| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehlermeldungen: Critical Error Damaged hard Drive Clusters detectedWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.05.2011, 16:24
| #1 |
 |  Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo ihr Lieben, ich habe gerade ein großes Problem, da ich mich zwei Wochen vor der Abgabe meiner Abschlussarbeit befinde und sich mein Notebook nun wohl anscheinend einen Trojaner eingefangen hat. Ich bekam eine Warnmeldung von Avira, danach war der Hintergrund meines Bildschirmes schwarz. Beim erneuten Hochfahren sind sämtliche Dateien verschwunden. Ob ich versuche, die Dateien direkt zu öffnen oder über "Run" gehe, es heißt immer nur "keine Dateien vorhanden". Äußerst schlecht in meiner aktuellen Situation.  Die meisten Dateien meiner Bachelorarbeit hab ich zwar gestern noch auf einen USB-Stick gezogen, aber ohne Rechner arbeitet es sich natürlich auch nicht so hervorragend.Die Fehlermeldung war zunächst immer "Critical Error Damaged hard Drive Clusters detected"...aus diesem Grund habe ich inspiriert durch den Beitrag "HDD Defragmenter entfernen" den rkill.exe installiert und seitdem sind diese Meldungen verschwunden. Allerdings hat sich an meinem Rechner nichts verändert. Heute vormittag habe ich in einem Computerfachhandel nachgefragt und ihnen meinen Rechner gezeigt, nur leider haben sie mir auch nur zu Dingen geraten, die ich bereits versucht hatte. Nun bin ich mit meinem Latein am Ende. Kann mir von euch jemand weiterhelfen? Vielen Dank schonmal im Voraus...ich weiß, es ist Wochenende, dennoch hoffe ich natürlich, hier noch jemanden anzutreffen.  Mit OTL habe ich bereits einen Scan gemacht. Die folgenden zwei Logfiles wurden dadurch erstellt: Code:
ATTFilter OTL logfile created on: 28.05.2011 09:19:11 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\*****\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,20% Memory free 8,19 Gb Paging File | 6,43 Gb Available in Paging File | 78,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 284,54 Gb Total Space | 154,96 Gb Free Space | 54,46% Space Free | Partition Type: NTFS Drive D: | 298,09 Gb Total Space | 293,91 Gb Free Space | 98,60% Space Free | Partition Type: NTFS Computer Name: CREATION | User Name: Seranna | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe PRC - [2011.05.03 08:59:53 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.05.02 08:07:58 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.04.19 20:38:33 | 000,119,608 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe PRC - [2011.03.20 11:08:27 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.03 10:42:54 | 000,253,952 | -H-- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe PRC - [2010.11.03 08:37:26 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.12.31 15:13:52 | 000,110,592 | -H-- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Seranna\AppData\Roaming\T-Mobile Internet Manager\ouc.exe PRC - [2009.07.15 09:18:48 | 000,102,400 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2008.08.08 14:11:12 | 000,490,952 | -H-- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe PRC - [2008.06.04 20:03:36 | 000,817,672 | -H-- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE PRC - [2008.04.20 18:30:20 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2008.04.20 18:30:16 | 000,178,712 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2008.02.18 18:33:52 | 000,077,824 | -H-- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe ========== Modules (SafeList) ========== MOD - [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2008.04.30 20:20:42 | 001,371,136 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2008.04.30 19:42:20 | 000,826,368 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.01.21 04:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2006.04.29 07:23:04 | 000,048,128 | -H-- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B17\win_b64\code\bin\CATSysDemon.exe -- (BBDemon) SRV - [2011.05.03 08:59:53 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.20 11:08:27 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.04.20 18:30:20 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2008.04.07 09:17:30 | 000,430,592 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.21 04:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2010.11.23 13:38:21 | 000,083,120 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.09.10 15:56:08 | 000,117,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.07.15 09:08:24 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2008.10.21 22:26:01 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd) DRV:64bit: - [2008.10.10 01:22:16 | 000,062,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2008.09.15 14:25:00 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E) DRV:64bit: - [2008.04.28 06:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R) DRV:64bit: - [2008.04.25 10:08:46 | 000,325,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP) DRV:64bit: - [2008.04.20 18:29:56 | 000,394,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor) DRV:64bit: - [2008.03.26 11:03:06 | 000,064,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR) DRV:64bit: - [2008.01.21 04:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008.01.21 04:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV) DRV:64bit: - [2008.01.21 04:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf) DRV:64bit: - [2008.01.21 04:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL) DRV:64bit: - [2008.01.21 04:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.07.03 17:04:44 | 000,142,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm) DRV:64bit: - [2007.07.03 17:04:16 | 000,016,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl) DRV:64bit: - [2007.07.03 17:02:12 | 000,105,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV:64bit: - [2007.03.28 07:50:16 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\winbondcir.sys -- (winbondcir) DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | -H-- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs) DRV - [2009.07.15 09:08:24 | 000,016,392 | -H-- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2008.02.01 17:24:06 | 000,032,240 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Facemoods Search" FF - prefs.js..browser.search.selectedEngine: "Facemoods Search" FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=gppc" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1 FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.28 08:35:27 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.28 08:35:27 | 000,000,000 | -H-D | M] [2008.10.21 20:41:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Extensions [2011.05.28 06:54:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (Zynga Community Toolbar) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011.05.28 08:36:27 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.28 06:54:34 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\ffxtlbr@Facemoods.com [2011.05.25 13:18:00 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-1.xml [2011.05.28 06:57:35 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-10.xml [2010.01.30 18:10:43 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-2.xml [2010.03.02 13:43:28 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-3.xml [2010.03.31 15:39:20 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-4.xml [2010.09.17 14:08:47 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-5.xml [2010.10.14 20:59:22 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-6.xml [2010.12.11 11:04:23 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-7.xml [2011.03.02 20:49:33 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-8.xml [2011.05.02 08:08:16 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-9.xml [2010.05.12 17:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin.xml [2011.04.03 10:52:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.05.28 08:35:27 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- () (No name found) -- C:\USERS\SERANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9ZOV2N5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\SERANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9ZOV2N5.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2011.05.28 08:37:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.05.02 08:07:58 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2011.05.28 07:04:27 | 000,002,047 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml [2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll (facemoods.com) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll () O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [WinampAgent] File not found O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [WMPNSCFG] File not found O4 - Startup: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll () O24 - Desktop WallPaper: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\Shell\AutoRun\command - "" = F:\menu.exe O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell - "" = AutoRun O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.28 09:10:51 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe [2011.05.28 09:08:11 | 000,000,000 | R--D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD8 [2011.05.28 07:09:19 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Malwarebytes [2011.05.28 07:09:09 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.05.28 07:09:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.05.28 07:08:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes [2011.05.28 07:08:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.05.28 06:54:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\facemoods.com [2011.05.28 05:55:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch [2011.05.27 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.27 21:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\Desktop\email [2011.05.22 16:37:03 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\Desktop\Thesisbilder [1 C:\Users\Seranna\Desktop\*.tmp files -> C:\Users\Seranna\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe [2011.05.28 08:48:38 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.05.28 08:48:38 | 000,598,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.05.28 08:48:38 | 000,104,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.05.28 08:41:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 08:41:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.28 08:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.28 08:40:45 | 4289,589,248 | -HS- | M] () -- C:\hiberfil.sys [2011.05.28 07:09:09 | 000,000,972 | -H-- | M] () -- C:\Users\Seranna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.05.28 07:09:09 | 000,000,948 | -H-- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.28 06:38:06 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~44228344r [2011.05.28 06:38:06 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~44228344 [2011.05.28 06:35:37 | 000,028,029 | -H-- | M] () -- C:\ProgramData\nvModes.dat [2011.05.28 06:35:37 | 000,028,029 | -H-- | M] () -- C:\ProgramData\nvModes.001 [2011.05.28 06:19:30 | 000,000,392 | -H-- | M] () -- C:\ProgramData\44228344 [2011.05.27 22:55:17 | 000,000,595 | -H-- | M] () -- C:\Users\Seranna\Desktop\Windows Vista Recovery.lnk [2011.05.18 14:40:09 | 000,014,848 | -H-- | M] () -- C:\Users\Seranna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Seranna\Desktop\*.tmp files -> C:\Users\Seranna\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.28 07:09:09 | 000,000,972 | -H-- | C] () -- C:\Users\Seranna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011.05.28 07:09:09 | 000,000,948 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.05.28 07:08:48 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys [2011.05.27 22:55:30 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~44228344r [2011.05.27 22:55:30 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~44228344 [2011.05.27 22:55:17 | 000,000,595 | -H-- | C] () -- C:\Users\Seranna\Desktop\Windows Vista Recovery.lnk [2011.05.27 22:55:09 | 000,000,392 | -H-- | C] () -- C:\ProgramData\44228344 [2011.05.15 10:17:42 | 739,575,158 | -H-- | C] () -- C:\Users\Seranna\Desktop\intro_black_swan.avi [2011.02.02 16:45:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.09.17 18:33:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2008.11.10 22:18:22 | 000,700,730 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2008.10.22 11:03:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2008.10.21 23:23:51 | 000,014,848 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.21 22:08:47 | 000,028,029 | -H-- | C] () -- C:\ProgramData\nvModes.001 [2008.10.21 22:08:42 | 000,028,029 | -H-- | C] () -- C:\ProgramData\nvModes.dat [2008.10.21 21:51:00 | 000,000,680 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d9caps.dat [2008.10.21 21:50:58 | 000,000,552 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d8caps.dat [2008.10.21 21:14:40 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin [2008.10.21 21:14:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin [2008.10.21 20:59:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2008.10.21 20:41:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2008.10.21 20:17:48 | 000,000,732 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d9caps64.dat [2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini [2008.01.21 04:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2007.10.25 17:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2006.11.02 14:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2006.11.02 14:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat [2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2002.03.21 14:39:02 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL ========== LOP Check ========== [2010.04.28 18:52:53 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\.purple [2008.10.21 23:34:58 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ACD Systems [2010.03.07 00:02:20 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\BSW [2010.05.12 16:08:18 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\cerasus [2010.05.12 16:08:40 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\cerasus.media [2011.02.02 16:45:55 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Daedalic Entertainment [2011.05.28 08:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\DAEMON Tools [2008.10.23 00:33:00 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\DassaultSystemes [2010.03.23 12:24:54 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\GARMIN [2011.05.13 07:28:16 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ICQ [2010.10.08 20:50:15 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\PC Suite [2008.12.05 00:33:49 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Propellerhead Software [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\RobinsonCrusoeCER [2010.10.08 20:47:16 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Samsung [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ScummVM [2010.11.04 22:55:41 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\SecondLife [2011.03.03 10:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\T-Mobile [2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\T-Mobile Internet Manager [2011.05.28 07:56:25 | 000,032,646 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.05.2011 09:19:11 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\*****\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,20% Memory free
8,19 Gb Paging File | 6,43 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,54 Gb Total Space | 154,96 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 293,91 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
Computer Name: CREATION | User Name: Seranna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3637555439-4150254949-3577624952-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17930F34-BC3B-4C08-AD45-0208D56A11EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{182DEDBE-B77E-46B5-A304-EF80CC281F40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1CB8E0A9-887C-4CD4-85DF-74B26AEA22A2}" = rport=445 | protocol=6 | dir=out | app=system |
"{20F684EE-756D-42F4-A27E-203DC3216B6F}" = lport=138 | protocol=17 | dir=in | app=system |
"{2C05C31E-3FC7-461C-A81A-64BC9F80E777}" = lport=445 | protocol=6 | dir=in | app=system |
"{3416DAAD-0CE4-4E26-BEE4-08962BC3B9F1}" = rport=139 | protocol=6 | dir=out | app=system |
"{39631D88-7EA6-4DC8-988C-DA21AFA8F6CE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4A3146C0-1AAE-494B-B821-64FBCF355A5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5B679CAF-9B3B-48C1-8CC9-7D0CABF9A0A2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6880F4AA-1250-4897-9E11-999C14986BE6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6AB885BC-FEEE-47AE-BD1D-2D5F7C259EF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F89B276-A64B-467C-99D0-96840B5306EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{870E4E61-34FA-44DF-A6FE-13A8A827C894}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{89469868-C1B0-4F4E-AD96-3EF4023621D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{9AC2C4FD-F55A-4BBD-ACAF-132EFF2ACCF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CC53E31-B7C1-4BC5-8B3A-C602778350C8}" = rport=138 | protocol=17 | dir=out | app=system |
"{A4AC746B-0C85-48AA-A277-5343639724F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AB1FB534-2C9F-4072-B050-D6B9754EC293}" = rport=137 | protocol=17 | dir=out | app=system |
"{C941E5ED-1661-4222-A16C-3C992ACD57D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CC174306-10B3-4729-A267-9857CA69569E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{CF215CAA-458B-49F1-8799-E371833FBBD1}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008D2BFC-12A6-449D-BB4C-BC4BCCD8598B}" = protocol=17 | dir=in | app=c:\users\seranna\appdata\local\microsoft\windows\temporary internet files\content.ie5\hidt6e7k\facemoods[1].exe |
"{05E8F44E-86D2-4164-B085-FEB9787334B5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{08CED774-B244-4E16-AD65-31987B5F4FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{0C66D569-3A03-46CE-A1C0-5FD721D2905E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2460E9AB-A44B-4C48-B7C3-ACEA4CA9A2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{2CEA3CA5-FA11-41E9-AD40-49473E7BA400}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{2E2BFF50-01B9-4467-BAE9-D2236D55EEE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{3000A818-7839-4007-A1BF-073005BDDF7F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{35D26E99-89B1-49F9-ADEA-9939E03A9EDF}" = protocol=6 | dir=in | app=c:\users\seranna\appdata\local\microsoft\windows\temporary internet files\content.ie5\hidt6e7k\facemoods[1].exe |
"{403BF458-3F70-462D-A273-CA3362441744}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{4F0E7F45-5A36-4E6C-9FDC-ED424866190F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6EFFA785-64FF-4D06-86BD-9F5DA5A92759}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8CD72EA6-2473-4AF3-A60A-B44079D6D838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C2DB7E5-D9EF-4667-94A0-6264E0F81DF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A529E36B-3DC3-4476-98FD-ADF4C5A69923}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C1032A12-E463-4218-BA5F-7ABF8F222D02}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{CBDB14C2-4D56-4459-AD5A-1C6E096E0BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{D0F7B2D9-4A43-4758-9611-D8CC08B9B03C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{D2AFCE0D-2054-47A3-9C5B-F55C83D57E2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{DC690D0C-F6D9-41A3-A7C4-778E317B2A14}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{EA020FA3-22F8-423B-B89B-34E547A1A14A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe |
"{EBCF026C-E650-4D75-A967-A0883F0C4349}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{F1B3DCF4-A427-4425-849E-0563AB782A80}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"TCP Query User{0F6F76A8-D26A-46BF-ACE8-77CA0B2DA3A8}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"TCP Query User{1CC0DD38-3F50-4DC2-B1AA-D40AD93BD4E5}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"TCP Query User{30BA9705-FAC0-4F7B-8F2E-5AA1AB068D5E}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{47842BC8-A13D-4FC3-AFCB-5A1246A8E7FC}C:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe |
"TCP Query User{5CBA344A-3580-4D6F-910A-CA84438F9C27}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"TCP Query User{641B7D96-E8DC-421B-901F-F6C1D3214311}C:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe |
"TCP Query User{C8698F8A-E218-41EC-9E63-03C1DB15D3A1}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{E561E25F-9A21-4FB5-AE2F-F9AE3AF992C9}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"TCP Query User{EB704B6F-5F25-4D70-8597-3864126F5509}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{1AB1D604-D965-4F02-AA90-B58D5072B3AA}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe |
"UDP Query User{3E796A98-F514-4ED6-87C2-16D6E8E402B5}C:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe |
"UDP Query User{40C25660-9A01-4127-928F-9EDA42C173FC}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{4E4D28A4-2AF3-4D73-B91F-0BF182A1DC82}C:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe |
"UDP Query User{62E549DD-55DD-46FE-BBB7-072F962B16FD}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{BB3B5F2C-09F6-4646-AAD7-EF1B7C5FC12D}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"UDP Query User{BF03437E-D61F-47FD-B75A-E42A33D17836}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{D7066990-A605-4203-A035-7B25AB6BA484}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe |
"UDP Query User{DD59D33C-EBDD-4646-A53A-76F811FB6F20}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C3BCE6-BFC3-4844-9EA5-33B6508CBF3B}" = TouchChip USB Driver 2.13
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1" = Robinson Crusoe
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LEd_is1" = LEd Beta 0.52
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Pidgin" = Pidgin
"QIP2005" = QIP 2005 Uninstall
"Ravensburger Puzzle" = Ravensburger Puzzle
"Reason4_is1" = Reason 4.0
"ScummVM_is1" = ScummVM 0.12.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SystemRequirementsLab" = System Requirements Lab
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
29.05.2011, 11:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
|
29.05.2011, 11:55
| #3 |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Hallo cosinus und vielen lieben Dank für deine Willkommensgrüße.
__________________Ich habe bereits gestern einen Scan durchgeführt, bei dem infizierte Dateien gefunden wurden. Diese habe ich gelöscht. Im Folgenden stelle ich den Log von gestern und heute herein. Ältere habe ich leider nicht. Log von gestern (28.05.11): Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6697
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
28.05.2011 07:27:44
mbam-log-2011-05-28 (07-27-44).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165956
Laufzeit: 16 Minute(n), 14 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xXjsKiNbkvU (Trojan.FakeMS) -> Value: xXjsKiNbkvU -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\xxjskinbkvu.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\44228344.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Seranna\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Seranna\AppData\Local\Temp\ldrb5b9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Seranna\AppData\Local\Temp\ldrdc7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6711
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
29.05.2011 12:46:25
mbam-log-2011-05-29 (12-46-25).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166186
Laufzeit: 5 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
29.05.2011, 11:55
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detectedZitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2011, 14:04
| #5 |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Entschuldige, da habe ich wirklich nur den Quick-Scan gemacht. *shame on me* Den Vollscan habe ich gerade mit der aktuellen Version nachgeholt. Nach dessen Abschluss gab es allerdings schon wieder zwei neue Aktualisierungen. Vollscan vom 29.05.11: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6711
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000
29.05.2011 14:59:16
mbam-log-2011-05-29 (14-59-16).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 593779
Laufzeit: 2 Stunde(n), 1 Minute(n), 43 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
29.05.2011, 14:54
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detectedZitat:
Wieso fehlen eigentlich das SP2 und der IE8 (bzw. jetzt ist IE9 aktuell!) bei dir? Später must du dich unbedingt um die Updates kümmern. Aber erst wenn wir hier durch sind. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [WinampAgent] File not found
O4 - HKCU..\Run: [WMPNSCFG] File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\Shell\AutoRun\command - "" = F:\menu.exe
O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.05.27 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.28 06:38:06 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~44228344r
[2011.05.28 06:38:06 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~44228344
[2011.05.28 06:19:30 | 000,000,392 | -H-- | M] () -- C:\ProgramData\44228344
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ --> Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected |
|
29.05.2011, 15:08
| #7 |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Vielen Dank für deine schnelle Antwort. Ich habe vorab noch eine kurze Frage. Mit der Aktivierung des Virenscanners meinst du mein Avira AntiVir, oder? |
|
29.05.2011, 15:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Ja, der muss deaktiviert werden => Regenschirm schließen Dann möglichst alle anderen Programme beenden und den OTL-Fix wie beschrieben durchführen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2011, 15:51
| #9 |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Zunächst zu deinen Fragen: Den IE benutze ich eigentlich überhaupt nicht für das Internet, sondern nur Firefox. Von letzterem habe ich auch die neueste Version auf dem Rechner. Bezüglich des SP2 kann ich nur sagen, dass ich leider seeehr wenig Ahnung von Computern habe und mir nicht bewusst war, dass es schon ein neues Programm zur Erweiterung gibt. Ich danke dir, das mit dem Fix hat geklappt, nachdem du es so ausführlich beschrieben hast. Dieser Log wurde mir ausgegeben: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4334898a-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4334898a-4571-11e0-9f5d-001e68d94597}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43348997-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43348997-4571-11e0-9f5d-001e68d94597}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684379f7-0578-11de-a2f3-d80cd9e7866e}\ not found.
File F:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21bac0d-60ea-11e0-af29-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21bac0d-60ea-11e0-af29-001e68d94597}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery folder moved successfully.
C:\ProgramData\~44228344r moved successfully.
C:\ProgramData\~44228344 moved successfully.
C:\ProgramData\44228344 moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.23.0 log created on 05292011_164126
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
29.05.2011, 16:01
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Da der IE ist aber eine Kernkomponente von Windows ist, muss auch dieser ständig aktuell gehalten werden. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2011, 16:12
| #11 | |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Danke für diese Information, dann werde ich mir den neuen IE8 holen, wenn das hier alles bereinigt ist. Ich habe nun den Scan durchgeführt und dieser Log wurde mir ausgegeben: Code:
ATTFilter 2011/05/29 17:05:23.0657 4808 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 17:05:24.0016 4808 ================================================================================
2011/05/29 17:05:24.0016 4808 SystemInfo:
2011/05/29 17:05:24.0016 4808
2011/05/29 17:05:24.0016 4808 OS Version: 6.0.6001 ServicePack: 1.0
2011/05/29 17:05:24.0016 4808 Product type: Workstation
2011/05/29 17:05:24.0016 4808 ComputerName: CREATION
2011/05/29 17:05:24.0031 4808 UserName: Seranna
2011/05/29 17:05:24.0031 4808 Windows directory: C:\Windows
2011/05/29 17:05:24.0031 4808 System windows directory: C:\Windows
2011/05/29 17:05:24.0031 4808 Running under WOW64
2011/05/29 17:05:24.0031 4808 Processor architecture: Intel x64
2011/05/29 17:05:24.0031 4808 Number of processors: 2
2011/05/29 17:05:24.0031 4808 Page size: 0x1000
2011/05/29 17:05:24.0031 4808 Boot type: Normal boot
2011/05/29 17:05:24.0031 4808 ================================================================================
2011/05/29 17:05:24.0843 4808 Initialize success
2011/05/29 17:06:08.0523 4324 ================================================================================
2011/05/29 17:06:08.0523 4324 Scan started
2011/05/29 17:06:08.0523 4324 Mode: Manual;
2011/05/29 17:06:08.0523 4324 ================================================================================
2011/05/29 17:06:08.0866 4324 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/05/29 17:06:08.0928 4324 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/29 17:06:09.0006 4324 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/29 17:06:09.0037 4324 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/29 17:06:09.0069 4324 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/29 17:06:09.0147 4324 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/05/29 17:06:09.0225 4324 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/29 17:06:09.0287 4324 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/29 17:06:09.0365 4324 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/29 17:06:09.0381 4324 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/29 17:06:09.0427 4324 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/29 17:06:09.0552 4324 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/29 17:06:09.0583 4324 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/29 17:06:09.0661 4324 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/29 17:06:09.0693 4324 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/05/29 17:06:09.0771 4324 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/29 17:06:09.0817 4324 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/29 17:06:09.0958 4324 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/29 17:06:10.0036 4324 bowser (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/29 17:06:10.0067 4324 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/29 17:06:10.0145 4324 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/29 17:06:10.0176 4324 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/29 17:06:10.0207 4324 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/29 17:06:10.0223 4324 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/29 17:06:10.0239 4324 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/29 17:06:10.0270 4324 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/29 17:06:10.0332 4324 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/29 17:06:10.0348 4324 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/29 17:06:10.0395 4324 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/29 17:06:10.0441 4324 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/05/29 17:06:10.0566 4324 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/29 17:06:10.0597 4324 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/29 17:06:10.0629 4324 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/29 17:06:10.0644 4324 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/29 17:06:10.0675 4324 CSC (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
2011/05/29 17:06:10.0738 4324 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/05/29 17:06:10.0816 4324 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/05/29 17:06:10.0909 4324 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/29 17:06:10.0956 4324 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/29 17:06:11.0034 4324 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/29 17:06:11.0081 4324 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/05/29 17:06:11.0128 4324 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/29 17:06:11.0190 4324 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/29 17:06:11.0268 4324 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/05/29 17:06:11.0299 4324 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/05/29 17:06:11.0331 4324 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/29 17:06:11.0362 4324 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/29 17:06:11.0377 4324 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/29 17:06:11.0409 4324 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/29 17:06:11.0424 4324 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/05/29 17:06:11.0455 4324 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/29 17:06:11.0487 4324 fvevol (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/29 17:06:11.0502 4324 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/29 17:06:11.0565 4324 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/29 17:06:11.0596 4324 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/29 17:06:11.0627 4324 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/29 17:06:11.0658 4324 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/29 17:06:11.0689 4324 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/29 17:06:11.0721 4324 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/29 17:06:11.0767 4324 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/05/29 17:06:11.0861 4324 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/05/29 17:06:11.0986 4324 HTTP (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/05/29 17:06:12.0079 4324 hwdatacard (3e31c1470aba81ba2dcb956f8504c037) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/29 17:06:12.0189 4324 hwusbdev (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/05/29 17:06:12.0235 4324 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/29 17:06:12.0282 4324 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/29 17:06:12.0345 4324 iaStor (8bd53925c5675bc9a5efe12e2a42be31) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/29 17:06:12.0360 4324 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/29 17:06:12.0407 4324 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/29 17:06:12.0485 4324 IntcAzAudAddService (82a719429fb3c09fc2f8e03a84584452) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/29 17:06:12.0532 4324 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/29 17:06:12.0563 4324 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/29 17:06:12.0594 4324 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/29 17:06:12.0657 4324 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/29 17:06:12.0672 4324 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/29 17:06:12.0703 4324 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/29 17:06:12.0719 4324 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/29 17:06:12.0766 4324 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/29 17:06:12.0797 4324 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/29 17:06:12.0828 4324 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/29 17:06:12.0875 4324 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/29 17:06:12.0906 4324 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/29 17:06:12.0984 4324 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/29 17:06:13.0015 4324 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/29 17:06:13.0062 4324 L1E (22709c5ac366fd19621a489014d158be) C:\Windows\system32\DRIVERS\L1E60x64.sys
2011/05/29 17:06:13.0109 4324 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/29 17:06:13.0140 4324 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/29 17:06:13.0171 4324 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/29 17:06:13.0218 4324 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/29 17:06:13.0249 4324 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/29 17:06:13.0281 4324 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/29 17:06:13.0312 4324 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/29 17:06:13.0359 4324 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/29 17:06:13.0405 4324 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/29 17:06:13.0421 4324 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/29 17:06:13.0468 4324 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/29 17:06:13.0483 4324 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/29 17:06:13.0530 4324 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/29 17:06:13.0561 4324 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/29 17:06:13.0577 4324 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/29 17:06:13.0593 4324 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/05/29 17:06:13.0671 4324 mrxsmb (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/29 17:06:13.0749 4324 mrxsmb10 (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/29 17:06:13.0780 4324 mrxsmb20 (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/29 17:06:13.0827 4324 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/29 17:06:13.0858 4324 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/29 17:06:13.0905 4324 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/29 17:06:13.0936 4324 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/29 17:06:13.0983 4324 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/29 17:06:14.0014 4324 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/29 17:06:14.0029 4324 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/29 17:06:14.0061 4324 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/29 17:06:14.0092 4324 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/29 17:06:14.0107 4324 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/29 17:06:14.0139 4324 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/05/29 17:06:14.0185 4324 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/29 17:06:14.0248 4324 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/05/29 17:06:14.0295 4324 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/29 17:06:14.0310 4324 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/29 17:06:14.0341 4324 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/29 17:06:14.0373 4324 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/29 17:06:14.0388 4324 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/29 17:06:14.0435 4324 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/29 17:06:14.0591 4324 NETw5v64 (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/05/29 17:06:14.0794 4324 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/29 17:06:14.0841 4324 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/05/29 17:06:14.0872 4324 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/29 17:06:14.0919 4324 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/05/29 17:06:14.0997 4324 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/29 17:06:15.0262 4324 nvlddmkm (de5899845e3cc72f4d9147370380f748) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/29 17:06:15.0324 4324 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/29 17:06:15.0355 4324 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/29 17:06:15.0387 4324 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/29 17:06:15.0465 4324 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/05/29 17:06:15.0511 4324 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/29 17:06:15.0527 4324 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/05/29 17:06:15.0605 4324 pccsmcfd (81b5e63131090879ad6ef9f32109b88d) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/05/29 17:06:15.0636 4324 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/05/29 17:06:15.0667 4324 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/29 17:06:15.0699 4324 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/29 17:06:15.0730 4324 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/29 17:06:15.0870 4324 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/29 17:06:15.0901 4324 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/29 17:06:15.0948 4324 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/29 17:06:15.0995 4324 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/29 17:06:16.0057 4324 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/29 17:06:16.0089 4324 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/29 17:06:16.0135 4324 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/29 17:06:16.0182 4324 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/29 17:06:16.0213 4324 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/29 17:06:16.0229 4324 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/29 17:06:16.0260 4324 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/29 17:06:16.0291 4324 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/29 17:06:16.0323 4324 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/05/29 17:06:16.0338 4324 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/29 17:06:16.0369 4324 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/05/29 17:06:16.0447 4324 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/29 17:06:16.0510 4324 RTSTOR (e8851db71b1a33be35dace8f26780cde) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/05/29 17:06:16.0541 4324 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/29 17:06:16.0588 4324 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/29 17:06:16.0603 4324 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/29 17:06:16.0635 4324 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/29 17:06:16.0650 4324 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/29 17:06:16.0697 4324 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/29 17:06:16.0713 4324 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/29 17:06:16.0728 4324 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/29 17:06:16.0759 4324 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/29 17:06:16.0791 4324 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/29 17:06:16.0806 4324 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/29 17:06:16.0869 4324 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/05/29 17:06:16.0915 4324 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/05/29 17:06:16.0978 4324 sptd (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
2011/05/29 17:06:16.0978 4324 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c
2011/05/29 17:06:16.0993 4324 sptd - detected LockedFile.Multi.Generic (1)
2011/05/29 17:06:17.0056 4324 srv (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/05/29 17:06:17.0134 4324 srv2 (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/29 17:06:17.0165 4324 srvnet (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/29 17:06:17.0243 4324 sscdbus (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/05/29 17:06:17.0274 4324 sscdmdfl (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/05/29 17:06:17.0305 4324 sscdmdm (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/05/29 17:06:17.0368 4324 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/29 17:06:17.0399 4324 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/29 17:06:17.0430 4324 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/29 17:06:17.0446 4324 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/29 17:06:17.0493 4324 SynTP (0f2e5efdf6730780afea6ec6bf8aacb0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/29 17:06:17.0617 4324 Tcpip (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/05/29 17:06:17.0711 4324 Tcpip6 (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/29 17:06:17.0758 4324 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/29 17:06:17.0789 4324 TcUsb (940f2eef06989aaef1458f10909d9b7d) C:\Windows\system32\Drivers\tcusb.sys
2011/05/29 17:06:17.0820 4324 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/29 17:06:17.0836 4324 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/29 17:06:17.0898 4324 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/29 17:06:17.0914 4324 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/29 17:06:17.0992 4324 TFsExDisk (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/05/29 17:06:18.0039 4324 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/29 17:06:18.0085 4324 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/29 17:06:18.0163 4324 tunnel (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/29 17:06:18.0195 4324 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/29 17:06:18.0210 4324 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/29 17:06:18.0257 4324 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/29 17:06:18.0304 4324 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/29 17:06:18.0319 4324 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/29 17:06:18.0351 4324 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/29 17:06:18.0382 4324 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/29 17:06:18.0475 4324 usbaudio (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
2011/05/29 17:06:18.0522 4324 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/29 17:06:18.0538 4324 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/29 17:06:18.0569 4324 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/29 17:06:18.0600 4324 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/29 17:06:18.0631 4324 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/29 17:06:18.0663 4324 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/05/29 17:06:18.0694 4324 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/29 17:06:18.0709 4324 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/29 17:06:18.0756 4324 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/29 17:06:18.0819 4324 usb_rndisx (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/29 17:06:18.0850 4324 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/29 17:06:18.0897 4324 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/29 17:06:18.0928 4324 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/29 17:06:18.0943 4324 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/05/29 17:06:18.0975 4324 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/05/29 17:06:19.0006 4324 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/05/29 17:06:19.0037 4324 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/29 17:06:19.0099 4324 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/29 17:06:19.0131 4324 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 17:06:19.0146 4324 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 17:06:19.0193 4324 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/29 17:06:19.0240 4324 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/29 17:06:19.0333 4324 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/05/29 17:06:19.0396 4324 winbondcir (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/05/29 17:06:19.0474 4324 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/29 17:06:19.0552 4324 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/29 17:06:19.0583 4324 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/29 17:06:19.0645 4324 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/29 17:06:19.0801 4324 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
2011/05/29 17:06:19.0833 4324 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/29 17:06:19.0848 4324 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk1\DR1
2011/05/29 17:06:19.0911 4324 ================================================================================
2011/05/29 17:06:19.0911 4324 Scan finished
2011/05/29 17:06:19.0911 4324 ================================================================================
2011/05/29 17:06:19.0926 1140 Detected object count: 1
2011/05/29 17:06:19.0926 1140 Actual detected object count: 1
2011/05/29 17:06:39.0754 1140 LockedFile.Multi.Generic(sptd) - User select action: Skip
Zitat:
|
|
29.05.2011, 16:14
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detectedZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2011, 16:20
| #13 |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Oh hilfe, das ist jetzt peinlich...ich habe gedacht, dass sieben User etwas ausführen müssten.  Danke, dass du mir da nochmal auf die Sprünge geholfen hast. |
|
29.05.2011, 16:23
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.05.2011, 16:53
| #15 |
| | Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected Ich habe das ComboFix durchgeführt und mir wurde folgender Log ausgegeben: Code:
ATTFilter Combofix Logfile: |
|
| Themen zu Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected |
| 64-bit, 7-zip, antivir, autorun, avira, bho, black, device driver, entfernen, error, excel, fehlermeldung, firefox, flash player, format, install.exe, installation, keine dateien, launch, microsoft office word, mozilla, object, oldtimer, plug-in, problem, realtek, registry, rundll, scan, searchplugins, security, shell32.dll, software, sptd.sys, start menu, studio, svchost.exe, syswow64, t-mobile, trojaner, trojaner eingefangen, udp, usb 2.0, vista |
Linear-Darstellung
