy 2
FreeFotoWorks
Game Pack
GIMP 2.6.11
Go-Go Gourmet
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
IIS 7.5 Express
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MediaCoder 2011
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Antimalware
Microsoft Antimalware Service DE-DE Language Pack
Microsoft Application Error Reporting
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - DEU
Microsoft Choice Guard
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office ScreenTip Language 2010 - Deutsch
Microsoft Security Client
Microsoft Security Client DE-DE Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2-Setup (Deutsch)
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server Browser
Microsoft SQL Server Compact 4.0 DEU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Web Deploy 2.0
Microsoft Web Platform Installer 3.0
Microsoft WebMatrix
Microsoft Works
MITs Wizard 3.0 for Device
Mozilla Firefox 6.0.2 (x86 de)
MSVCRT
NVIDIA Drivers
Office 2010 Trial Extender Version 1.0.0.3
PDF-Viewer
PDF Blender
PDFCreator
pdfforge Toolbar v4.6
Qt SDK 2009.05
Realtek High Definition Audio Driver
REALTEK Wireless LAN Software
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Skype Toolbars
Skype™ 4.2
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Database Engine Services
SQL Server 2008 R2 Database Engine Shared
Sql Server Customer Experience Improvement Program
Steuer-Spar-Erklärung 2010
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
TrueCrypt
Turbo Lister 2
Unterstützungsdateien für Microsoft SQL Server 2008-Setup
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
User Guide
Webtools von Microsoft SQL Server Compact 4.0 DEU
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
Windows Mobile-Gerätecenter
Windows Mobile Device Center Driver Update
Windows Mobile®-Gerätehandbuch
XMind
yEd Graph Editor 3.4.1
.
==== End Of File ===========================
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am
Advertisement
Register to Remove

Re: Mysterious virtual harddrive without access - new try

Unread postby Gary R » October 10th, 2011, 4:09 am

You claim that you have not edited your logs, yet there is information missing that is always produced in a DDS log.

No known infection removes this information, so there is no logical explanation for it to be missing other than it has been edited from the log in an effort to conceal it.

Since it is possible (but highly unlikely) that DDS has not run properly on your computer, I need you to run an alternate scan for me, so I can see the information I'm looking for.

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 10th, 2011, 4:34 pm

Here we go:

OTL logfile created on: 10.10.2011 22:09:30 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Hartmut\Install\HijackThis\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,37% Memory free
3,50 Gb Paging File | 2,10 Gb Available in Paging File | 60,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 11,50 Gb Free Space | 28,75% Space Free | Partition Type: NTFS
Drive D: | 177,79 Gb Total Space | 84,99 Gb Free Space | 47,81% Space Free | Partition Type: NTFS

Computer Name: HARTMUT-PC | User Name: Hartmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011.10.10 21:46:17 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hartmut\Install\HijackThis\OTL\OTL.exe
PRC - [2011.09.07 23:39:03 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011.05.04 22:52:44 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Program Files\TrueCrypt\TrueCrypt.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
PRC - [2009.10.13 12:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009.10.07 03:31:56 | 002,246,144 | ---- | M] (SEC) -- C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009.09.24 08:50:10 | 003,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2009.09.08 01:47:52 | 000,832,512 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2009.08.13 22:58:10 | 000,044,312 | ---- | M] () -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
PRC - [2009.08.11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009.07.31 21:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
PRC - [2009.06.19 19:31:39 | 000,651,264 | R--- | M] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
PRC - [2009.05.20 10:58:04 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
PRC - [2009.04.15 16:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2009.03.05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\System32\Rezip.exe
PRC - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe


========== Modules (No Company Name) ==========

MOD - [2011.09.07 23:39:02 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.02.28 03:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
MOD - [2009.07.31 21:06:25 | 000,155,648 | R--- | M] () -- C:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
MOD - [2009.05.20 10:58:04 | 000,650,920 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\SUPNOT~1.EXE
MOD - [2009.05.13 10:51:26 | 000,155,648 | ---- | M] () -- C:\PROGRA~1\samsung\SAMSUN~2\HMXML.dll
MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.04.01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.08.13 22:58:10 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2009.03.05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\System32\Rezip.exe -- (Rezip)
SRV - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.05.31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - [2011.10.10 21:31:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E2651E9C-76B6-4E73-8031-1518AA55F2D6}\MpKsle02f46b1.sys -- (MpKsle02f46b1)
DRV - [2011.05.04 22:53:05 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.04 21:49:27 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pfc.sys -- (pfc)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.06.22 14:14:38 | 000,036,608 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVPolCIR.sys -- (AVPolCIR)
DRV - [2010.06.22 14:14:30 | 000,451,840 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerPola.sys -- (AVerPola)
DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150)
DRV - [2010.02.01 13:30:32 | 000,557,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl819xp.sys -- (rtl819xp) Realtek RTL8190/RTL8192E 802.11n Wireless LAN (Mini-)
DRV - [2009.09.28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.10 13:51:00 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.03 02:04:46 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.05.01 07:43:34 | 000,064,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007.02.15 13:45:34 | 000,459,264 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mod7700.sys -- (mod7700)
DRV - [2006.11.14 17:59:12 | 000,013,056 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=smsn
IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.startup.homepage: "http://www.tagesschau.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 23:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.10 09:25:08 | 000,000,000 | ---D | M]

[2010.01.26 23:46:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hartmut\AppData\Roaming\mozilla\Extensions
[2010.10.31 22:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hartmut\AppData\Roaming\mozilla\Firefox\Profiles\2l1spfzd.default\extensions
[2011.09.04 20:11:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.07.02 00:50:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.18 20:17:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 21:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.01 11:04:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.31 22:08:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.04 20:11:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011.09.07 23:39:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.30 12:05:44 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2011.08.12 06:19:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.12 06:14:12 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.08.12 06:19:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.12 06:19:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.12 06:19:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.12 06:19:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res:///105 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..Trusted Domains: fritz.box ([]* in Computer)
O15 - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..Trusted Ranges: Range1 ([*] in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56580737-D9B4-4690-8899-62B339230D1E}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91E3CF70-F5FF-4CF5-A7B3-43D6744D0A0F}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\Shell\AutoRun\command - "" = E:\TVCenterPro.exe -autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.10.06 21:06:37 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaCoder
[2011.10.06 21:05:09 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\Broad Intelligence
[2011.10.06 21:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2011.10.04 20:39:29 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\AppData\Roaming\DVDVideoSoft
[2011.10.04 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\Hartmut\Documents\DVDVideoSoft
[2011.10.03 18:58:52 | 000,047,456 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
[2011.10.03 18:57:47 | 000,073,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.50.1600.1.dll
[2011.10.03 18:55:42 | 000,000,000 | ---D | C] -- C:\windows\System32\RsFx
[2011.10.03 18:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2011.10.03 18:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2011.10.03 18:45:33 | 000,000,000 | ---D | C] -- C:\windows\System32\1031
[2011.10.03 18:41:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2

========== Files - Modified Within 30 Days ==========

[2011.10.10 21:53:00 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.10.10 21:19:31 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.10.10 21:09:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.10.09 17:59:28 | 000,768,600 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2011.10.09 17:59:28 | 000,723,878 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.10.09 17:59:28 | 000,175,536 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2011.10.09 17:59:28 | 000,148,482 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.10.08 17:24:39 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.10.08 17:24:39 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.10.08 17:16:23 | 1407,946,752 | -HS- | M] () -- C:\hiberfil.sys
[2011.10.06 21:06:37 | 000,000,993 | ---- | M] () -- C:\Users\Hartmut\Desktop\MediaCoder.lnk
[2011.10.04 20:28:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011.09.25 22:15:39 | 000,025,109 | ---- | M] () -- C:\Users\Hartmut\.recently-used.xbel
[2011.09.13 19:36:39 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

========== Files Created - No Company Name ==========

[2011.10.06 21:06:37 | 000,000,993 | ---- | C] () -- C:\Users\Hartmut\Desktop\MediaCoder.lnk
[2011.09.25 22:15:39 | 000,025,109 | ---- | C] () -- C:\Users\Hartmut\.recently-used.xbel
[2011.09.10 09:47:23 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2011.03.01 12:09:01 | 000,007,605 | ---- | C] () -- C:\Users\Hartmut\AppData\Local\Resmon.ResmonCfg
[2011.01.13 23:17:08 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010.12.28 19:02:06 | 000,049,152 | R--- | C] () -- C:\windows\System32\AVerIO.dll
[2010.12.28 19:02:06 | 000,003,456 | R--- | C] () -- C:\windows\System32\AVerIO.sys
[2010.12.28 19:01:11 | 000,598,016 | R--- | C] () -- C:\windows\System32\sptlib21.dll
[2010.12.28 19:01:11 | 000,290,816 | R--- | C] () -- C:\windows\System32\sptlib22.dll
[2010.12.28 19:01:10 | 000,307,200 | R--- | C] () -- C:\windows\System32\sptlib01.dll
[2010.12.28 19:01:10 | 000,294,912 | R--- | C] () -- C:\windows\System32\sptlib11.dll
[2010.12.28 19:01:10 | 000,249,856 | R--- | C] () -- C:\windows\System32\sptlib03.dll
[2010.12.28 19:01:10 | 000,225,280 | R--- | C] () -- C:\windows\System32\sptlib02.dll
[2010.12.28 19:01:10 | 000,135,168 | R--- | C] () -- C:\windows\System32\sptlib12.dll
[2010.10.31 17:25:10 | 000,009,216 | ---- | C] () -- C:\Users\Hartmut\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.20 13:55:52 | 000,221,184 | ---- | C] () -- C:\windows\System32\HP3AIOZ6.dll
[2010.02.20 13:55:52 | 000,000,412 | ---- | C] () -- C:\windows\System32\HP3AIOZ6.dat
[2010.01.26 20:43:08 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010.01.26 20:40:50 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009.11.05 03:13:15 | 000,768,600 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009.11.05 03:13:15 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009.11.05 03:13:15 | 000,175,536 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009.11.05 03:13:15 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009.11.04 11:29:20 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2009.11.04 10:52:44 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 06:33:53 | 000,429,544 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,723,878 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,148,482 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.07.14 00:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009.07.14 00:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009.07.14 00:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009.07.14 00:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2002.05.03 15:40:32 | 000,094,274 | ---- | C] () -- C:\windows\System32\HPBHEALR.DLL
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\windows\System32\UNACEV2.DLL

========== LOP Check ==========

[2010.11.04 21:51:08 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\ACD Systems
[2011.08.05 00:03:53 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Amazon
[2011.10.06 21:05:09 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Broad Intelligence
[2011.10.04 20:40:43 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\DVDVideoSoft
[2010.11.24 02:13:47 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\fotobuch.de AG
[2011.01.24 23:00:45 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\GetRightToGo
[2010.08.31 20:33:42 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\GHISLER
[2011.09.25 22:15:39 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\gtk-2.0
[2011.01.24 23:01:13 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\IN-MEDIAKG
[2011.01.24 23:03:09 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\mresreg
[2010.12.12 15:10:17 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\Nokia
[2011.10.03 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\SoftGrid Client
[2010.11.21 14:57:40 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\TP
[2011.05.04 23:00:48 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\TrueCrypt
[2010.10.31 17:50:57 | 000,000,000 | ---D | M] -- C:\Users\Hartmut\AppData\Roaming\XnView
[2011.04.15 23:00:45 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


------------------------- Extras.txt ----------------------------------------------------

OTL Extras logfile created on: 10.10.2011 22:09:30 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Hartmut\Install\HijackThis\OTL
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,37% Memory free
3,50 Gb Paging File | 2,10 Gb Available in Paging File | 60,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 11,50 Gb Free Space | 28,75% Space Free | Partition Type: NTFS
Drive D: | 177,79 Gb Total Space | 84,99 Gb Free Space | 47,81% Space Free | Partition Type: NTFS

Computer Name: HARTMUT-PC | User Name: Hartmut | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "%1"
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenAsAWebSite] -- C:\Program Files\Microsoft WebMatrix\WebMatrix.exe #ExecuteCommand# SiteFromFolder %L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de\Designer 2.0\Designer.exe:*:Designer.exe -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0143CF89-5CF2-4F2D-80D5-BFAE64E1BA00}" = MITs Wizard 3.0 for Device
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{13CEE5F4-1E7D-44F8-B77E-6B805680863F}" = Microsoft SQL Server 2008 R2 Native Client
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{167F6479-E5CD-411A-9E44-4296E51F64E5}" = Microsoft SQL Server VSS Writer
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Office 2010 Trial Extender Version 1.0.0.3
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B2BEBFF-32B8-471D-9422-039A8F19C87E}" = Microsoft WebMatrix
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{433E2032-D3E0-46FF-BAA4-0976F333C1E4}" = IIS 7.5 Express
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C9D82EB-9001-4E59-8F64-0BEEE5F4A30A}" = SQL Server 2008 R2 Database Engine Shared
"{4D2121FE-5CCC-4D47-B3A0-BF56045A5099}" = Samsung Support Center
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{5134B35A-B559-4762-94A4-FD4918977953}" = Microsoft Web Deploy 2.0
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = SQL Server 2008 R2 Database Engine Services
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{6C627DDC-E0D3-4804-91A3-3EAB668B2F33}" = Microsoft SQL Server 2008 R2-Setup (Deutsch)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76FAE3C6-F0F2-43D3-9D94-C2AD772C2326}" = Webtools von Microsoft SQL Server Compact 4.0 DEU
"{7C8EAD2B-A954-4F73-AAFC-C3EC60D49ADA}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8DD113A8-811A-404E-A4D7-443D014946AC}" = Microsoft SQL Server Browser
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-00BD-0407-0000-0000000FF1CE}" = Microsoft Office ScreenTip Language 2010 - Deutsch
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{92906ADC-9482-4DDB-870D-0F1F535EAD91}" = SQL Server 2008 R2 Common Files
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{93998800-1608-403F-9A51-420A77D23C25}" = Sql Server Customer Experience Improvement Program
"{93EEC4E9-EEFE-4027-ACD3-6E8C1D085975}" = Microsoft ASP.NET Web Pages - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}" = Microsoft SQL Server System CLR Types
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Foto-Manager 12
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.6 MUI
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = SQL Server 2008 R2 Database Engine Services
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B692E59A-055C-43B7-BE0A-9C2FE0AB88B6}" = Microsoft SQL Server 2008 R2 Management Objects
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E9380A3D-7A10-4988-B2A1-22A41C137D9F}" = SQL Server 2008 R2 Database Engine Shared
"{EA61F81B-5754-4B5A-9BC5-FFEDC29D1DBC}" = Microsoft SQL Server Compact 4.0 DEU
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVerMedia Gaming Plug-in" = AVerMedia Gaming Plug-in 2.0.10.0
"AVerMedia H830 USB Hybrid TV" = AVerMedia H830 USB Hybrid TV 10.0.0.25
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"B7541EC5F72AA713F557569278EB6273725F5607" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"Designer 2.0_is1" = Designer 2.0
"ESET Online Scanner" = ESET Online Scanner v3
"FreeFotoWorks_is1" = FreeFotoWorks
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"MediaCoder" = MediaCoder 2011
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Blender" = PDF Blender
"Qt SDK 2009.05 - C:_Qt" = Qt SDK 2009.05
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"TrueCrypt" = TrueCrypt
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMind" = XMind
"yEd Graph Editor 3.4.1" = yEd Graph Editor 3.4.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.09.2011 15:15:12 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 15.09.2011 15:17:45 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 15.09.2011 15:17:51 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 15.09.2011 15:19:39 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.

Error - 15.09.2011 15:26:55 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\ChargeableUSB_64.exe".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 15.09.2011 15:26:57 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Samsung\chargeableusb\vista_xp_driver\x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 18.09.2011 11:05:40 | Computer Name = Hartmut-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 21.09.2011 14:02:13 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
Support Center\Drv\drv2x64\KStartMem.exe.Manifest". Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 21.09.2011 14:05:13 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 21.09.2011 14:05:20 | Computer Name = Hartmut-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei
"c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3.
Der
Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs
im assemblyIdentity-Element ist ungültig.

[ Media Center Events ]
Error - 21.03.2010 10:42:29 | Computer Name = Hartmut-PC | Source = MCUpdate | ID = 0
Description = 07:25:40 - MCEClientUX konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)

[ System Events ]
Error - 09.03.2011 15:25:31 | Computer Name = Hartmut-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 09.03.2011 16:03:45 | Computer Name = Hartmut-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 09.03.2011 16:03:45 | Computer Name = Hartmut-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 09.03.2011 16:06:25 | Computer Name = Hartmut-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 09.03.2011 16:06:28 | Computer Name = Hartmut-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 10.03.2011 15:18:04 | Computer Name = Hartmut-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AVerScheduleService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 10.03.2011 15:18:04 | Computer Name = Hartmut-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom

Error - 10.03.2011 15:20:14 | Computer Name = Hartmut-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 10.03.2011 15:20:14 | Computer Name = Hartmut-PC | Source = WMPNetworkSvc | ID = 866306
Description =

Error - 10.03.2011 15:32:15 | Computer Name = Hartmut-PC | Source = DCOM | ID = 10010
Description =


< End of report >
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Message to whom it may concern

Unread postby Schubi » October 10th, 2011, 5:04 pm

As I cannot reach you by mail - at least I do not know how - I leave you a message on this way - risking that you exclude me.
I'm sorry that you are not believing your "customers" and that you do not even give a hint which information you are missing.
Anyhow, I did not remove/edit anything from the logs I posted (if you believe it or not).
Maybe you re-think your tools or procedures or maybe you think about the possibility that maybe the missing information
is exactly my computer problem.
You leave me dissappointed. I will try another forrum. Bye.
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Re: Mysterious virtual harddrive without access - new try

Unread postby Gary R » October 10th, 2011, 5:21 pm

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Mysterious virtual harddrive without access - new try

Unread postby Gary R » October 10th, 2011, 6:04 pm

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "malware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Schubi

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.

  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...
    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Not too much of any concern showing in the logs I've seen so far.

There are a couple of applications on your computer capable of creating virtual disks .....

True Crypt creates a virtual disk ..... http://www.truecrypt.org/

Microsoft Application Virtualization Client ..... http://blogs.technet.com/b/appv/archive ... ation.aspx

Your Java needs to be updated to the latest edition .....

Older versions have vulnerabilities that malware can and are using to infect systems.

Please follow these steps to remove older version Java components. This is important as it's still possible to get infected through an old install even if you're using the latest version of Java.

Go to Control Panel > Programs > Uninstall a Program and uninstall

Java(TM) 6 Update 26

Reboot your computer when finished.

Now download and install JDK 6 Update 27 (JDK or JRE).

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
IE - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
[2010.07.02 00:50:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.18 20:17:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.10 21:48:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.01 11:04:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.07.31 22:08:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.09.04 20:11:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O15 - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..Trusted Domains: fritz.box ([]* in Computer)
O15 - HKU\S-1-5-21-2694853571-1494760454-3953676919-1001\..Trusted Ranges: Range1 ([*] in Computer)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O33 - MountPoints2\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\Shell - "" = AutoRun
O33 - MountPoints2\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\Shell\AutoRun\command - "" = E:\TVCenterPro.exe -autorun

:Commands
[emptytemp]
[emptyflash]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

Summary of the logs I need from you in your next post:
  • OTL log
  • E-Set log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 12th, 2011, 5:57 pm

Here the OTL-log. E-Set is still running and will be posted later.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2694853571-1494760454-3953676919-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
Folder C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fritz.box\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2694853571-1494760454-3953676919-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1\\* deleted successfully.
Invalid CLSID key: *
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce4a47ce-41b6-11df-ac2e-0c6076bb6c8f}\ not found.
File E:\TVCenterPro.exe -autorun not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Hartmut
->Temp folder emptied: 152748432 bytes
->Temporary Internet Files folder emptied: 63943367 bytes
->Java cache emptied: 4450065 bytes
->FireFox cache emptied: 241156842 bytes
->Flash cache emptied: 1741 bytes

User: Public

User: user

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32417478 bytes
RecycleBin emptied: 49844908 bytes

Total Files Cleaned = 519,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Hartmut
->Flash cache emptied: 0 bytes

User: Public

User: user

Total Flash Files Cleaned = 0,00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.29.1 log created on 10122011_224333

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 13th, 2011, 12:34 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7f0ad33f5962e24089665b769b77b802
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-11-18 10:35:33
# local_time=2010-11-18 11:35:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 686436 686436 0 0
# compatibility_mode=5891 16776893 100 100 10698 20565471 0 0
# compatibility_mode=8192 67108863 100 0 4341 4341 0 0
# scanned=115692
# found=0
# cleaned=0
# scan_time=8841
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f0ad33f5962e24089665b769b77b802
# end=stopped
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-12 09:44:48
# local_time=2011-10-12 11:44:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 29029090 29029090 0 0
# compatibility_mode=5893 16776574 100 94 9955835 70084738 0 0
# compatibility_mode=8192 67108863 100 0 28346995 28346995 0 0
# scanned=79175
# found=0
# cleaned=0
# scan_time=2341
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=7f0ad33f5962e24089665b769b77b802
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-13 10:00:07
# local_time=2011-10-13 12:00:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 29032049 29032049 0 0
# compatibility_mode=5893 16776574 100 94 9958794 70087697 0 0
# compatibility_mode=8192 67108863 100 0 28349954 28349954 0 0
# scanned=172496
# found=7
# cleaned=0
# scan_time=43501
C:\Users\Hartmut\Install\MediaCoder\MediaCoder2011-R9-5190.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Hartmut\Install\Microsoft Office2010\Trial_Extender\Office_2010_Trial_Extender_1.0.0.3_-_Setup.zip Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\61c69.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10122011_224333\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10122011_224333\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10122011_224333\C_Program Files\COMMON FILES\SPIGOT\WTXPCOM\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\10122011_224333\C_Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Re: Mysterious virtual harddrive without access - new try

Unread postby Gary R » October 13th, 2011, 1:12 pm

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\Hartmut\Install\MediaCoder\MediaCoder2011-R9-5190.exe
C:\Users\Hartmut\Install\Microsoft Office2010\Trial_Extender\Office_2010_Trial_Extender_1.0.0.3_-_Setup.zip
C:\Windows\Installer\61c69.msi

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 15th, 2011, 10:13 am

========== FILES ==========
C:\Users\Hartmut\Install\MediaCoder\MediaCoder2011-R9-5190.exe moved successfully.
C:\Users\Hartmut\Install\Microsoft Office2010\Trial_Extender\Office_2010_Trial_Extender_1.0.0.3_-_Setup.zip moved successfully.
C:\Windows\Installer\61c69.msi moved successfully.

OTL by OldTimer - Version 3.2.29.1 log created on 10152011_160429
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Re: Mysterious virtual harddrive without access - new try

Unread postby Gary R » October 15th, 2011, 10:32 am

How is your computer behaving now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 15th, 2011, 10:54 am

Nothing changed.
Virtual Drive q: is still there.
After reboot of computer -> nothing changed.

Do we have to remove the threats found bei ESET?
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Re: Mysterious virtual harddrive without access - new try

Unread postby Gary R » October 15th, 2011, 5:51 pm

As I said in one of my earlier posts, there are 2 programs on your computer that use virtual technology ....

True Crypt creates a virtual disk ..... http://www.truecrypt.org/

Microsoft Application Virtualization Client ..... http://blogs.technet.com/b/appv/archive ... ation.aspx

.... are you sure that they are not responsible for the creation of your Q drive.

The threats found by e-set are what we have just removed with OTL, the other e-set findings are the encrypted quarantine files that OTL made when we ran it earlier.

So far I have found no indications on your computer of an active infection, however I'd like to run some further scans to see if they give us any clues.

First

Download GMER to your Desktop. (It will have a randomly generated name, for example .... wjkl3ecz.exe)

  • Disconnect from the Internet, and close all running programmes.
  • There is a small chance this programme may crash your computer, so save any work you have open.
  • Double click on the randomly named GMER file (eg .... wjkl3ecz.exe) to launch GMER.
  • Let the gmer.sys driver load if asked.
  • If it gives you a warning at programme start about rootkit activity and asks if you want to run a scan ..... click OK.
  • If no warning:
    • Click Rootkit tab.
    • Ensure that All the boxes to the right of the program are checked except Show All.
    • Click Scan.
  • Do not use your computer while the scan is running.
  • Once scan is finished click Copy.
    • Click Start > Run then type Notepad.exe then click OK.
    • This will open a Notepad file.
    • Hit Ctrl+V to paste log into it.
    • Save the log to your Desktop.
  • Reconnect to internet and post the log please.

Next

Download Unlocker and install it to your computer.

  • Click Start > Computer
  • Right click on drive Q and from the right click menu click on Unlocker.
  • A Window will appear. Note any Processes and Process paths which are displayed.
  • Send me that information please.
  • Do not attempt to use Unlocker to do anything else.
  • Exit out of Unlocker.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 17th, 2011, 5:13 pm

Seeing this log, it seems indeed as a truecrypt drive,
which was created on an external harddrive and then not disconnected properly.
At least it looks as a content list of this backup hardware, which I use from time to time.

Do you agree on this theory?

Any other threat possible?
I find the "Office14"-folders strange.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-17 22:27:45
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM250HI rev.2AC101C4
Running: dewplnh0.exe; Driver: C:\Users\Hartmut\AppData\Local\Temp\afriifow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey + 13CD 8344E9C9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 8346E4E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A1018C9D 28 Bytes CALL E8F37F7B
.text peauth.sys A1018CC1 28 Bytes CALL E8F37F9F

---- User code sections - GMER 1.0.15 ----

.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtClose 77BC54C8 5 Bytes JMP 681BFE52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtCreateFile 77BC55C8 5 Bytes JMP 681BEB4B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtCreateKey 77BC5608 5 Bytes JMP 681BB8A5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtDeleteFile 77BC5808 5 Bytes JMP 681BE968 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtDeleteKey 77BC5818 5 Bytes JMP 681BB1AD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtDeleteValueKey 77BC5848 5 Bytes JMP 681BB470 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtDuplicateObject 77BC5898 5 Bytes JMP 681BFF28 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtEnumerateKey 77BC58E8 5 Bytes JMP 681BB251 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtEnumerateValueKey 77BC5918 5 Bytes JMP 681BB3CA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtFlushKey 77BC5988 5 Bytes JMP 681BB1FF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtNotifyChangeKey 77BC5C68 5 Bytes JMP 681BB51E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtNotifyChangeMultipleKeys 77BC5C78 5 Bytes JMP 681BB5AC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtOpenFile 77BC5CD8 5 Bytes JMP 681BECD6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtOpenKey 77BC5D08 5 Bytes JMP 681BB7B6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtOpenKeyEx 77BC5D18 5 Bytes JMP 681BB829 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryAttributesFile 77BC5F38 5 Bytes JMP 681BE9D3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryDirectoryFile 77BC5F98 5 Bytes JMP 681BD955 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryFullAttributesFile 77BC5FE8 5 Bytes JMP 681BEA43 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryKey 77BC60E8 5 Bytes JMP 681BB2A4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryMultipleValueKey 77BC6108 5 Bytes JMP 681BB4CB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryObject 77BC6128 5 Bytes JMP 681BFF7E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQuerySecurityObject 77BC61A8 5 Bytes JMP 681BFEC2 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtQueryValueKey 77BC6248 5 Bytes JMP 681BB377 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtRenameKey 77BC63C8 5 Bytes JMP 681BB91A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtSetInformationFile 77BC6638 5 Bytes JMP 681BEAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtSetInformationKey 77BC6658 5 Bytes JMP 681BB30A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtSetSecurityObject 77BC6758 5 Bytes JMP 681BFFDB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ntdll.dll!NtSetValueKey 77BC6808 5 Bytes JMP 681BB41D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!CreateProcessW 7671204D 5 Bytes JMP 6819889C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!CreateProcessA 76712082 5 Bytes JMP 681989DA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!CreateProcessAsUserW 767459AF 5 Bytes JMP 68198C10 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!SetDllDirectoryW 7679D773 5 Bytes JMP 681993F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!SetDllDirectoryA 7679D81C 5 Bytes JMP 68199724 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!WinExec 7679EDB2 5 Bytes JMP 68198F93 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!AllocConsole 767BC67D 5 Bytes JMP 681C10E2 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] kernel32.dll!AttachConsole 767BC74B 5 Bytes JMP 681C10F4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] USER32.dll!CreateWindowExA 764DBF40 5 Bytes JMP 681C10B2 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] USER32.dll!CreateWindowExW 764DEC7C 5 Bytes JMP 681C10CA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] GDI32.dll!AddFontResourceW 764AEC13 5 Bytes JMP 681A64B8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] GDI32.dll!AddFontResourceA 764AEFA7 5 Bytes JMP 681A649C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!EnumDependentServicesW 77631E3A 7 Bytes JMP 681A9330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!EnumServicesStatusExW 7763B466 7 Bytes JMP 681AA251 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!GetServiceKeyNameW 776578FF 7 Bytes JMP 681A99D7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!GetServiceDisplayNameW 776579BB 7 Bytes JMP 681A9B88 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!EnumServicesStatusExA 7765A3E2 7 Bytes JMP 681AA317 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!CreateProcessAsUserA 77672538 5 Bytes JMP 68198D52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!GetServiceKeyNameA 77691B94 7 Bytes JMP 681A9A8F C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!GetServiceDisplayNameA 77691C31 7 Bytes JMP 681A9C40 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!EnumServicesStatusA 77692021 7 Bytes JMP 681AA193 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!EnumDependentServicesA 77692104 7 Bytes JMP 681A93E7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ADVAPI32.dll!EnumServicesStatusW 77692221 5 Bytes JMP 681AA0D5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoRegisterPSClsid 762AC56E 5 Bytes JMP 681AFF58 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoResumeClassObjects + 7 762AEA09 7 Bytes JMP 681B0529 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!OleRun 762B07DE 5 Bytes JMP 681B03E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoRegisterClassObject 762B21E1 5 Bytes JMP 681B1059 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!OleUninitialize 762BEBA1 6 Bytes JMP 681B0303 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!OleInitialize 762BEFD7 5 Bytes JMP 681B0293 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoGetPSClsid 762C26B9 5 Bytes JMP 681B00D0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoGetClassObject 762D54AD 5 Bytes JMP 681B15E7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoInitializeEx 762E09AD 5 Bytes JMP 681B0143 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoUninitialize 762E86D3 5 Bytes JMP 681B01C5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoCreateInstance 762E9D0B 5 Bytes JMP 681B28B5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoCreateInstanceEx 762E9D4E 5 Bytes JMP 681B09F0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoSuspendClassObjects + 7 7630BB09 7 Bytes JMP 681B0454 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoRevokeClassObject 7632EACF 5 Bytes JMP 681AF9B5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!CoGetInstanceFromFile 7636340B 5 Bytes JMP 681B1AA7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text Q:\140062.enu\Office14\ONENOTEM.EXE[4960] ole32.dll!OleRegEnumFormatEtc 763ACFD9 5 Bytes JMP 681B036E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtClose 77BC54C8 5 Bytes JMP 681BFE52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtCreateFile 77BC55C8 5 Bytes JMP 681BEB4B C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtCreateKey 77BC5608 5 Bytes JMP 681BB8A5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtDeleteFile 77BC5808 5 Bytes JMP 681BE968 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtDeleteKey 77BC5818 5 Bytes JMP 681BB1AD C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtDeleteValueKey 77BC5848 5 Bytes JMP 681BB470 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtDuplicateObject 77BC5898 5 Bytes JMP 681BFF28 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtEnumerateKey 77BC58E8 5 Bytes JMP 681BB251 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtEnumerateValueKey 77BC5918 5 Bytes JMP 681BB3CA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtFlushKey 77BC5988 5 Bytes JMP 681BB1FF C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtNotifyChangeKey 77BC5C68 5 Bytes JMP 681BB51E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtNotifyChangeMultipleKeys 77BC5C78 5 Bytes JMP 681BB5AC C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtOpenFile 77BC5CD8 5 Bytes JMP 681BECD6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtOpenKey 77BC5D08 5 Bytes JMP 681BB7B6 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtOpenKeyEx 77BC5D18 5 Bytes JMP 681BB829 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryAttributesFile 77BC5F38 5 Bytes JMP 681BE9D3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryDirectoryFile 77BC5F98 5 Bytes JMP 681BD955 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryFullAttributesFile 77BC5FE8 5 Bytes JMP 681BEA43 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryKey 77BC60E8 5 Bytes JMP 681BB2A4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryMultipleValueKey 77BC6108 5 Bytes JMP 681BB4CB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryObject 77BC6128 5 Bytes JMP 681BFF7E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQuerySecurityObject 77BC61A8 5 Bytes JMP 681BFEC2 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtQueryValueKey 77BC6248 5 Bytes JMP 681BB377 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtRenameKey 77BC63C8 5 Bytes JMP 681BB91A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtSetInformationFile 77BC6638 5 Bytes JMP 681BEAB3 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtSetInformationKey 77BC6658 5 Bytes JMP 681BB30A C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtSetSecurityObject 77BC6758 5 Bytes JMP 681BFFDB C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ntdll.dll!NtSetValueKey 77BC6808 5 Bytes JMP 681BB41D C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!CreateProcessW 7671204D 5 Bytes JMP 6819889C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!CreateProcessA 76712082 5 Bytes JMP 681989DA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!CreateProcessAsUserW 767459AF 5 Bytes JMP 68198C10 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!SetDllDirectoryW 7679D773 5 Bytes JMP 681993F1 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!SetDllDirectoryA 7679D81C 5 Bytes JMP 68199724 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!WinExec 7679EDB2 5 Bytes JMP 68198F93 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!AllocConsole 767BC67D 5 Bytes JMP 681C10E2 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] kernel32.dll!AttachConsole 767BC74B 5 Bytes JMP 681C10F4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] USER32.dll!CreateWindowExA 764DBF40 5 Bytes JMP 681C10B2 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] USER32.dll!CreateWindowExW 764DEC7C 5 Bytes JMP 681C10CA C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] GDI32.dll!AddFontResourceW 764AEC13 5 Bytes JMP 681A64B8 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] GDI32.dll!AddFontResourceA 764AEFA7 5 Bytes JMP 681A649C C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!EnumDependentServicesW 77631E3A 7 Bytes JMP 681A9330 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!EnumServicesStatusExW 7763B466 7 Bytes JMP 681AA251 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!GetServiceKeyNameW 776578FF 7 Bytes JMP 681A99D7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!GetServiceDisplayNameW 776579BB 7 Bytes JMP 681A9B88 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!EnumServicesStatusExA 7765A3E2 7 Bytes JMP 681AA317 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!CreateProcessAsUserA 77672538 5 Bytes JMP 68198D52 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!GetServiceKeyNameA 77691B94 7 Bytes JMP 681A9A8F C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!GetServiceDisplayNameA 77691C31 7 Bytes JMP 681A9C40 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!EnumServicesStatusA 77692021 7 Bytes JMP 681AA193 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!EnumDependentServicesA 77692104 7 Bytes JMP 681A93E7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ADVAPI32.dll!EnumServicesStatusW 77692221 5 Bytes JMP 681AA0D5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoRegisterPSClsid 762AC56E 5 Bytes JMP 681AFF58 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoResumeClassObjects + 7 762AEA09 7 Bytes JMP 681B0529 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!OleRun 762B07DE 5 Bytes JMP 681B03E4 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoRegisterClassObject 762B21E1 5 Bytes JMP 681B1059 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!OleUninitialize 762BEBA1 6 Bytes JMP 681B0303 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!OleInitialize 762BEFD7 5 Bytes JMP 681B0293 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoGetPSClsid 762C26B9 5 Bytes JMP 681B00D0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoGetClassObject 762D54AD 5 Bytes JMP 681B15E7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoInitializeEx 762E09AD 5 Bytes JMP 681B0143 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoUninitialize 762E86D3 5 Bytes JMP 681B01C5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoCreateInstance 762E9D0B 5 Bytes JMP 681B28B5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoCreateInstanceEx 762E9D4E 5 Bytes JMP 681B09F0 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoSuspendClassObjects + 7 7630BB09 7 Bytes JMP 681B0454 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoRevokeClassObject 7632EACF 5 Bytes JMP 681AF9B5 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!CoGetInstanceFromFile 7636340B 5 Bytes JMP 681B1AA7 C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)
.text C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe[5604] ole32.dll!OleRegEnumFormatEtc 763ACFD9 5 Bytes JMP 681B036E C:\windows\system32\sftldr.dll (Microsoft Application Virtualization SoftLoader/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
IAT C:\Program Files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe[1936] @ C:\windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75C0FFF6] C:\windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\00000054 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library Q:\140062.enu\Office14\ONENOTEM.EXE (*** hidden *** ) @ Q:\140062.enu\Office14\ONENOTEM.EXE [4960] 0x2D250000
Library Q:\140062.enu\Office14\1033\ONINTL.DLL (*** hidden *** ) @ Q:\140062.enu\Office14\ONENOTEM.EXE [4960] 0x66ED0000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cda6c4a
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556e975c9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bb6c8f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bb6c8f@0023d7d41eca 0x3E 0x76 0xC9 0xBD ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cda6c4a (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556e975c9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bb6c8f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bb6c8f@0023d7d41eca 0x3E 0x76 0xC9 0xBD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File Q:\$RECYCLE.BIN 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-20 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-20\desktop.ini 129 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-2694853571-1494760454-3953676919-1001 0 bytes
File Q:\$RECYCLE.BIN\S-1-5-21-2694853571-1494760454-3953676919-1001\desktop.ini 129 bytes
File

(...)
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am

Re: Mysterious virtual harddrive without access - new try

Unread postby Schubi » October 17th, 2011, 5:16 pm

File Q:\idee.txt 70 bytes
File Q:\Iris.txt 528 bytes
File Q:\Mailbox_Vitronic 0 bytes
File Q:\Musik 0 bytes
File Q:\Musik\Manfred Mann's Earth Band 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\01 - Don't Kill It Carol - Manfred Mann's Earth Band - Angel Station.mp3 6705133 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\02 - You Angel You - Manfred Mann's Earth Band - Angel Station.mp3 4134052 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\03 - Hollywood Town - Manfred Mann's Earth Band - Angel Station.mp3 5190829 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\04 - 'Belle' of the Earth - Manfred Mann's Earth Band - Angel Station.mp3 2761343 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\05 - Platform End - Manfred Mann's Earth Band - Angel Station.mp3 1542179 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\06 - Angels at My Gate - Manfred Mann's Earth Band - Angel Station.mp3 5144032 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\07 - You Are - I Am - Manfred Mann's Earth Band - Angel Station.mp3 5260637 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\08 - Waiting for the Rain - Manfred Mann's Earth Band - Angel Station.mp3 6450813 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\09 - Resurrection - Manfred Mann's Earth Band - Angel Station.mp3 2737503 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\10 - Don't kill it Carol (Single Version) - Manfred Mann - Angel Station.mp3 4392347 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\11 - You Angel You (Single Version) - Manfred Mann - Angel Station.mp3 3937672 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\AlbumArtSmall.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Angel Station\Folder.jpg 1305 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\01 - Spirits in the night - Manfred Mann's Earth Band - Budapest Live.mp3 4958698 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\02 - Demolition man - Manfred Mann's Earth Band - Budapest Live.mp3 6306855 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\03 - For you - Manfred Mann's Earth Band - Budapest Live.mp3 4498543 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\04 - Davy's on the road again - Manfred Mann's Earth Band - Budapest Live.mp3 7005806 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\05 - Lies (through the 80's) - Manfred Mann's Earth Band - Budapest Live.mp3 4962576 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\06 - Blinded by the light - Manfred Mann's Earth Band - Budapest Live.mp3 8248150 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\07 - Redemption song (No kwazulu) - Manfred Mann's Earth Band - Budapest Live.mp3 3538322 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\08 - Mighty Quinn - Manfred Mann's Earth Band - Budapest Live.mp3 4365142 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\09 - Runner - Manfred Mann's Earth Band - Budapest Live.mp3 5553883 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\10 - Don´t kill it Carol - Manfred Mann's Earth Band - Budapest Live.mp3 5729801 bytes
File Q:\Musik\Manfred Mann's Earth Band\Budapest Live\11 - No Transkei - Manfred Mann's Earth Band - Budapest Live.mp3 5546428 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\01 - Lies (Through the 80's) - Manfred Mann - Chance.mp3 5119139 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\02 - On the Run - Manfred Mann - Chance.mp3 3936257 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\03 - For You - Manfred Mann - Chance.mp3 5954856 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\04 - Adolescent Dream - Manfred Mann - Chance.mp3 2813962 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\05 - Fritz the Blank - Manfred Mann - Chance.mp3 2918154 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\06 - Stranded - Manfred Mann - Chance.mp3 6024235 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\07 - Hello, I Am Your Heart - Manfred Mann - Chance.mp3 5526357 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\08 - No Guarantee - Manfred Mann - Chance.mp3 4224770 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\09 - Heart on the Street - Manfred Mann - Chance.mp3 4927544 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\10 - A Fool I Am (Single B Side) - Manfred Mann - Chance.mp3 4706546 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\11 - Adolescent Dream (Single Version) - Manfred Mann - Chance.mp3 2574143 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\12 - Lies(Through the 80's)(Single Version) - Manfred Mann - Chance.mp3 4716296 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\13 - For You (Single Version) - Manfred Mann - Chance.mp3 4155594 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\AlbumArtSmall.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\AlbumArt_{834C8C98-F7DA-4C7C-9CF3-6DD5A1D42817}_Large.jpg 1305 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\AlbumArt_{834C8C98-F7DA-4C7C-9CF3-6DD5A1D42817}_Small.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\desktop.ini 292 bytes
File Q:\Musik\Manfred Mann's Earth Band\Chance\Folder.jpg 1305 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\01 - Going Underground - Manfred Mann's Earth Band - Criminal Tango.mp3 5509816 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\02 - Who Are the Mystery Kids- - Manfred Mann's Earth Band - Criminal Tango.mp3 3913161 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\03 - Banquet - Manfred Mann's Earth Band - Criminal Tango.mp3 5609336 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\04 - Killer On The Loose - Manfred Mann's Earth Band - Criminal Tango.mp3 3944710 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\05 - Do Anything You Wanna Do - Manfred Mann's Earth Band - Criminal Tango.mp3 4391248 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\06 - Rescue - Manfred Mann's Earth Band - Criminal Tango.mp3 3079247 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\07 - You Got Me Right Through The Heart - Manfred Mann's Earth Band - Criminal Tango.mp3 4199964 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\08 - Bulldog - Manfred Mann's Earth Band - Criminal Tango.mp3 4678373 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\09 - Crossfire - Manfred Mann's Earth Band - Criminal Tango.mp3 3666117 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\10 - Runner 12' - Manfred Mann's Earth Band - Criminal Tango.mp3 4777925 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\11 - Rebel U.S. single version - Manfred Mann's Earth Band - Criminal Tango.mp3 4630174 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\12 - Do Anything You Wanna Do 12' - Manfred Mann's Earth Band - Criminal Tango.mp3 6931133 bytes
File Q:\Musik\Manfred Mann's Earth Band\Criminal Tango\13 - Going Underground (Alternate single version) - Manfred Mann's Earth Band - Criminal Tango.mp3 3198999 bytes
File Q:\Musik\Manfred Mann's Earth Band\desktop.ini 358 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\07 - Ashes to the Wind - Manfred Mann - Glorified Magnified.mp3 2471222 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\01 - Meat - Manfred Mann - Glorified Magnified.mp3 4824981 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\02 - Look Around - Manfred Mann - Glorified Magnified.mp3 5971815 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\03 - One Way Glass - Manfred Mann - Glorified Magnified.mp3 4633005 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\04 - I'm Gonna Have You All - Manfred Mann - Glorified Magnified.mp3 5959240 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\05 - Down Home - Manfred Mann - Glorified Magnified.mp3 3761602 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\06 - Our Friend George - Manfred Mann - Glorified Magnified.mp3 3313208 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\08 - Wind - Manfred Mann - Glorified Magnified.mp3 2247100 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\09 - It's All over Now, Baby Blue - Manfred Mann - Glorified Magnified.mp3 5100913 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\10 - Glorified Magnified - Manfred Mann - Glorified Magnified.mp3 5390802 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\11 - Meat (Single Version) - Manfred Mann - Glorified Magnified.mp3 3396197 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\12 - It's All over Now, Baby Blue (Single Version) - Manfred Mann - Glorified Magnified.mp3 3664441 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\AlbumArtSmall.jpg 5232 bytes
File Q:\Musik\Manfred Mann's Earth Band\Glorified Magnified\Folder.jpg 18639 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\06 - Please, Mrs. Henry - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 4716899 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\01 - California Coastline - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 3097203 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\02 - Captain Bobby Stout - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 7581129 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\03 - Sloth - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 1369902 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\04 - Living With You - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 4024157 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\05 - Tribute - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 5776456 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\07 - Jump Sturdy - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 5125164 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\08 - Prayer - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 6043335 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\09 - Part Time Man - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 3262161 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\10 - Up and Leaving - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 3251275 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\11 - Living Without You (Single Version) - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 2981901 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\12 - California Coastline (Single Version) - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 2247379 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\13 - Plaese, Mrs.Henry (Single Version, mono) - Manfred Mann's Earth Band - Manfred Mann's Earth Band.mp3 2038109 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\AlbumArtSmall.jpg 9233 bytes
File Q:\Musik\Manfred Mann's Earth Band\Manfred Mann's Earth Band\Folder.jpg 32030 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\06 - It´s a fine line - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 1582927 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\01 - Martha´s Madman - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 11143605 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\02 - Times they are changing - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 7171173 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\03 - You Angel You - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 4466054 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\04 - Father of Day, Father of Night - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 11354411 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\05 - For you - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 3927738 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\07 - Demolition Man - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 8094623 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\08 - Nothing ever happens - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 5123571 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\09 - She was - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 3936728 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\10 - Blinded by the light - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 9936774 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\11 - Davy´s on the road again - Manfred Mann´s Earth Band - Mann Alive (1 of 2) The Gig.mp3 6943734 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\AlbumArtSmall.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (1 of 2) The Gig\Folder.jpg 1305 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\01 - I´ll give you - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 2512887 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\02 - Shelter from the storm - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 7145258 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\03 - Redemptation Song - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 3720153 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\04 - The mighty Quinn - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 7572094 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\05 - DemolationMan -Short version - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 3295165 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\06 - Blinded by the light - short version - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 5424668 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\07 - Redemptation song - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 3942697 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\08 - Instrumedicine Song - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 3670561 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\09 - Sikelele 1 - Manfred Mann´s Earth Band - Mann Alive (2 of 2) Encore & More.mp3 3560169 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\AlbumArtSmall.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Mann Alive (2 of 2) Encore & More\Folder.jpg 1305 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\07 - Neptune - Manfred Mann's Earth Band - Masque.mp3 1182999 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\01 - Joybringer (From Jupiter) - Manfred Mann's Earth Band - Masque.mp3 2748666 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\02 - Sister Billies Bounce - Manfred Mann's Earth Band - Masque.mp3 2463804 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\03 - What You Give is What You Get - Manfred Mann's Earth Band - Masque.mp3 2712747 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\04 - Telegram to Monica - Manfred Mann's Earth Band - Masque.mp3 6320919 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\05 - Billies Onro Bounce - Manfred Mann's Earth Band - Masque.mp3 3489729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\06 - A Couple of Mates - Manfred Mann's Earth Band - Masque.mp3 3649151 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\08 - Rivers Run Dry - Manfred Mann's Earth Band - Masque.mp3 3306438 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\09 - Hymn (from Jupiter) - Manfred Mann's Earth Band - Masque.mp3 4430601 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\10 - We're Going Wrong - Manfred Mann's Earth Band - Masque.mp3 4441933 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\11 - Planets Schmanets - Manfred Mann's Earth Band - Masque.mp3 2960476 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\12 - Gernonimo's Cadillac - Manfred Mann's Earth Band - Masque.mp3 5255950 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\13 - Telegram to Monica (Alternate Version) - Manfred Mann's Earth Band - Masque.mp3 3575212 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\14 - Joybringer (Extended Version) - Manfred Mann's Earth Band - Masque.mp3 3576413 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\15 - Geronimo's Cadillac (7' Single Version) - Manfred Mann's Earth Band - Masque.mp3 3452404 bytes
File Q:\Musik\Manfred Mann's Earth Band\Masque\16 - Geronimo's Cadillac (12' Single Version) - Manfred Mann's Earth Band - Masque.mp3 6473029 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin' 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\01 - Messin' - Manfred Mann's Earth Band - Messin'.mp3 11085724 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\02 - Buddah - Manfred Mann's Earth Band - Messin'.mp3 7779063 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\03 - Cloudy Eyes - Manfred Mann's Earth Band - Messin'.mp3 5525526 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\04 - Get Your Rocks Off - Manfred Mann's Earth Band - Messin'.mp3 3061304 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\05 - Sadjoy - Manfred Mann's Earth Band - Messin'.mp3 5107230 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\06 - Black and Blue - Manfred Mann's Earth Band - Messin'.mp3 6834838 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\07 - Mardi Gras Day - Manfred Mann's Earth Band - Messin'.mp3 3227825 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\08 - Pretty Good - Manfred Mann's Earth Band - Messin'.mp3 4497947 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\09 - Cloudy Eyes (Single Esit) - Manfred Mann's Earth Band - Messin'.mp3 3798389 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\AlbumArtSmall.jpg 9335 bytes
File Q:\Musik\Manfred Mann's Earth Band\Messin'\Folder.jpg 31650 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers 0 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\07 - Fat Nelly - Manfred Mann - Nightingales & Bombers.mp3 3731542 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\01 - Spirit in the Night - Manfred Mann - Nightingales & Bombers.mp3 7016924 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\02 - Countdown - Manfred Mann - Nightingales & Bombers.mp3 3390342 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\03 - Time Is Right - Manfred Mann - Nightingales & Bombers.mp3 7198788 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\04 - Crossfade - Manfred Mann - Nightingales & Bombers.mp3 4010784 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\05 - Visionary Mountains - Manfred Mann - Nightingales & Bombers.mp3 6240106 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\06 - Nightingales and Bombers - Manfred Mann - Nightingales & Bombers.mp3 5410725 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\08 - As Above, So Below (Live) - Manfred Mann - Nightingales & Bombers.mp3 4766835 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\09 - Quit Your Low Down Ways - Manfred Mann - Nightingales & Bombers.mp3 3730152 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\10 - Spirits In The Night (Single Version) - Manfred Mann - Nightingales & Bombers.mp3 3443455 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\AlbumArtSmall.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\AlbumArt_{1EDE3647-7666-4339-9E9D-1267E2617E4E}_Large.jpg 1305 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\AlbumArt_{1EDE3647-7666-4339-9E9D-1267E2617E4E}_Small.jpg 729 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\desktop.ini 314 bytes
File Q:\Musik\Manfred Mann's Earth Band\Nightingales & Bombers\Folder.jpg
Schubi
Regular Member
 
Posts: 21
Joined: October 8th, 2011, 11:59 am
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 124 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware