| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehlermeldungen: Critical Error Damaged hard Drive Clusters detectedWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
28.05.2011, 16:24
| #1 |
 |  Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo ihr Lieben, ich habe gerade ein großes Problem, da ich mich zwei Wochen vor der Abgabe meiner Abschlussarbeit befinde und sich mein Notebook nun wohl anscheinend einen Trojaner eingefangen hat. Ich bekam eine Warnmeldung von Avira, danach war der Hintergrund meines Bildschirmes schwarz. Beim erneuten Hochfahren sind sämtliche Dateien verschwunden. Ob ich versuche, die Dateien direkt zu öffnen oder über "Run" gehe, es heißt immer nur "keine Dateien vorhanden". Äußerst schlecht in meiner aktuellen Situation.  Die meisten Dateien meiner Bachelorarbeit hab ich zwar gestern noch auf einen USB-Stick gezogen, aber ohne Rechner arbeitet es sich natürlich auch nicht so hervorragend.Die Fehlermeldung war zunächst immer "Critical Error Damaged hard Drive Clusters detected"...aus diesem Grund habe ich inspiriert durch den Beitrag "HDD Defragmenter entfernen" den rkill.exe installiert und seitdem sind diese Meldungen verschwunden. Allerdings hat sich an meinem Rechner nichts verändert. Heute vormittag habe ich in einem Computerfachhandel nachgefragt und ihnen meinen Rechner gezeigt, nur leider haben sie mir auch nur zu Dingen geraten, die ich bereits versucht hatte. Nun bin ich mit meinem Latein am Ende. Kann mir von euch jemand weiterhelfen? Vielen Dank schonmal im Voraus...ich weiß, es ist Wochenende, dennoch hoffe ich natürlich, hier noch jemanden anzutreffen.  Mit OTL habe ich bereits einen Scan gemacht. Die folgenden zwei Logfiles wurden dadurch erstellt: Code:
ATTFilter OTL logfile created on: 28.05.2011 09:19:11 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\*****\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,20% Memory free 8,19 Gb Paging File | 6,43 Gb Available in Paging File | 78,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,54 Gb Total Space | 154,96 Gb Free Space | 54,46% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 293,91 Gb Free Space | 98,60% Space Free | Partition Type: NTFS Computer Name: CREATION | User Name: Seranna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe PRC - [2011.05.03 08:59:53 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.05.02 08:07:58 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.04.19 20:38:33 | 000,119,608 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe PRC - [2011.03.20 11:08:27 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.03 10:42:54 | 000,253,952 | -H-- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe PRC - [2010.11.03 08:37:26 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.12.31 15:13:52 | 000,110,592 | -H-- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Seranna\AppData\Roaming\T-Mobile Internet Manager\ouc.exe PRC - [2009.07.15 09:18:48 | 000,102,400 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008.08.08 14:11:12 | 000,490,952 | -H-- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe PRC - [2008.06.04 20:03:36 | 000,817,672 | -H-- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE PRC - [2008.04.20 18:30:20 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.20 18:30:16 | 000,178,712 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.02.18 18:33:52 | 000,077,824 | -H-- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ========== Modules (SafeList) ========== MOD - [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.04.30 20:20:42 | 001,371,136 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2008.04.30 19:42:20 | 000,826,368 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.01.21 04:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2006.04.29 07:23:04 | 000,048,128 | -H-- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B17\win_b64\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2011.05.03 08:59:53 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.20 11:08:27 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.20 18:30:20 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.04.07 09:17:30 | 000,430,592 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.23 13:38:21 | 000,083,120 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.09.10 15:56:08 | 000,117,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.07.15 09:08:24 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2008.10.21 22:26:01 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2008.10.10 01:22:16 | 000,062,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2008.09.15 14:25:00 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2008.04.28 06:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:64bit: - [2008.04.25 10:08:46 | 000,325,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2008.04.20 18:29:56 | 000,394,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008.03.26 11:03:06 | 000,064,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR) DRV:64bit: - [2008.01.21 04:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008.01.21 04:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008.01.21 04:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008.01.21 04:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2008.01.21 04:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.07.03 17:04:44 | 000,142,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2007.07.03 17:04:16 | 000,016,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2007.07.03 17:02:12 | 000,105,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2007.03.28 07:50:16 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\winbondcir.sys -- (winbondcir) DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | -H-- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2009.07.15 09:08:24 | 000,016,392 | -H-- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2008.02.01 17:24:06 | 000,032,240 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=gppc" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.28 08:35:27 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.28 08:35:27 | 000,000,000 | -H-D | M] [2008.10.21 20:41:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Extensions [2011.05.28 06:54:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (Zynga Community Toolbar) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.28 06:54:34 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\ffxtlbr@Facemoods.com [2011.05.25 13:18:00 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-1.xml [2011.05.28 06:57:35 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-10.xml [2010.01.30 18:10:43 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-2.xml [2010.03.02 13:43:28 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-3.xml [2010.03.31 15:39:20 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-4.xml [2010.09.17 14:08:47 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-5.xml [2010.10.14 20:59:22 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-6.xml [2010.12.11 11:04:23 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-7.xml [2011.03.02 20:49:33 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-8.xml [2011.05.02 08:08:16 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-9.xml [2010.05.12 17:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin.xml [2011.04.03 10:52:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.05.28 08:35:27 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- () (No name found) -- C:\USERS\SERANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9ZOV2N5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\SERANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9ZOV2N5.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2011.05.28 08:37:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.05.02 08:07:58 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.28 07:04:27 | 000,002,047 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml [2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll (facemoods.com) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll () O24 - Desktop WallPaper: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\Shell\AutoRun\command - "" = F:\menu.exe O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.28 09:10:51 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe [2011.05.28 09:08:11 | 000,000,000 | R--D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD8 [2011.05.28 07:09:19 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Malwarebytes [2011.05.28 07:09:09 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.28 07:09:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.28 07:08:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.05.28 07:08:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.28 06:54:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\facemoods.com [2011.05.28 05:55:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.05.27 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.27 21:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\Desktop\email [2011.05.22 16:37:03 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\Desktop\Thesisbilder [1 C:\Users\Seranna\Desktop\*.tmp files -> C:\Users\Seranna\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe [2011.05.28 08:48:38 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.28 08:48:38 | 000,598,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.28 08:48:38 | 000,104,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.28 08:41:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 08:41:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 08:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.28 08:40:45 | 4289,589,248 | -HS- | M] () -- C:\hiberfil.sys [2011.05.28 07:09:09 | 000,000,972 | -H-- | M] () -- C:\Users\Seranna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.05.28 07:09:09 | 000,000,948 | -H-- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.28 06:38:06 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~44228344r [2011.05.28 06:38:06 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~44228344 [2011.05.28 06:35:37 | 000,028,029 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.05.28 06:35:37 | 000,028,029 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.05.28 06:19:30 | 000,000,392 | -H-- | M] () -- C:\ProgramData\44228344 [2011.05.27 22:55:17 | 000,000,595 | -H-- | M] () -- C:\Users\Seranna\Desktop\Windows Vista Recovery.lnk [2011.05.18 14:40:09 | 000,014,848 | -H-- | M] () -- C:\Users\Seranna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Seranna\Desktop\*.tmp files -> C:\Users\Seranna\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.28 07:09:09 | 000,000,972 | -H-- | C] () -- C:\Users\Seranna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.05.28 07:09:09 | 000,000,948 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.28 07:08:48 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.27 22:55:30 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~44228344r [2011.05.27 22:55:30 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~44228344 [2011.05.27 22:55:17 | 000,000,595 | -H-- | C] () -- C:\Users\Seranna\Desktop\Windows Vista Recovery.lnk [2011.05.27 22:55:09 | 000,000,392 | -H-- | C] () -- C:\ProgramData\44228344 [2011.05.15 10:17:42 | 739,575,158 | -H-- | C] () -- C:\Users\Seranna\Desktop\intro_black_swan.avi [2011.02.02 16:45:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.17 18:33:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2008.11.10 22:18:22 | 000,700,730 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.10.22 11:03:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.21 23:23:51 | 000,014,848 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.21 22:08:47 | 000,028,029 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.10.21 22:08:42 | 000,028,029 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.10.21 21:51:00 | 000,000,680 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d9caps.dat [2008.10.21 21:50:58 | 000,000,552 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d8caps.dat [2008.10.21 21:14:40 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.10.21 21:14:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.10.21 20:59:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.21 20:41:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.21 20:17:48 | 000,000,732 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d9caps64.dat [2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.10.25 17:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2002.03.21 14:39:02 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL ========== LOP Check ========== [2010.04.28 18:52:53 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\.purple [2008.10.21 23:34:58 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ACD Systems [2010.03.07 00:02:20 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\BSW [2010.05.12 16:08:18 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\cerasus [2010.05.12 16:08:40 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\cerasus.media [2011.02.02 16:45:55 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Daedalic Entertainment [2011.05.28 08:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\DAEMON Tools [2008.10.23 00:33:00 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\DassaultSystemes [2010.03.23 12:24:54 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\GARMIN [2011.05.13 07:28:16 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ICQ [2010.10.08 20:50:15 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\PC Suite [2008.12.05 00:33:49 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Propellerhead Software [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\RobinsonCrusoeCER [2010.10.08 20:47:16 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Samsung [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ScummVM [2010.11.04 22:55:41 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\SecondLife [2011.03.03 10:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\T-Mobile [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\T-Mobile Internet Manager [2011.05.28 07:56:25 | 000,032,646 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.05.2011 09:19:11 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\*****\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,20% Memory free
8,19 Gb Paging File | 6,43 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,54 Gb Total Space | 154,96 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 293,91 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
Computer Name: CREATION | User Name: Seranna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3637555439-4150254949-3577624952-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17930F34-BC3B-4C08-AD45-0208D56A11EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{182DEDBE-B77E-46B5-A304-EF80CC281F40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1CB8E0A9-887C-4CD4-85DF-74B26AEA22A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{20F684EE-756D-42F4-A27E-203DC3216B6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C05C31E-3FC7-461C-A81A-64BC9F80E777}" = lport=445 | protocol=6 | dir=in | app=system |
"{3416DAAD-0CE4-4E26-BEE4-08962BC3B9F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{39631D88-7EA6-4DC8-988C-DA21AFA8F6CE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A3146C0-1AAE-494B-B821-64FBCF355A5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B679CAF-9B3B-48C1-8CC9-7D0CABF9A0A2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6880F4AA-1250-4897-9E11-999C14986BE6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AB885BC-FEEE-47AE-BD1D-2D5F7C259EF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F89B276-A64B-467C-99D0-96840B5306EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{870E4E61-34FA-44DF-A6FE-13A8A827C894}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{89469868-C1B0-4F4E-AD96-3EF4023621D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{9AC2C4FD-F55A-4BBD-ACAF-132EFF2ACCF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CC53E31-B7C1-4BC5-8B3A-C602778350C8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4AC746B-0C85-48AA-A277-5343639724F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB1FB534-2C9F-4072-B050-D6B9754EC293}" = rport=137 | protocol=17 | dir=out | app=system |
"{C941E5ED-1661-4222-A16C-3C992ACD57D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC174306-10B3-4729-A267-9857CA69569E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CF215CAA-458B-49F1-8799-E371833FBBD1}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008D2BFC-12A6-449D-BB4C-BC4BCCD8598B}" = protocol=17 | dir=in | app=c:\users\seranna\appdata\local\microsoft\windows\temporary internet files\content.ie5\hidt6e7k\facemoods[1].exe |
"{05E8F44E-86D2-4164-B085-FEB9787334B5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{08CED774-B244-4E16-AD65-31987B5F4FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0C66D569-3A03-46CE-A1C0-5FD721D2905E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2460E9AB-A44B-4C48-B7C3-ACEA4CA9A2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CEA3CA5-FA11-41E9-AD40-49473E7BA400}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{2E2BFF50-01B9-4467-BAE9-D2236D55EEE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3000A818-7839-4007-A1BF-073005BDDF7F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{35D26E99-89B1-49F9-ADEA-9939E03A9EDF}" = protocol=6 | dir=in | app=c:\users\seranna\appdata\local\microsoft\windows\temporary internet files\content.ie5\hidt6e7k\facemoods[1].exe |
"{403BF458-3F70-462D-A273-CA3362441744}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{4F0E7F45-5A36-4E6C-9FDC-ED424866190F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6EFFA785-64FF-4D06-86BD-9F5DA5A92759}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CD72EA6-2473-4AF3-A60A-B44079D6D838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C2DB7E5-D9EF-4667-94A0-6264E0F81DF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A529E36B-3DC3-4476-98FD-ADF4C5A69923}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1032A12-E463-4218-BA5F-7ABF8F222D02}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{CBDB14C2-4D56-4459-AD5A-1C6E096E0BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{D0F7B2D9-4A43-4758-9611-D8CC08B9B03C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D2AFCE0D-2054-47A3-9C5B-F55C83D57E2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC690D0C-F6D9-41A3-A7C4-778E317B2A14}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{EA020FA3-22F8-423B-B89B-34E547A1A14A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{EBCF026C-E650-4D75-A967-A0883F0C4349}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{F1B3DCF4-A427-4425-849E-0563AB782A80}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{0F6F76A8-D26A-46BF-ACE8-77CA0B2DA3A8}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{1CC0DD38-3F50-4DC2-B1AA-D40AD93BD4E5}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{30BA9705-FAC0-4F7B-8F2E-5AA1AB068D5E}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{47842BC8-A13D-4FC3-AFCB-5A1246A8E7FC}C:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe |
"TCP Query User{5CBA344A-3580-4D6F-910A-CA84438F9C27}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{641B7D96-E8DC-421B-901F-F6C1D3214311}C:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe |
"TCP Query User{C8698F8A-E218-41EC-9E63-03C1DB15D3A1}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{E561E25F-9A21-4FB5-AE2F-F9AE3AF992C9}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"TCP Query User{EB704B6F-5F25-4D70-8597-3864126F5509}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{1AB1D604-D965-4F02-AA90-B58D5072B3AA}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"UDP Query User{3E796A98-F514-4ED6-87C2-16D6E8E402B5}C:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe |
"UDP Query User{40C25660-9A01-4127-928F-9EDA42C173FC}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{4E4D28A4-2AF3-4D73-B91F-0BF182A1DC82}C:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe |
"UDP Query User{62E549DD-55DD-46FE-BBB7-072F962B16FD}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{BB3B5F2C-09F6-4646-AAD7-EF1B7C5FC12D}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{BF03437E-D61F-47FD-B75A-E42A33D17836}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{D7066990-A605-4203-A035-7B25AB6BA484}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{DD59D33C-EBDD-4646-A53A-76F811FB6F20}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C3BCE6-BFC3-4844-9EA5-33B6508CBF3B}" = TouchChip USB Driver 2.13
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1" = Robinson Crusoe
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LEd_is1" = LEd Beta 0.52
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Pidgin" = Pidgin
"QIP2005" = QIP 2005 Uninstall
"Ravensburger Puzzle" = Ravensburger Puzzle
"Reason4_is1" = Reason 4.0
"ScummVM_is1" = ScummVM 0.12.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SystemRequirementsLab" = System Requirements Lab
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
| Themen zu Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected |
| 64-bit, 7-zip, antivir, autorun, avira, bho, black, device driver, entfernen, error, excel, fehlermeldung, firefox, flash player, format, install.exe, installation, keine dateien, launch, microsoft office word, mozilla, object, oldtimer, plug-in, problem, realtek, registry, rundll, scan, searchplugins, security, shell32.dll, software, sptd.sys, start menu, studio, svchost.exe, syswow64, t-mobile, trojaner, trojaner eingefangen, udp, usb 2.0, vista |
Baum-Darstellung