| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detectedWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.12.2010, 16:03
| #1 |
 |  HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo alle Zusammen, seit gestern abend gibt es Probleme mit dem Laptop meines Mannes, denn es öffnen sich immer wieder irgendwechen Fehlermeldungen udn unter anderem öffnet sich immer wieder das Programm HDD Low! Ich hab mal im Internet nachgelesen und dies ist wohl eine Art Trojaner. Es kommen Fehlermeldungen wie: Critical Error: RAM Memory usage is critially high und noch viele andere Meldungen, die immer wieder kurz auftauchen und dann durch andere ersetzt werden. Es ist nun so das der Hintergrund des Laptops nur noch schwarz ist und ich alle Programme nur noch öffnen kann wenn ich einen Rechtsklick drauf mache und dann "als Administrator ausführen" anklicke. Will ich etwas mit einem normalen Doppelklick öffnen, erscheinen auch wieder sehr viel Fehlermeldungen. Ich habe dann das Programm Spybot Search and Destroy über den PC laufen lassen und der hat auch etwas gefunden : da stand was mit Malware habe es dann entfernt aber genutzt hat es nix, denn das Programm war immer noch da. nun habe ich mich ein wenig im Internet schlau gemacht und bin dann auf diese Seite hier gestossen und habe mir mit folgendem Beitrag versucht zu helfen:http://www.trojaner-board.de/92435-h...entfernen.html Ich habe alles gemacht was auf dieser Seite stand und nun hab eich das Problem das,dass ich das Programm immer noch nicht entfernen konnte. Nun habe ich mir das Programm OTL.exe heruntergeladen und habe nun diese 2 Logfiles, die ich hier miteinfügen werde. Ich hoffe irgendjemand kann damit etwas anfangen und mir auch helfen! ich bin leider ein Neuling was solche Dinge angeht und hoffe, dass ich, mit dem was ich geschrieben habe euch so viele Info habe zukommen lassen,das ihr mir helfen könnt!OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.12.2010 15:55:39 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,24 Gb Total Space | 212,04 Gb Free Space | 74,34% Space Free | Partition Type: NTFS
Computer Name: *** | User Name:*** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Users\***\AppData\Local\Temp\67174.exe (mdisk Corp)
PRC - C:\Users\***\AppData\Local\Temp\aHvFmtjxlhgIe.exe (msql software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
PRC - C:\Programme\sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Heensche\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\GdiPlus.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (ACDaemon) -- File not found
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (SOHPlMgr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Programme\Realtek\Audio\HDA\RtkAudioService.exe (Realtek Semiconductor)
SRV - (NSUService) -- C:\Program Files\sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (mdmxsdk) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (igfx) -- C:\Windows\System32\DRIVERS\igdkmd32.sys File not found
DRV - (HSXHWAZL) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys File not found
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (shpf) -- C:\Windows\system32\DRIVERS\shpf.sys (Sony Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {106D28F9-CCB7-4210-B907-EC3A4C5767AF}:1.9.1
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 19:56:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 19:56:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.11 15:04:09 | 000,000,000 | ---D | M]
[2010.12.04 16:52:34 | 000,000,000 | ---D | M] -- C:\Users\Heensche\AppData\Roaming\mozilla\Extensions
[2010.12.04 16:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heensche\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.26 22:47:15 | 000,000,000 | ---D | M] -- C:\Users\Heensche\AppData\Roaming\mozilla\Firefox\Profiles\7nmdqxx8.default\extensions
[2010.12.13 09:21:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Heensche\AppData\Roaming\mozilla\Firefox\Profiles\7nmdqxx8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.12.13 21:27:50 | 000,000,000 | ---D | M] -- C:\Users\Heensche\AppData\Roaming\mozilla\Firefox\Profiles\7nmdqxx8.default\extensions\personas@christopher.beard
[2009.12.23 23:54:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.11.12 14:17:32 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.09.23 20:07:19 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.23 20:07:19 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.23 20:07:19 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.23 20:07:19 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.23 20:07:19 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.09.18 12:37:03 | 000,419,646 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14483 more lines...
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20101207222827.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [67174] C:\Users\Heensche\AppData\Local\Temp\67174.exe (mdisk Corp)
O4 - HKCU..\Run: [aHvFmtjxlhgIe.exe] C:\Users\Heensche\AppData\Local\Temp\aHvFmtjxlhgIe.exe (msql software)
O4 - HKCU..\Run: [PowerSuite] C:\Program Files\Uniblue\PowerSuite\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img2 Wallpaper 1280x800.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO 08 img2 Wallpaper 1280x800.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.12.27 10:21:54 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Heensche\Desktop\mbam-setup.exe
[2010.12.26 23:34:08 | 000,000,000 | ---D | C] -- C:\Users\Heensche\AppData\Roaming\Malwarebytes
[2010.12.26 23:33:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.26 23:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.26 23:33:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.26 23:33:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.26 22:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.12.26 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.12.26 22:32:16 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.26 22:32:16 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.26 22:31:24 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.12.16 20:27:49 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 20:27:44 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 20:27:44 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 20:27:44 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 20:27:41 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 20:27:39 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 20:27:39 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 20:27:39 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 20:27:34 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 20:27:33 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 20:27:31 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 20:27:30 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.16 20:27:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 20:27:30 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.16 20:27:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.08 20:30:56 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.12.04 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\Heensche\AppData\Roaming\Thunderbird
[2010.12.04 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\Heensche\AppData\Local\Thunderbird
[2010.12.04 16:51:28 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird
[2010.12.02 17:41:05 | 000,046,592 | ---- | C] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
========== Files - Modified Within 30 Days ==========
[2010.12.27 15:35:09 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2010.12.27 15:34:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 15:34:53 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.27 15:34:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.27 15:34:43 | 3186,663,424 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.27 11:06:14 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.12.27 10:32:25 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Heensche\Desktop\mbam-setup.exe
[2010.12.27 10:03:57 | 000,000,749 | ---- | M] () -- C:\Users\Heensche\Desktop\HDD Low.lnk
[2010.12.26 23:33:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.26 22:32:12 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.26 22:32:11 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2011.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.17 16:18:51 | 000,339,224 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 14:05:20 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.12.14 14:00:56 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2010.12.14 14:00:50 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.12.08 20:31:18 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.12.04 16:51:35 | 000,001,790 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.12.02 17:41:06 | 000,046,592 | ---- | M] (REDC) -- C:\Windows\System32\drivers\risdptsk.sys
[2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010.11.29 09:45:32 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.29 09:45:32 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.29 09:45:32 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.29 09:45:32 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2010.12.27 10:03:57 | 000,000,749 | ---- | C] () -- C:\Users\Heensche\Desktop\HDD Low.lnk
[2010.12.26 23:33:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.08 20:31:18 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.12.04 16:51:35 | 000,001,790 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.09.24 05:55:25 | 000,000,120 | ---- | C] () -- C:\Users\Heensche\AppData\Local\Nkajaripecilu.dat
[2010.09.24 05:55:25 | 000,000,000 | ---- | C] () -- C:\Users\Heensche\AppData\Local\Qvimesicogotobu.bin
[2010.09.03 18:39:37 | 000,000,680 | ---- | C] () -- C:\Users\Heensche\AppData\Local\d3d9caps.dat
[2009.12.23 23:29:05 | 000,006,836 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.11.29 17:51:14 | 000,029,696 | ---- | C] () -- C:\Users\Heensche\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.18 16:20:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.11.13 16:34:49 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009.03.23 18:53:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2009.03.23 18:52:39 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.03.23 18:52:24 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.03.23 18:52:23 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >
OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.12.2010 15:55:39 - Run 2
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\***\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285,24 Gb Total Space | 212,04 Gb Free Space | 74,34% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{18D71705-82D5-4277-BBA7-936E57169E18}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{204F0895-F492-430E-B6F6-F28457F8EA80}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{598515FF-0EEB-49DC-80A3-21D100CA530C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CFB033F-BD40-4E2C-8EE6-5BEE26A0FDCC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{6D722517-54FA-46C5-BCDF-11AAEEF8EF53}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{A72A0BC4-8F84-4CCF-9522-4D4FD47B6094}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C870F4D4-A813-4285-901B-849E9075DC3D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D507CDD7-3213-48B7-908E-048FDADB988F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{96F1C88A-8EF3-41AD-BF95-EE507C2174C1}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{B366C7DF-14F2-455C-A08E-7B80357750DD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{C4040914-3564-4BD9-AEB2-45F181DBE34B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{1E6DE12C-B927-4C19-B492-908F4023AEF8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{46DDB7A9-9063-480E-91B9-4B406FA5E9C1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{984C1622-C437-45C8-84AE-ED0488724FCE}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0534F8BF-EBFD-004B-5DED-1010CBF353B8}" = CCC Help Dutch
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0A1B60E0-F250-BD91-79C9-C29B9C05A5AA}" = Catalyst Control Center InstallProxy
"{13C5C85D-3CD9-DF9C-77A9-8173781CD170}" = CCC Help Spanish
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{16BAB4DD-34F6-EBC5-F40B-72146464CDE0}" = Catalyst Control Center Core Implementation
"{190CD8ED-D83B-EB89-9BE9-8CC04569A4CB}" = CCC Help Thai
"{19B683DF-B562-4C0B-8AAA-2A92409D190A}" = Sony Home Network Library
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{26C05EE9-C5C7-F22C-A298-B97926F36E3E}" = CCC Help Turkish
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{2B5DDB2D-053E-F1C8-3234-DAE9FCF4B318}" = CCC Help Finnish
"{2EF15529-A351-FDFA-C393-491483B04784}" = CCC Help Italian
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{36BDB1C2-CC66-41EB-B7DD-76339A7BB046}" = VAIO Edit Components
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{43112A37-7CDD-745A-6EB4-9A9BA982DB2A}" = CCC Help English
"{4DCB123A-6DD2-8436-2FBA-0244ADF65F42}" = CCC Help Russian
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi-Software
"{52D93C83-FDEA-D1B2-5185-D1271DC15C6C}" = Catalyst Control Center Localization All
"{52E51086-747D-AEB9-B440-14B84CC247E0}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54CC8FFD-0F64-07B4-EFC1-40C0449F4B85}" = ccc-utility
"{568D1DC1-4038-BF79-E58D-81311FD41F91}" = CCC Help Greek
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77217D44-363B-9BF6-04F8-FE432D9AFE35}" = CCC Help Czech
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{88E1A4BD-995D-EB00-26E5-9BEFA9E213A6}" = CCC Help Polish
"{8A120CC0-95C6-DEEF-F60B-8B0866660920}" = CCC Help Hungarian
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90124382-85E3-DE67-F0F7-4C37B7040BF4}" = CCC Help Chinese Standard
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{914B46A6-7C4B-3AA2-DFF7-E39EB5F7141E}" = Skins
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{948FD689-B34E-5A26-F926-111A1A74A43D}" = CCC Help Japanese
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{99A9CE2D-DFB1-3277-D1C7-5C34C21179EF}" = ccc-core-static
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A44DC8C-13C7-6ADE-3516-C1FEDC0267F8}" = CCC Help Swedish
"{9A4FBD51-811D-33E9-116B-D26C662B588C}" = CCC Help Norwegian
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{A17E786D-ACC6-8D11-8B25-D83AB85B6534}" = CCC Help German
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{B12F3362-A328-9499-949A-A95C6EF21CB6}" = Catalyst Control Center Graphics Previews Vista
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C144CB60-EE5D-B625-C672-176AC5B488D2}" = ATI Catalyst Install Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4567E61-7997-5F6A-0A4B-F667328D3ED3}" = Catalyst Control Center Graphics Previews Common
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CD77F1C7-9A53-0883-F660-2FE859B47BAA}" = Catalyst Control Center Graphics Full Existing
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E3E86D88-6370-73DA-29F9-D09D43337688}" = CCC Help Korean
"{E412146D-4D11-3363-804E-096D51988B69}" = CCC Help Portuguese
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E9F6CD2A-CF41-6442-CB8A-34665511BFC8}" = CCC Help Chinese Traditional
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EBF8380D-8B72-6938-923A-5891703BCB4E}" = CCC Help Danish
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED0CFA85-9E9F-67B4-89C4-A07C42D51FB3}" = Catalyst Control Center Graphics Full New
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFE8A83-8D7E-21AF-F1C6-D617DC6D5455}" = CCC Help French
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dt icon module" =
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSC" = McAfee Internet Security Suite
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"VAIO Help and Support" =
"WinLiveSuite_Wave3" = Windows Live Essentials
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Das wäre ganz toll!!! |
|
27.12.2010, 16:26
| #2 |
| /// Malware-holic   | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected bitte nicht vergessen im folgendem script *** durch deinen usernamen zu ersetzen
__________________• Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Users\***\AppData\Local\Temp\67174.exe (mdisk Corp) PRC - C:\Users\***\AppData\Local\Temp\aHvFmtjxlhgIe.exe (msql software) O4 - HKCU..\Run: [67174] C:\Users\Heensche\AppData\Local\Temp\67174.exe (mdisk Corp) O4 - HKCU..\Run: [aHvFmtjxlhgIe.exe] C:\Users\Heensche\AppData\Local\Temp\aHvFmtjxlhgIe.exe (msql software) [2010.12.27 10:03:57 | 000,000,749 | ---- | M] () -- C:\Users\Heensche\Desktop\HDD Low.lnk :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
27.12.2010, 16:37
| #3 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo markusg
__________________hier der gewünschte Text ich hoffe du kannst etwas damit anfangen :-) All processes killed ========== OTL ========== No active process named 67174.exe was found! No active process named aHvFmtjxlhgIe.exe was found! Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\67174 deleted successfully. C:\Users\Heensche\AppData\Local\Temp\67174.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\aHvFmtjxlhgIe.exe deleted successfully. C:\Users\Heensche\AppData\Local\Temp\aHvFmtjxlhgIe.exe moved successfully. C:\Users\Heensche\Desktop\HDD Low.lnk moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Heensche ->Flash cache emptied: 5131 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Heensche ->Temp folder emptied: 9713410 bytes ->Temporary Internet Files folder emptied: 4598935 bytes ->Java cache emptied: 51123296 bytes ->FireFox cache emptied: 55736397 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 25747 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes RecycleBin emptied: 513760 bytes Total Files Cleaned = 116,00 mb OTL by OldTimer - Version 3.2.18.0 log created on 12272010_163323 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
27.12.2010, 17:29
| #4 |
| /// Malware-holic | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected ok hast du schon moved files hochgeladen, vorhin hatte ichs noch nicht gesehen. kannst du jetzt wieder auf alles zugreifen?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2010, 17:39
| #5 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo, ich kann tatsächlich wieder auf alles zugreifen!! WOW vielen Dank!!!! Nein habe so etwas noch nie hochgeladen? Muss ich das jetzt noch machen oder ist der Trojaner jetzt runter vom Laptop? |
|
27.12.2010, 17:40
| #6 |
| /// Malware-holic | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected nein du sollst das erst mal hochladen. wie das geht steht unter der anleitung für das otl script. wenn das erledigt ist haben wir noch zu tun.
__________________ --> HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected |
|
27.12.2010, 17:43
| #7 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Oh ok !!! Dann werde ich das gleich tun!!! |
|
27.12.2010, 17:57
| #8 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected So ich habe die Datei im Opload Channel hochgeladen! |
|
27.12.2010, 18:00
| #9 |
| /// Malware-holic | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected wenn du jetzt bitte mal malwarebytes öffnen würdest, und dann auf logdateien klickst. ich hätte gern das oder die scanlog(s) die du erstellt hast.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2010, 18:10
| #10 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Ich habe drei Logdateien und die schicke ich dir jetzt alle drei mal! Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5400 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.12.2010 08:42:08 mbam-log-2010-12-27 (08-42-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 259406 Laufzeit: 1 Stunde(n), 29 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 4 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\29905220 (Trojan.FakeAlert) -> Value: 29905220 -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\Heensche\AppData\Roaming\apiqfw.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Heensche\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Heensche\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. c:\Users\Heensche\AppData\Local\Temp\29905220.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5400 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.12.2010 10:00:14 mbam-log-2010-12-27 (10-00-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Durchsuchte Objekte: 259445 Laufzeit: 1 Stunde(n), 8 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 5363 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 27.12.2010 10:41:20 mbam-log-2010-12-27 (10-41-20).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 140280 Laufzeit: 4 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
27.12.2010, 18:14
| #11 |
| /// Malware-holic | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected ok danke. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2010, 18:38
| #12 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Das ist gar nicht so einfach, kann noch ein wenig dauern! Aber ich bemühe mich nach Kräften! |
|
27.12.2010, 18:51
| #13 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Combofix Logfile: Code:
ATTFilter ComboFix 10-12-26.01 - Heensche 27.12.2010 18:39:31.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3038.1829 [GMT 1:00]
ausgeführt von:: c:\users\Heensche\Desktop\ComboFix.exe
AV: McAfee VirusScan *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Personal Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee VirusScan *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Heensche\AppData\Local\{106D28F9-CCB7-4210-B907-EC3A4C5767AF}
c:\users\Heensche\AppData\Local\{106D28F9-CCB7-4210-B907-EC3A4C5767AF}\chrome.manifest
c:\users\Heensche\AppData\Local\{106D28F9-CCB7-4210-B907-EC3A4C5767AF}\chrome\content\_cfg.js
c:\users\Heensche\AppData\Local\{106D28F9-CCB7-4210-B907-EC3A4C5767AF}\chrome\content\overlay.xul
c:\users\Heensche\AppData\Local\{106D28F9-CCB7-4210-B907-EC3A4C5767AF}\install.rdf
c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-27 bis 2010-12-27 ))))))))))))))))))))))))))))))
.
2010-12-27 17:45 . 2010-12-27 17:46 -------- d-----w- c:\users\Heensche\AppData\Local\temp
2010-12-27 17:45 . 2010-12-27 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-27 16:43 . 2010-12-27 16:43 -------- d-----w- c:\windows\LastGood
2010-12-27 16:43 . 2010-12-27 16:43 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-12-27 16:43 . 2010-12-27 16:43 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-12-27 15:33 . 2010-12-27 16:54 -------- d-----w- C:\_OTL
2010-12-26 22:34 . 2010-12-26 22:34 -------- d-----w- c:\users\Heensche\AppData\Roaming\Malwarebytes
2010-12-26 22:33 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-26 22:33 . 2010-12-26 22:33 -------- d-----w- c:\programdata\Malwarebytes
2010-12-26 22:33 . 2010-12-27 09:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-26 22:33 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-26 21:46 . 2010-12-26 21:46 -------- d-----w- c:\programdata\PC Tools
2010-12-26 21:32 . 2010-12-14 13:00 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-12-26 21:32 . 2010-12-14 13:00 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-08 19:31 . 2010-12-08 19:31 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2010-12-04 15:52 . 2010-12-10 11:45 -------- d-----w- c:\users\Heensche\AppData\Local\Thunderbird
2010-12-04 15:52 . 2010-12-04 15:52 -------- d-----w- c:\users\Heensche\AppData\Roaming\Thunderbird
2010-12-04 15:51 . 2010-12-11 14:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-12-02 16:41 . 2010-12-02 16:41 46592 ----a-w- c:\windows\system32\drivers\risdptsk.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-14 13:05 . 2010-11-06 10:15 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2010-11-21 10:42 . 2010-11-21 10:42 68608 ----a-w- c:\windows\system32\drivers\rimsptsk.sys
2010-11-12 13:17 . 2010-07-16 20:50 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-12 13:17 . 2010-07-16 20:50 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-11-12 13:17 . 2010-07-16 20:50 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-12 13:17 . 2010-07-16 20:50 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-11-12 13:17 . 2010-07-16 20:50 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-12 13:17 . 2010-07-16 20:50 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-12 13:17 . 2010-07-16 20:50 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-11-12 13:17 . 2010-07-16 20:50 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-12 13:17 . 2010-07-16 20:50 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-11-12 13:17 . 2010-07-16 20:50 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-06 09:17 . 2009-03-23 10:01 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-11-12 13:17 . 2010-07-16 20:50 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-11-13 67448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-01 1180976]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 11:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Users^Heensche^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^monmvr32.exe]
path=c:\users\Heensche\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monmvr32.exe
backup=c:\windows\pss\monmvr32.exe.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-12-21 22:30 274432 ----a-w- c:\program files\sony\Network Utility\LANUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-10 02:43 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSwitch]
2009-02-04 16:01 538472 ----a-w- c:\program files\sony\VAIO Mode Switch\VMSwitch.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Ayehecahexofipu"=rundll32.exe "c:\users\Heensche\AppData\Local\dsDPLapl.dll",Startup
"Hwuyasuxomodo"=rundll32.exe "c:\users\Heensche\AppData\Local\uzobezudana.dll",Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe"
"MarketingTools"=c:\program files\Sony\Marketing Tools\MarketingTools.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
R2 McMPFSvc;McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2009-12-14 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-11-12 188136]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-02-09 29736]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-12 55840]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-12 313288]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-12 84264]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2009-08-28 17408]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-02-05 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-02-05 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-02-05 390440]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-02-05 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-02-05 91432]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-19 394536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2009-01-16 83240]
S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [2008-08-26 23712]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-11-12 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-11-12 164840]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2009-12-14 271480]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-11-12 141792]
S2 NSUService;NSUService;c:\program files\sony\Network Utility\NSUService.exe [2008-12-21 303104]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService.exe [2009-01-06 109088]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-12-19 415592]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-01-14 5184872]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-08-28 3664384]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-11-19 9344]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-10-07 10064]
--- Andere Dienste/Treiber im Speicher ---
*Deregistered* - mfeavfk01
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
uInternet Settings,ProxyOverride = *.local
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Heensche\AppData\Roaming\Mozilla\Firefox\Profiles\7nmdqxx8.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
MSConfigStartUp-RtHDVCpl - c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
MSConfigStartUp-Spyware Doctor - c:\users\Heensche\Desktop\sdsetup.exe
MSConfigStartUp-{FCA2D4C8-766A-CF6A-82C3-415C58E4D817} - c:\users\Heensche\AppData\Roaming\Pahexe\amit.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-12-27 18:46
Windows 6.0.6002 Service Pack 2 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000042
.
Zeit der Fertigstellung: 2010-12-27 18:48:43
ComboFix-quarantined-files.txt 2010-12-27 17:48
Vor Suchlauf: 9 Verzeichnis(se), 227.642.589.184 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 227.586.877.440 Bytes frei
- - End Of File - - 397221298C3C65BB1E43C7BC1310F36C
|
|
27.12.2010, 19:05
| #14 |
| /// Malware-holic | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected machst doch alles richtig. gibts noch probleme?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2010, 19:07
| #15 |
| | HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Also hier läuft alles wieder :-))) Heisst das, wir haben es geschafft???!! Das ist ja super!! Wie kann man sich bei dir denn erkenntlich zeigen?? |
|
| Themen zu HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected |
| 32 bit, adblock, alle programme, autorun, bho, bonjour, corp./icp, critical error damaged hard drive clusters detected, damaged hard drive clusters detected, defender, desktop, error, excel, firefox, firefox.exe, flash player, format, hdd low, hddlow, home, home premium, iastor.sys, install.exe, internet, location, malware, microsoft office word, mozilla, mozilla thunderbird, mp3, nvstor.sys, office 2007, oldtimer, otl.exe, phishing, plug-in, programdata, programm, realtek, registry, rundll, safer networking, saver, scan, searchplugins, security, security update, shell32.dll, software, studio, udp, vista |
Linear-Darstellung
