Akutbefallen | 12.11.2013 21:26 | Hi Sandra,
wenn ich ins Ausführen-Fenster den von Dir vorgeschlagenen Code eingebe, passiert gar nichts. Wenn ich cmd eingebe und darin dann c: /f /r, wird mir mitgeteilt, daß ich nicht die angegebenen Rechte habe, um diese Aktion durchzuführen. Gebe ich cmd ein und drücke dann Strg+Shift+Enter, genau das gleiche. Wenn ich bei den Eigenschaften der Festplatte auf "Tools" und auf "Datenträgerüberprüfung" klicke, öffnet sich ein Fenster mit zwei Optionen. Wähle ich beide, werde ich gefragt, ob ich beim nächsten Neustart ausführen will. Klicke ich auf "Überprüfung planen", schließt sich das Fenster. Beim Neustart aber passiert gar nichts. :-/
Hier nun die Codes: Code:
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 11/10/2013 02:56:51 PM
Windows Version: Windows Vista
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 176406 files processed.
Processing the D:\ drive
Finished processing the D:\ drive. 587 files processed.
The C:\Users\Claudia\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Program finished at: 11/10/2013 03:10:20 PM
Execution time: 0 hours(s), 13 minute(s), and 29 seconds(s)
Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html
Program started at: 11/12/2013 10:44:25 AM
Windows Version: Windows Vista
Please be patient while your files are made visible again.
Processing the C:\ drive
Finished processing the C:\ drive. 176206 files processed.
The C:\Users\Claudia\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: hxxp://www.bleepingcomputer.com/forums/topic405109.html
Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
No registry changes detected.
Program finished at: 11/12/2013 10:53:21 AM
Execution time: 0 hours(s), 8 minute(s), and 56 seconds(s) Die Dateien sind endlich wieder da :-)
Weiter:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-11-2013
Ran by Claudia (administrator) on CLAUDIA-PC on 12-11-2013 17:20:33
Running from C:\Users\Claudia\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
Microsoft® Windows Vista™ Home Premium (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Avira GmbH) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
() C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
(Lenovo Group Limited) C:\Windows\system32\IPSSVC.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Avira GmbH) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Lenovo.) C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
(Lenovo) C:\Program Files\Lenovo\PM Driver\PMSveH.exe
() C:\Windows\system32\PSIService.exe
(Absolute Software Corp.) C:\Windows\system32\rpcnet.exe
( ) c:\Program Files\Lenovo\System Update\SUService.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
() C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
() C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
(Lenovo Group Limited) c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
() C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Lenovo Group Limited) C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
(Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
(Avira GmbH) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Lenovo) C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Program Files\phonostar-Player\phonostarTimer.exe
(TECOM) C:\Program Files\DT\Sinus 1054 data\Wifiusb.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-06-21] (Microsoft Corporation)
HKLM\...\Run: [TPFNF7] - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe [56368 2006-12-21] ()
HKLM\...\Run: [PMHandler] - C:\Program Files\Lenovo\PM Driver\PMHandler.exe [34352 2007-06-05] (Lenovo)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [815104 2006-10-23] (Synaptics, Inc.)
HKLM\...\Run: [TPWAUDAP] - C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe [54824 2006-09-06] ()
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4018176 2006-11-20] (Realtek Semiconductor)
HKLM\...\Run: [NvSvc] - RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [TVT Scheduler Proxy] - C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [536576 2006-12-13] (Lenovo Group Limited)
HKLM\...\Run: [AwaySch] - C:\Program Files\Lenovo\AwayTask\AwaySch.EXE [91688 2006-11-07] (Lenovo Group Limited)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [144784 2007-12-14] (Sun Microsystems, Inc.)
HKLM\...\Run: [Corel Photo Downloader] - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe [478800 2006-12-14] (Corel, Inc.)
HKLM\...\Run: [AMSG] - C:\Program Files\ThinkVantage\AMSG\Amsg.exe [493104 2006-12-21] (LENOVO)
HKLM\...\Run: [LPManager] - C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE [120368 2007-01-31] (Lenovo Group Limited)
HKLM\...\Run: [DiskeeperSystray] - C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [217176 2006-11-15] (Diskeeper Corporation)
HKLM\...\Run: [ACTray] - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [419376 2007-03-09] (Lenovo)
HKLM\...\Run: [ACWLIcon] - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [120368 2007-03-09] (Lenovo)
HKLM\...\Run: [LenovoOobeOffers] - C:\SWTOOLS\LenovoWelcome\LenovoOobeOffers.exe [28672 2006-12-29] (Lenovo)
HKLM\...\Run: [avgnt] - C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [266497 2008-07-21] (Avira GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [286720 2007-06-29] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [LVCOMS] - C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe [127022 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [QCDriverInstaller] - C:\Program Files\Common Files\Logitech\QCDriver3\Lqdsw.exe [638976 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [LogitechGalleryRepair] - C:\Program Files\Logitech\ImageStudio\ISStart.exe [155648 2002-12-10] (Logitech Inc.)
HKLM\...\Run: [LogitechImageStudioTray] - C:\Program Files\Logitech\ImageStudio\LogiTray.exe [61440 2002-12-10] (Logitech Inc.)
HKCU\...\Run: [MsnMsgr] - C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehtray.exe [125440 2006-11-02] (Microsoft Corporation)
HKCU\...\Run: [WebCamRT.exe] - [x]
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
HKCU\...\Run: [ICQ] - C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKCU\...\Run: [phonostarTimer] - C:\Program Files\phonostar-Player\phonostarTimer.exe [39936 2011-01-27] ()
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
ShortcutTarget: OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
BootExecute: autocheck autochk /r \??\C:autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo.live.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/welcome/3000notebook
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/3000notebook
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {8869E61B-7359-4943-8B95-1E72AAFA2F31} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKLM - {8869E61B-7359-4943-8B95-1E72AAFA2F31} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - DefaultScope {8869E61B-7359-4943-8B95-1E72AAFA2F31} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
SearchScopes: HKCU - {8869E61B-7359-4943-8B95-1E72AAFA2F31} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&entrypoint={referrer:source?}&FORM=LENIE
BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9DD0F265-4AF1-45FA-A1D9-4F594D64C99A}: [NameServer]192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ipxbe913.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin HKCU: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Personas - C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ipxbe913.default\Extensions\personas@christopher.beard
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ipxbe913.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: DVDVideoSoft Menu - C:\Users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\ipxbe913.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
========================== Services (Whitelisted) =================
R2 AntiVirScheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [68865 2008-10-29] (Avira GmbH)
R2 AntiVirService; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [151297 2008-10-29] (Avira GmbH)
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)
R2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [54832 2006-11-10] (Lenovo.)
R2 IPSSVC; C:\Windows\system32\IPSSVC.EXE [108080 2006-11-20] (Lenovo Group Limited)
R2 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [57344 2006-05-24] (Lenovo)
R2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] ()
R2 rpcnet; C:\Windows\system32\rpcnet.exe [58288 2011-02-17] (Absolute Software Corp.)
S3 sdAuxService; C:\Program Files\Spyware Doctor\pctsAuxs.exe [747912 2008-02-01] (PC Tools)
S3 sdCoreService; C:\Program Files\Spyware Doctor\pctsSvc.exe [948616 2008-02-01] (PC Tools)
R2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [11776 2006-12-15] ( )
R2 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [55928 2006-10-13] ()
R2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2006-12-13] ()
R2 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [1118208 2006-12-13] (Lenovo Group Limited)
S2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [x]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2008-09-25] (Protect Software GmbH)
R3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [138632 2006-11-01] (AuthenTec, Inc.)
S3 AVerE506; C:\Windows\System32\DRIVERS\AVerE506.sys [480512 2005-06-14] (AVerMedia)
R1 avgio; C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [11608 2009-06-02] (Avira GmbH)
R3 avgntflt; C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [52056 2009-06-02] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [75096 2009-06-02] (Avira GmbH)
S3 IKFileSec; C:\Windows\system32\drivers\ikfilesec.sys [42376 2008-02-01] (PCTools Research Pty Ltd.)
S3 IKSysFlt; C:\Windows\System32\drivers\iksysflt.sys [66952 2007-12-10] (PCTools Research Pty Ltd.)
S3 IKSysSec; C:\Windows\System32\drivers\iksyssec.sys [81288 2007-12-10] (PCTools Research Pty Ltd.)
R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-31] (Logitech Inc.)
S3 ms6823; C:\Windows\System32\DRIVERS\ms6823.sys [55168 2004-06-10] (ZyDAS Technology Corporation)
S3 PID_0920; C:\Windows\System32\DRIVERS\LV532AV.SYS [163328 2005-01-31] ()
S3 PRISM_A02; C:\Windows\System32\DRIVERS\PRISMA02.sys [357792 2005-10-19] (Conexant Systems, Inc.)
R2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [21248 2008-04-19] (AVIRA GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-10 15:27 - 2013-11-10 15:27 - 00000000 ____D C:\FRST
2013-11-10 14:56 - 2013-11-12 10:53 - 00004522 _____ C:\Users\Claudia\Desktop\unhide.txt
==================== One Month Modified Files and Folders =======
2013-11-12 17:21 - 2007-06-20 19:29 - 02843896 _____ C:\Users\Public\Documents\AccConnAdvanced.html
2013-11-12 17:17 - 2008-05-17 19:38 - 00000000 ____D C:\Users\Claudia\AppData\Roaming\OpenOffice.org2
2013-11-12 17:17 - 2007-06-20 18:39 - 01274265 _____ C:\Windows\WindowsUpdate.log
2013-11-12 17:15 - 2010-09-02 00:53 - 00000000 ____D C:\Users\Claudia\Tracing
2013-11-12 17:14 - 2007-07-31 21:38 - 00153341 _____ C:\Users\Claudia\AppData\Roaming\nvModes.001
2013-11-12 17:12 - 2009-05-18 21:34 - 00058288 _____ (Absolute Software Corp.) C:\Windows\system32\rpcnet.dll
2013-11-12 17:12 - 2009-05-18 21:28 - 00017408 _____ C:\Windows\system32\rpcnetp.exe
2013-11-12 17:12 - 2006-12-15 12:32 - 00000002 _____ C:\Windows\system32\IPSCtrl.INI
2013-11-12 17:11 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 17:11 - 2006-11-02 13:47 - 00003456 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 17:11 - 2006-11-02 13:47 - 00003456 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 11:47 - 2006-11-02 11:33 - 01461736 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-12 11:43 - 2006-11-02 13:52 - 00041355 _____ C:\Windows\setupact.log
2013-11-12 11:15 - 2007-06-20 18:59 - 00000000 ____D C:\SWSHARE
2013-11-12 11:01 - 2007-06-20 18:45 - 00002484 _____ C:\Windows\bthservsdp.dat
2013-11-12 11:01 - 2006-11-02 14:01 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-12 10:53 - 2013-11-10 14:56 - 00004522 _____ C:\Users\Claudia\Desktop\unhide.txt
2013-11-12 09:12 - 2007-08-01 20:08 - 00000422 _____ C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job
2013-11-11 20:03 - 2007-08-01 17:42 - 00000000 ____D C:\ProgramData\AntiVir PersonalEdition Classic
2013-11-11 20:03 - 2007-08-01 17:42 - 00000000 ____D C:\Program Files\AntiVir PersonalEdition Classic
2013-11-10 16:59 - 2011-03-19 14:13 - 10485756 _____ C:\Users\Public\Documents\Archive_AccConnAdvanced.html
2013-11-10 15:27 - 2013-11-10 15:27 - 00000000 ____D C:\FRST
Files to move or delete:
====================
C:\ProgramData\ezsid.dat
Some content of TEMP:
====================
C:\Users\Claudia\AppData\Local\Temp\718631~1.exe
C:\Users\Claudia\AppData\Local\Temp\bfbon3l7.exe
C:\Users\Claudia\AppData\Local\Temp\delself.exe
C:\Users\Claudia\AppData\Local\Temp\DivXInstaller.exe
C:\Users\Claudia\AppData\Local\Temp\FFSetupSoftonic260.exe
C:\Users\Claudia\AppData\Local\Temp\ICQInstall.exe
C:\Users\Claudia\AppData\Local\Temp\ICQRT.dll
C:\Users\Claudia\AppData\Local\Temp\ICQTIK.dll
C:\Users\Claudia\AppData\Local\Temp\Install_WLMessenger.exe
C:\Users\Claudia\AppData\Local\Temp\mp3el.exe
C:\Users\Claudia\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Claudia\AppData\Local\Temp\Zattoo-Update.exe
C:\Users\Claudia\AppData\Local\Temp\_is13CE.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-12 17:18
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
Und Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-11-2013
Ran by Claudia at 2013-11-12 17:23:19
Running from C:\Users\Claudia\Downloads\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
Could not list Security Center items. Check WMI.
==================== Installed Programs ======================
ABC Amber Audio Converter
Access Help (Version: 2.00)
Adobe Flash Player 10 ActiveX (Version: 10.0.12.36)
Adobe Flash Player 10 Plugin (Version: 10.0.22.87)
Adobe Reader 8.1.1 - Deutsch (Version: 8.1.1)
Agere Systems HDA Modem
Anzeige am Bildschirm (Version: 5.00)
Apple Software Update (Version: 2.0.0.21)
AuthenTec Fingerprint Sensor Minimum Install (Version: 7.7.0.24)
AVerMedia HybridTV Driver (Version: 1.00.0000)
AVerTV Hybrid + FM Cardbus (Version: 6.00.0000)
Avira AntiVir Personal - Free Antivirus
BufferChm (Version: 90.0.146.000)
Corel Business Center (Version: 13.0)
Corel Snapfire Plus (Version: 1.10.0000)
Destination Component (Version: 090.000.091.086)
DeviceManagementQFolder (Version: 1.00.0000)
Diskeeper Home (Version: 9.0.545)
DivX Web Player (Version: 1.3.1)
DocProc (Version: 9.0.0.0)
DocProcQFolder (Version: 1.00.0000)
EPSON-Drucker-Software
Ergänzung zu Lenovo Care (Version: 2.00)
eSupportQFolder (Version: 1.00.0000)
FormatFactory 2.60 (Version: 2.60)
Free M4a to MP3 Converter 6.2
Free Studio version 5.0.6
GIMP 2.6.8
Guitar Pro 5.2
Help Center (Version: 2.00b)
HP Imaging Device Functions 9.0 (Version: 9.0)
HP OCR Software 9.0 (Version: 9.0)
HP Photosmart Essential (Version: 1.12.0.46)
HP Scanjet 2400 and 3600 series 9.0 (Version: 9.0)
HP Solution Center 9.0 (Version: 9.0)
HP Update (Version: 4.000.006.002)
hpg2436 (Version: 8.0.0.0)
hpg2436QFolder (Version: 1.00.0000)
HPProductAssistant (Version: 90.0.146.000)
ICQ7.2 (Version: 7.2)
Java(TM) 6 Update 4 (Version: 1.6.0.40)
Java(TM) SE Runtime Environment 6 (Version: 1.6.0.0)
KeepV Flash Converter
KRISTAL Audio Engine
Lenovo Care (Version: 2.01)
Lenovo PM Driver (Version: 0.62.1.12)
Lenovo System Interface Driver (Version: 1.00)
Logitech ImageStudio (Version: 7.30.0000)
Maintenance Manager (Version: 3.0.2.0)
Mediscript-CD GK1
Message Center (Version: 2.00b)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft SQL Server Native Client (Version: 9.00.2047.00)
Microsoft SQL Server VSS Writer (Version: 9.00.2047.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Mozilla Firefox (3.6.16) (Version: 3.6.16 (de))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Drivers (Version: 95.30)
OpenOffice.org 2.4 (Version: 2.4.9286)
Opera 10.10 (Version: 10.10)
PanoStandAlone (Version: 90.0.146.000)
PC-Doctor 5 für Windows (Version: 5.00.4330.05)
phonostar-Player Version 3.02.0
PhotoFiltre
PM Driver (Version: 0.62.1.12)
Power Ux Customization (Version: 1.00.0000)
Präsentationsdirektor (Version: 3.00b)
QuickTime (Version: 7.2.0.240)
Realtek High Definition Audio Driver (Version: 6.0.1.5331)
Registry patch for Windows Vista USB S3 PM Enablement (Version: 1.00)
Rescue and Recovery (Version: 4.00.0113.00)
Scan (Version: 9.0.0.0)
ScannerCopy (Version: 9.0.0.0)
ScummVM 0.11.1
Sibelius Scorch (ActiveX Only) (Version: 6.2.0)
Sinus 1054 data (Version: 04.12.07.2004)
Skype™ 3.6 (Version: 3.6.248)
SolutionCenter (Version: 90.0.146.000)
Spyware Doctor 5.5 (Version: 5.5)
Switch Sound File Converter
Synaptics Pointing Device Driver (Version: 9.0.3.0)
System Update (Version: 3.00.0022)
ThinkVantage Access Connections (Version: 4.31a)
ThinkVantage Technologies Welcome Message (Version: 1.21)
Uninstall 1.0.0.1
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) (Version: 9.00.2047.00)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
VideoLAN VLC media player 0.8.6c (Version: 0.8.6c)
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0)
Wallpapers
WebReg (Version: 90.0.146.000)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
WinRAR Archivierer
WordPerfect Office X3
WordPerfect Office X3 (Version: 13.2)
Xvid 1.1.3 final uninstall (Version: 1.1)
Zattoo 3.3.4 Beta (Version: 3.3.4 Beta)
==================== Restore Points =========================
04-04-2011 05:39:27 Windows Update
05-04-2011 21:15:19 Windows Update
08-04-2011 12:51:47 Windows Update
16-04-2011 10:13:12 Windows Update
16-04-2011 10:22:54 Windows Update
17-04-2011 01:01:11 Windows Update
19-04-2011 11:30:14 Windows Update
21-04-2011 09:37:45 Geplanter Prüfpunkt
10-11-2013 15:32:51 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {9EB44560-63F6-4CA3-8294-048D3F7D340B} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {C229490C-05BF-4A7E-B6C6-14E5C49D4365} - System32\Tasks\NCH Swift Sound\switchShakeIcon => C:\Program Files\NCH Swift Sound\Switch\switch.exe [2010-06-20] (NCH Software)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D9B30BB4-63C0-47D4-A444-A174F9308500}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2007-08-01 18:52 - 2005-10-19 10:56 - 00125952 _____ () C:\Program Files\WinRAR\rarext.dll
2007-06-20 18:51 - 2006-12-21 19:00 - 00054832 _____ () C:\Program Files\Lenovo\NPDIRECT\Oemdspif.dll
2007-06-20 18:51 - 2006-12-21 19:00 - 00235056 _____ () C:\Program Files\Lenovo\NPDIRECT\tpfnf7.dll
2006-11-30 06:00 - 2006-09-06 08:38 - 00063016 _____ () C:\Program Files\Lenovo\HOTKEY\TpWAud32.dll
2006-12-13 21:58 - 2006-12-13 21:58 - 00139264 _____ () C:\Program Files\Common Files\Lenovo\CDRecord.dll
2007-06-20 19:09 - 2007-01-31 18:01 - 00063024 _____ () C:\Program Files\Lenovo\LenovoCare\GR\LPRESMGR.DLL
2011-02-28 12:25 - 2010-10-01 13:06 - 02278912 _____ () C:\Program Files\phonostar-Player\QtCore4.dll
2011-02-28 12:25 - 2010-09-10 12:20 - 08151040 _____ () C:\Program Files\phonostar-Player\QtGui4.dll
2011-02-28 12:25 - 2010-09-10 12:06 - 00190464 _____ () C:\Program Files\phonostar-Player\QtSql4.dll
2011-02-28 12:25 - 2010-09-10 15:07 - 00416256 _____ () C:\Program Files\phonostar-Player\plugins\sqldrivers\qsqlite4.dll
2003-04-09 11:23 - 2003-04-09 11:23 - 00028672 _____ () C:\Program Files\DT\Sinus 1054 data\WmiIndic.dll
2005-07-15 11:23 - 2005-07-15 11:23 - 00028672 _____ () C:\Program Files\DT\Sinus 1054 data\MHDLL.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rpcnet => ""="Service"
==================== Faulty Device Manager Devices =============
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2013 05:13:38 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Lqdsw.exe, Version 7.3.0.1113, Zeitstempel 0x3df6a424, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,
Prozess-ID 0xbc4, Anwendungsstartzeit Lqdsw.exe0.
Error: (11/12/2013 11:47:04 AM) (Source: WerSvc) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.
Error: (11/12/2013 11:05:00 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Lqdsw.exe, Version 7.3.0.1113, Zeitstempel 0x3df6a424, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,
Prozess-ID 0x994, Anwendungsstartzeit Lqdsw.exe0.
Error: (11/12/2013 10:51:16 AM) (Source: WerSvc) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.
Error: (11/12/2013 09:54:08 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Lqdsw.exe, Version 7.3.0.1113, Zeitstempel 0x3df6a424, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,
Prozess-ID 0x76c, Anwendungsstartzeit Lqdsw.exe0.
Error: (11/12/2013 09:20:06 AM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Lqdsw.exe, Version 7.3.0.1113, Zeitstempel 0x3df6a424, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,
Prozess-ID 0x904, Anwendungsstartzeit Lqdsw.exe0.
Error: (11/12/2013 09:10:29 AM) (Source: WerSvc) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.
Error: (11/11/2013 08:03:19 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Lqdsw.exe, Version 7.3.0.1113, Zeitstempel 0x3df6a424, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,
Prozess-ID 0xd3c, Anwendungsstartzeit Lqdsw.exe0.
Error: (11/10/2013 03:18:38 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung Lqdsw.exe, Version 7.3.0.1113, Zeitstempel 0x3df6a424, fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode 0xc0000005, Fehleroffset 0x00042e7b,
Prozess-ID 0xfd4, Anwendungsstartzeit Lqdsw.exe0.
Error: (11/10/2013 03:17:02 PM) (Source: WerSvc) (User: )
Description: Die Zieldatei für die Windows-Feedbackplattform (eine DLL-Datei, die eine Liste der auf diesem Computer aufgetretenen Probleme enthält, für deren Diagnose das Sammeln zusätzlicher Daten erforderlich ist) konnte nicht analysiert werden. Fehlercode 8014FFF9.
System errors:
=============
Error: (11/12/2013 05:13:01 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (11/12/2013 05:11:30 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 12.11.2013 um 11:49:22 unerwartet heruntergefahren.
Error: (11/12/2013 11:04:06 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (11/12/2013 10:53:00 AM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "SW_Preload" aus.
Error: (11/12/2013 09:53:23 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (11/12/2013 09:19:09 AM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058
Error: (11/11/2013 08:23:46 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "C:" aus.
Error: (11/11/2013 08:23:46 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "SW_Preload" aus.
Error: (11/11/2013 08:23:46 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "C:" aus.
Error: (11/11/2013 08:23:46 PM) (Source: Ntfs) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie chkdsk auf Volume "SW_Preload" aus.
Microsoft Office Sessions:
=========================
Error: (11/12/2013 05:13:38 PM) (Source: Application Error)(User: )
Description: Lqdsw.exe7.3.0.11133df6a424ntdll.dll6.0.6000.163864549bdc9c000000500042e7bbc401cedfc218f4e229
Error: (11/12/2013 11:47:04 AM) (Source: WerSvc)(User: )
Description: 8014FFF9
Error: (11/12/2013 11:05:00 AM) (Source: Application Error)(User: )
Description: Lqdsw.exe7.3.0.11133df6a424ntdll.dll6.0.6000.163864549bdc9c000000500042e7b99401cedf8ea0f8a2d1
Error: (11/12/2013 10:51:16 AM) (Source: WerSvc)(User: )
Description: 8014FFF9
Error: (11/12/2013 09:54:08 AM) (Source: Application Error)(User: )
Description: Lqdsw.exe7.3.0.11133df6a424ntdll.dll6.0.6000.163864549bdc9c000000500042e7b76c01cedf84b9bbe9cb
Error: (11/12/2013 09:20:06 AM) (Source: Application Error)(User: )
Description: Lqdsw.exe7.3.0.11133df6a424ntdll.dll6.0.6000.163864549bdc9c000000500042e7b90401cedf7ff18cae6e
Error: (11/12/2013 09:10:29 AM) (Source: WerSvc)(User: )
Description: 8014FFF9
Error: (11/11/2013 08:03:19 PM) (Source: Application Error)(User: )
Description: Lqdsw.exe7.3.0.11133df6a424ntdll.dll6.0.6000.163864549bdc9c000000500042e7bd3c01cedf10a194c8f7
Error: (11/10/2013 03:18:38 PM) (Source: Application Error)(User: )
Description: Lqdsw.exe7.3.0.11133df6a424ntdll.dll6.0.6000.163864549bdc9c000000500042e7bfd401cede1fa5dbba84
Error: (11/10/2013 03:17:02 PM) (Source: WerSvc)(User: )
Description: 8014FFF9
CodeIntegrity Errors:
===================================
Date: 2009-12-23 09:34:48.841
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\klg.dat" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-23 09:34:48.774
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\smumhook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-23 09:26:53.856
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\klg.dat" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-23 09:26:53.791
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\smumhook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-23 09:25:24.991
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\klg.dat" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-23 09:25:24.891
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\smumhook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-15 22:54:28.378
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\klg.dat" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-15 22:54:28.274
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\smumhook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-12 15:18:35.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\klg.dat" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2009-12-12 15:18:35.676
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Spyware Doctor\smumhook.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 1021.88 MB
Available physical RAM: 383.46 MB
Total Pagefile: 2291.86 MB
Available Pagefile: 1391.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1927.93 MB
==================== Drives ================================
Drive c: (SW_Preload) (Fixed) (Total:106.95 GB) (Free:40.28 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 112 GB) (Disk ID: B5EEED7C)
Partition 1: (Not Active) - (Size=5 GB) - (Type=27)
Partition 2: (Active) - (Size=107 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Kleiner Nachtrag:
Habe ein wenig recherchiert. Ich habe einen Lenovo-PC. Das Problem scheint typisch dafür zu sein. Es gibt auch eine Lösung dafür: hxxp://forum.thinkpads.com/viewtopic.php?p=396106&sid=91108fe7171c47aa0ec32929b81d5fd5
Allerdings existiert dieser Registry-Eintrag bei mir nicht...
Noch ein Nachtrag, bzw eine Frage: ich würde meine Dateien jetzt gern auf eine externe Festplatte ziehen. Kann ich das ohne weitere Infektionsgefahr tun? |