Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus "System Error. Hard disk failure detected"

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 07.05.2012, 18:11   #1
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Hallo,

ich hoffe mir kann jemand helfen? Die oben genannte Fehlermeldung steht bei mir sowie x-viele andere und ich bin gerade am Verzweifeln...
Kann dadurch was mit meinen Dateien passieren?!?

Die genannten Schritte habe ich ausgeführt...

Jetzt finde ich die Dateien nicht mehr... Bin ich echt so blöd? Ou man... Ich versuche es gleich nochmal :-(

So, anbei die beiden ersten Dateien und hier noch der Inhalt der GMER-Datei...

Hab ich das jetzt so in etwa richtig gemacht?!?


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-07 20:37:09
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 FUJITSU_ rev.0000
Running: grx5cy7z.exe; Driver: C:\Users\JAMIE-~1\AppData\Local\Temp\fwtdipob.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT            90ED0326                                                                                                 ZwCreateSection
SSDT            90ED0330                                                                                                 ZwRequestWaitReplyPort
SSDT            90ED032B                                                                                                 ZwSetContextThread
SSDT            90ED0335                                                                                                 ZwSetSecurityObject
SSDT            90ED033A                                                                                                 ZwSystemDebugControl
SSDT            90ED02C7                                                                                                 ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text           ntkrnlpa.exe!KeSetEvent + 215                                                                            83EBE998 4 Bytes  [26, 03, ED, 90]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                            83EBECBC 4 Bytes  [30, 03, ED, 90] {XOR [EBX], AL; IN EAX, DX; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                            83EBECF0 4 Bytes  [2B, 03, ED, 90] {SUB EAX, [EBX]; IN EAX, DX; NOP }
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                            83EBED54 4 Bytes  [35, 03, ED, 90]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                            83EBED9C 4 Bytes  [3A, 03, ED, 90] {CMP AL, [EBX]; IN EAX, DX; NOP }
.text           ...                                                                                                      
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                                 section is writeable [0x8E404340, 0x39C277, 0xE8000020]
?               C:\Users\JAMIE-~1\AppData\Local\Temp\mbr.sys                                                             Das System kann die angegebene Datei nicht finden. !
 
---- User code sections - GMER 1.0.15 ----
 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1164] ntdll.dll!LdrLoadDll                                  776F9378 5 Bytes  JMP 5DCDC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1164] kernel32.dll!MapViewOfFile                            77426B10 5 Bytes  JMP 5DF0E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1164] kernel32.dll!VirtualAlloc                             7742AF75 5 Bytes  JMP 5DF0E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1164] GDI32.dll!CreateDIBSection                            77657461 3 Bytes  JMP 5DF0E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[1164] GDI32.dll!CreateDIBSection + 4                        77657465 1 Byte  [E6]
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!InSendMessageEx + 4C9           771DE7C8 7 Bytes  JMP 10053940 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!CreateIconFromResourceEx + 340  771E0E45 7 Bytes  JMP 100537F0 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!DdeQueryStringW + 5CE           771FFA2D 7 Bytes  JMP 10053920 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!MessageBoxIndirectA + F5        7722D5CE 7 Bytes  JMP 10053990 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!MessageBoxIndirectW + 61        7722D634 7 Bytes  JMP 10053A60 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe[2608] USER32.dll!MessageBoxExA + 1F              7722D658 7 Bytes  JMP 10053A10 C:\Program Files\Sony\Sony PC Companion\NewUI.dll (New UI/Avanquest Software)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!SetWindowLongA                    771DE7CD 5 Bytes  JMP 5E065EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!SetWindowLongW                    771E13B4 5 Bytes  JMP 5E065E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!GetWindowInfo                     771E428E 5 Bytes  JMP 5DE54822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[4604] USER32.dll!TrackPopupMenu                    771F14F3 5 Bytes  JMP 5DE54DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy2                                                        NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy3                                                        NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy4                                                        NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volsnap \Device\HarddiskVolumeShadowCopy7                                                        NBVolUp.sys (Nero Backup Volume Upper Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                   NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                   NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                   NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                   NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                   NBVol.sys (Nero Backup Volume Filter Driver for the Disk Stack/Nero AG)
 
---- Registry - GMER 1.0.15 ----
 
Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0019c1ea12d4 (not active ControlSet)          
Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb1b0716 (not active ControlSet)          
Reg             HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001bfb8cb00a (not active ControlSet)          
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0019c1ea12d4                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb1b0716                              
Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb8cb00a                              
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\0019c1ea12d4 (not active ControlSet)          
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfb1b0716 (not active ControlSet)          
Reg             HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001bfb8cb00a (not active ControlSet)          
 
---- Files - GMER 1.0.15 ----
 
File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS06648.log                                   131072 bytes
File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS06649.log                                   131072 bytes
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---


So, habe jetzt noch das Malware-Programm durchlaufen lassen - kann man die Funde einfach löschen?!?

Anbei die Logdatei...

Ist das alles richtig so? Habe Angst, dass ich noch mehr Schaden anrichte?!?
Angehängte Dateien
Dateityp: txt DDS.txt (20,0 KB, 295x aufgerufen)
Dateityp: txt Attach.txt (9,5 KB, 181x aufgerufen)
Dateityp: txt mbam-log-2012-05-07 (21-30-33).txt (5,6 KB, 184x aufgerufen)

Alt 08.05.2012, 13:02   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 08.05.2012, 20:57   #3
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Mh... Also das mit den Malwarebytes hatte ich ja eigentlich schon gemacht?!? Oder war das so nicht richtig?

Also bei mir läuft der Scan mit "Malwarebytes" nund schon über 2 Stunden und ich falle gleich vom Stuhl vor Müdigkeit...
Oder hätte auch der Quick Scan nochmal gereicht? (Obwohl ich den ja schon gemacht habe?)

So, da mal die Datei von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.08.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Jamie-Anthony :: TEDDYBÄR [Administrator]

Schutz: Aktiviert

08.05.2012 20:55:10
mbam-log-2012-05-08 (20-55-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449605
Laufzeit: 3 Stunde(n), 10 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\Uncompressor\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Zitat:
Zitat von Jami87 Beitrag anzeigen
Mh... Also das mit den Malwarebytes hatte ich ja eigentlich schon gemacht?!? Oder war das so nicht richtig?

Also bei mir läuft der Scan mit "Malwarebytes" nund schon über 2 Stunden und ich falle gleich vom Stuhl vor Müdigkeit...
Oder hätte auch der Quick Scan nochmal gereicht? (Obwohl ich den ja schon gemacht habe?)

So, da mal die Datei von Malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.08.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Jamie-Anthony :: TEDDYBÄR [Administrator]

Schutz: Aktiviert

08.05.2012 20:55:10
mbam-log-2012-05-08 (20-55-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449605
Laufzeit: 3 Stunde(n), 10 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Uncompressor (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\Uncompressor\Uninstall\Uninstall.exe (PUP.Adware.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
So, und nun noch das vom ESET:

Code:
ATTFilter
 ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3d83703d8e9a2b42adc31e9054d2558f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-09 08:46:07
# local_time=2012-05-09 10:46:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 125694743 125694743 0 0
# compatibility_mode=1792 16777215 100 0 1128022 1128022 0 0
# compatibility_mode=5892 16776573 100 100 154443 174075447 0 0
# compatibility_mode=8192 67108863 100 0 39669 39669 0 0
# scanned=251245
# found=11
# cleaned=0
# scan_time=10448
C:\Users\Jamie-Anthony\AppData\Local\Temp\FreemakeVideoConverter_3.0.1.3.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\AppData\Local\Temp\ICReinstall\Facemoods.exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\AppData\Local\Temp\is1293846689\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Facemoods(1).exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Facemoods.exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Setup19_FreeConverter.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter(2).exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter(3).exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter(4).exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\Setup_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Jamie-Anthony\Downloads\vlc-1.1.6-win32.exe	Win32/StartPage.OIE trojan (unable to clean)	00000000000000000000000000000000	I
         
Was kann ich nun noch tun?!?
Und wie kann ich den Hintergrund auf meinen Desktop bzw. die Programmanzeige unter dem Startmenü wieder herstellen?

Vielen Dank für eure Mühe...
__________________

Alt 11.05.2012, 10:03   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Du hast aber vorher mit Malwarebytes nur einen Quickscan gemacht!
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.05.2012, 16:15   #5
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Ok, alles klar wegen dem Quickscan...

Also an sich geht alles soweit...
Allerdings ist eben der Hintergrund schwarz und die Symbole auf dem Desktop waren alle weg - mittlerweile sind sie aber wieder da (habe das mit dem - irgendein Wort mit h?!? - weiß nicht mehr wie es heißt - versucht... Weiß nicht, ob deswegen etwas wieder da ist?)

Und das Startmenü ist eben auch weg... Ja... :-( Also da steht nur noch "alle Programme" und darunter ist glaube ich alles da - kann ich nur nicht so gut einschätzen, weil ich sogut wie nie über diesen Weg Ordner geöffnet habe... Geht aber soweit alles auf...

Ansonten geht auch alles - also ich gehe dann immer über den Explorer, um die Programme zu starten, die ich sonst über das Startmenü aufrufe...

Habe gerade nochmal geschaut... "Unhide" hieß das eine, womit ich eventl. wieder paar Symbole hergestellt habe... Wenn es denn daran lag...


Alt 11.05.2012, 20:26   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Ja unhide ist das Tool für den Fall der Fälle wenn ich nicht sicher bin ob bei dir nun alles angezeigt wird oder nicht
Das hat NICHTS mit Schlosssymbolen auf den Ordnern die du nicht öffnen kannst zu tun (falls du fragst )

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
--> Virus "System Error. Hard disk failure detected"

Alt 12.05.2012, 09:11   #7
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Also ich hatte unhide doch schon installiert und auch ausgeführt?!? Ist aber nichts weiter passiert, außer dass die Symbole auf dem Desktop wieder sichtbar waren (weiß abr auch nicht, ob das wirklich davon kam)...

Wenn ich unhide öffne, kommt nur das schwarze Fenster und dann passiert nichts mehr?!?

Und: Wie bekomme ich den Virus denn jetzt weg?!? Habe Angst, dass meine Daten die ganze Zeit geklaut werden, etc.?!?

Also immerhin wurden ja 12 Funde auffindig gemacht?!?

Alt 12.05.2012, 20:21   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2012, 10:01   #9
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



So, hier die OTL in mehreren Teilen - in einem hat es leider nicht rein gepasst...

Code:
ATTFilter
OTL logfile created on: 13.05.2012 09:57:32 - Run 4
OTL by OldTimer - Version 3.2.42.3     Folder = c:\Users\Jamie-Anthony\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,57 Gb Available Physical Memory | 28,47% Memory free
4,23 Gb Paging File | 2,48 Gb Available in Paging File | 58,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176,24 Gb Total Space | 18,41 Gb Free Space | 10,44% Space Free | Partition Type: NTFS
 
Computer Name: TEDDYBÄR | User Name: Jamie-Anthony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Windows\Installer\MSI207E.tmp (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files\avira\antivir desktop\ipmGui.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Users\Jamie-Anthony\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SoftwareDistribution\Download\Install\Silverlight.exe (Microsoft Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - c:\85d803f3aac8145630d2d3933ef1\install.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Silverlight\4.1.10329.0\coregen.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
PRC - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
PRC - C:\Windows\System32\lxeacoms.exe ( )
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe (DisplayLink Corp.)
PRC - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Manager Setting\VcmMgrNotification.exe (Sony Corporation)
PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
PRC - C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC\Interop.SHDocVw\1.1.0.0__4b827ebe229d539f\Interop.SHDocVw.dll ()
MOD - C:\Windows\assembly\GAC_32\Asz.Citavi.IEPicker\1.0.0.0__f59eabe05cc67589\Asz.Citavi.IEPicker.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
MOD - C:\Program Files\Sony\Sony PC Companion\VObject.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeaDRS.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeascw.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\EPOEMDll.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\epstring.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\EPWizRes.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\lxeadatr.dll ()
MOD - C:\Windows\System32\LXEAsmr.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\iptk.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\Epwizard.DLL ()
MOD - C:\Program Files\Lexmark S300-S400 Series\customui.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\Epfunct.DLL ()
MOD - C:\Program Files\Lexmark S300-S400 Series\Eputil.DLL ()
MOD - C:\Program Files\Lexmark S300-S400 Series\Imagutil.DLL ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeacaps.dll ()
MOD - C:\Program Files\Lexmark S300-S400 Series\lxeaptp.dll ()
MOD - C:\Windows\System32\LXEAsm.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll ()
MOD - C:\Windows\System32\btwhidcs.dll ()
MOD - C:\Program Files\LitexMedia\All To WMA Converter\WMAShellExt.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (lxea_device) -- C:\Windows\System32\lxeacoms.exe ( )
SRV - (lxeaCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxeaserv.exe ()
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkService.exe (DisplayLink Corp.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (SigmaTel, Inc.)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (dsltestSp5) -- System32\Drivers\dsltestSp5.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (NBVol) -- C:\Windows\System32\drivers\NBVol.sys (Nero AG)
DRV - (NBVolUp) -- C:\Windows\System32\drivers\NBVolUp.sys (Nero AG)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)
DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)
DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)
DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)
DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)
DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)
DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)
DRV - (dlkmd) -- C:\Windows\System32\drivers\dlkmd.sys (DisplayLink Corp.)
DRV - (dlkmdldr) -- C:\Windows\System32\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\Windows\System32\drivers\s3017unic.sys (MCCI Corporation)
DRV - (s3017obex) -- C:\Windows\System32\drivers\s3017obex.sys (MCCI Corporation)
DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\Windows\System32\drivers\s3017nd5.sys (MCCI Corporation)
DRV - (s3017mdm) -- C:\Windows\System32\drivers\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mdfl) -- C:\Windows\System32\drivers\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\Windows\System32\drivers\s3017bus.sys (MCCI Corporation)
DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\Windows\System32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\Windows\System32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\Windows\System32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116  USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\Windows\System32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\Windows\System32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\Windows\System32\drivers\s116bus.sys (MCCI Corporation)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/service/redir/ie7_start.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{4813470F-6B8C-4FEA-949B-526F953262C0}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKLM\..\SearchScopes\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{C93EA644-5BF8-49CB-B277-2602FD0C0433}: "URL" = hxxp://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=100478&tt=290412_4_vs&babsrc=SP_ss&mntrId=ccc35b19000000000000544249676659
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=6zOq04dR1_74GZkqAM7_3CckmCc?q={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}: "URL" = hxxp://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=hxxp://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}: "URL" = hxxp://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{E0B4A2C7-7699-432C-B096-C9B9367FA553}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659"
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2009.7.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {6b9c3e37-fcbd-4834-a71a-fa45c106a001}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {D250ED92-1791-42C4-B441-E90BF89B9BEF}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=KW_ss&mntrId=ccc35b19000000000000544249676659&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.01.05 12:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.04 07:38:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.30 08:31:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D250ED92-1791-42C4-B441-E90BF89B9BEF}: C:\Users\Jamie-Anthony\AppData\Local\{D250ED92-1791-42C4-B441-E90BF89B9BEF} [2011.04.02 09:21:37 | 000,000,000 | -H-D | M]
 
[2008.08.31 13:51:25 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Extensions
[2012.05.07 20:49:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions
[2010.07.14 21:45:31 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.07 20:49:30 | 000,000,000 | ---D | M] (Babylon Toolbar by Visicom) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{51dd3535-abea-484a-b1cf-06ab7b092c0c}
[2012.05.07 09:56:41 | 000,000,000 | -H-D | M] (ST-de Community Toolbar) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}
[2011.05.15 20:51:35 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.29 20:17:26 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.16 06:59:53 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\engine@conduit.com
[2012.04.26 06:33:37 | 000,000,000 | -H-D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\toolbar@ask.com
[2009.05.19 11:28:48 | 000,000,884 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\conduit.xml
[2012.05.05 14:38:05 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-1.xml
[2010.07.22 20:40:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-10.xml
[2010.07.24 21:28:38 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-11.xml
[2010.09.10 08:22:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-12.xml
[2010.09.17 07:58:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-13.xml
[2010.10.23 14:32:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-14.xml
[2010.10.29 20:43:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-15.xml
[2010.12.13 19:23:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-16.xml
[2011.03.03 14:58:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-17.xml
[2011.03.08 13:13:00 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-18.xml
[2011.03.24 22:46:27 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-19.xml
[2009.08.24 10:44:09 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-2.xml
[2011.05.01 18:35:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-20.xml
[2011.05.15 11:19:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-21.xml
[2011.07.13 08:56:31 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-22.xml
[2011.07.21 20:31:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-23.xml
[2011.08.25 07:49:25 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-24.xml
[2011.09.01 18:55:37 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-25.xml
[2011.09.11 13:32:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-26.xml
[2011.10.12 16:23:44 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-27.xml
[2011.11.10 17:10:52 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-28.xml
[2011.12.10 16:43:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-29.xml
[2009.09.21 11:09:12 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-3.xml
[2011.12.10 18:58:07 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-30.xml
[2011.12.30 11:17:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-31.xml
[2012.02.15 20:47:42 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-32.xml
[2009.10.31 08:31:55 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-4.xml
[2009.12.17 22:29:16 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-5.xml
[2010.01.06 18:40:33 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-6.xml
[2010.03.13 09:21:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-7.xml
[2010.04.05 19:25:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-8.xml
[2010.04.06 19:37:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin.xml
[2010.01.22 00:07:01 | 000,003,915 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\sweetim.xml
[2012.02.15 20:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2009.06.09 20:17:31 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2009.07.22 13:09:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.01.19 17:40:30 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011.04.02 09:21:37 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JAMIE-ANTHONY\APPDATA\LOCAL\{D250ED92-1791-42C4-B441-E90BF89B9BEF}
[2012.05.04 07:38:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.15 20:39:01 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.07 20:48:22 | 000,002,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.15 20:39:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.15 20:39:01 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.07.21 20:27:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.15 20:52:37 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2012.02.15 20:39:01 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.15 20:39:01 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.15 20:39:01 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: facemoods (Enabled)
CHR - default_search_provider: search_url = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
CHR - default_search_provider: suggest_url = 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Facemoods = C:\Users\Jamie-Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.0_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark S300-S400 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxeamon.exe] C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000..\Run: [ALBATTTOOL] C:\Program Files\AkkuLine.de\AkkuLine Batterie-Tool\AL-Batterie-Tool.exe File not found
O4 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk =  File not found
O4 - Startup: C:\Users\Jamie-Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Citavi Picker... - C:\Program Files\Internet Explorer\PLUGINS\Citavi Picker\ShowContextMenu.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00000161-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaud.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E356E30-94D2-4B82-AD4A-32260CB60786}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F709309A-CB43-4219-9489-BAB633F2CC47}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Jamie-Anthony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Jamie-Anthony^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Picture Motion Browser Medien-Prüfung.lnk -  - File not found
MsConfig - StartUpReg: Acrobat Assistant 8.0 - hkey= - key= -  File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: ICQ - hkey= - key= -  File not found
MsConfig - StartUpReg: ISBMgr.exe - hkey= - key= - C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
MsConfig - StartUpReg: ISTray - hkey= - key= -  File not found
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= -  File not found
MsConfig - StartUpReg: SweetIM - hkey= - key= - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
MsConfig - StartUpReg: TrayServer - hkey= - key= - C:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe (MAGIX AG)
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
         

Alt 13.05.2012, 10:03   #10
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Code:
ATTFilter
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger -  File not found
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CACE1E62-59B0-4F7F-87D4-DD335EBBC8F5} - T-Online Toolbar 2.0
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: >{F1FD268A-521D-46F0-B304-8E2794E6ADD3} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi7 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi8 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi9 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer8 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer9 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm (Ulead Systems, Inc.)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.FFDS - ff_vfw.dll ()
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave8 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave9 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.13 10:06:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.08 20:50:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.08 20:47:29 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.07 22:36:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.05.07 21:04:29 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Malwarebytes
[2012.05.07 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.07 20:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.07 20:58:33 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.07 20:58:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.07 20:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\babylon01
[2012.05.07 20:48:31 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uncompressor
[2012.05.07 20:48:30 | 000,000,000 | ---D | C] -- C:\Program Files\Uncompressor
[2012.05.07 20:47:46 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Local\Babylon
[2012.05.07 20:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.05.07 20:47:45 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
[2012.05.04 07:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.04 07:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012.05.01 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Local\AskToolbar
[2012.04.26 06:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.26 06:33:44 | 000,000,000 | -H-D | C] -- C:\Users\Jamie-Anthony\AppData\Roaming\Avira
[2012.04.26 06:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.04.26 06:31:43 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.04.26 06:31:43 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.04.26 06:31:43 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.04.26 06:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.26 06:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.04.18 07:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2010.08.24 19:59:21 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFEE7.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.13 10:12:20 | 000,638,802 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.13 10:12:20 | 000,604,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.13 10:12:20 | 000,130,722 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.13 10:12:20 | 000,107,814 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.13 09:50:37 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.13 09:38:15 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.13 09:38:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 09:38:07 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.13 09:38:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.13 09:36:51 | 2143,784,960 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.11 19:15:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.05.11 18:13:05 | 001,148,598 | ---- | M] () -- C:\Users\Jamie-Anthony\Documents\Diversität.pdf
[2012.05.11 17:54:17 | 000,002,631 | -H-- | M] () -- C:\Users\Jamie-Anthony\Desktop\Microsoft Office Word 2007.lnk
[2012.05.10 16:17:51 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.05.09 18:28:27 | 000,000,680 | ---- | M] () -- C:\Users\Jamie-Anthony\AppData\Local\d3d9caps.dat
[2012.05.08 20:48:14 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012.05.08 12:04:15 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.05.08 12:04:15 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.05.08 05:48:08 | 303,917,277 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.05.07 20:58:35 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.07 20:48:31 | 000,000,854 | ---- | M] () -- C:\Users\Jamie-Anthony\Desktop\Uncompressor.lnk
[2012.05.07 18:53:53 | 000,000,000 | ---- | M] () -- C:\Users\Jamie-Anthony\defogger_reenable
[2012.05.07 17:41:42 | 000,001,748 | -H-- | M] () -- C:\Users\Jamie-Anthony\Desktop\Mozilla Firefox.lnk
[2012.05.07 17:40:58 | 000,252,545 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\nvModes.001
[2012.05.07 15:17:09 | 000,227,840 | ---- | M] () -- C:\Users\Jamie-Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.07 09:56:13 | 000,252,545 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\nvModes.dat
[2012.05.02 09:19:02 | 000,002,673 | -H-- | M] () -- C:\Users\Jamie-Anthony\Desktop\Microsoft Office PowerPoint 2007.lnk
[2012.04.18 16:14:16 | 000,372,013 | -H-- | M] () -- C:\Users\Jamie-Anthony\Documents\Mechthild.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[16 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.11 18:13:03 | 001,148,598 | ---- | C] () -- C:\Users\Jamie-Anthony\Documents\Diversität.pdf
[2012.05.07 20:58:35 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.07 20:48:31 | 000,000,854 | ---- | C] () -- C:\Users\Jamie-Anthony\Desktop\Uncompressor.lnk
[2012.05.07 18:53:53 | 000,000,000 | ---- | C] () -- C:\Users\Jamie-Anthony\defogger_reenable
[2012.05.07 17:41:42 | 000,001,748 | -H-- | C] () -- C:\Users\Jamie-Anthony\Desktop\Mozilla Firefox.lnk
[2012.05.07 17:26:37 | 2143,784,960 | -HS- | C] () -- C:\hiberfil.sys
[2012.04.18 16:14:16 | 000,372,013 | -H-- | C] () -- C:\Users\Jamie-Anthony\Documents\Mechthild.pdf
[2012.04.01 00:22:47 | 000,004,962 | ---- | C] () -- C:\ProgramData\etgxespc.rpo
[2012.04.01 00:22:47 | 000,004,884 | ---- | C] () -- C:\ProgramData\homrfjdr.aqx
[2011.07.16 18:42:49 | 000,227,840 | ---- | C] () -- C:\Users\Jamie-Anthony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.07 08:51:31 | 000,000,000 | -H-- | C] () -- C:\Users\Jamie-Anthony\AppData\Local\{64525025-8827-4190-A310-38F60339D8C0}
[2011.06.30 12:07:36 | 000,000,680 | ---- | C] () -- C:\Users\Jamie-Anthony\AppData\Local\d3d9caps.dat
[2011.01.02 18:32:05 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxeavs.dll
[2011.01.02 18:32:03 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lxeacoin.dll
[2011.01.02 18:31:51 | 000,086,016 | ---- | C] () -- C:\Windows\System32\lxeagcfg.dll
[2011.01.02 18:31:49 | 000,110,592 | ---- | C] () -- C:\Windows\System32\lxeacuir.dll
[2011.01.02 18:31:48 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxeacui.dll
[2011.01.02 18:28:24 | 000,000,044 | -H-- | C] () -- C:\Windows\System32\lxearwrd.ini
[2011.01.02 18:28:06 | 000,331,776 | ---- | C] () -- C:\Windows\System32\LXEAinst.dll
[2011.01.02 18:28:05 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\lxeausb1.dll
[2011.01.02 18:28:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxeainpa.dll
[2011.01.02 18:28:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\LXEAhcp.dll
[2011.01.02 18:28:05 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lxeaiesc.dll
[2011.01.02 18:28:04 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\lxeaserv.dll
[2011.01.02 18:28:02 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxeapmui.dll
[2011.01.02 18:28:01 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxealmpm.dll
[2011.01.02 18:28:01 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lxeainsb.dll
[2011.01.02 18:28:01 | 000,057,344 | ---- | C] () -- C:\Windows\System32\lxeajswr.dll
[2011.01.02 18:28:00 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\lxeahbn3.dll
[2011.01.02 18:28:00 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\lxeaih.exe
[2011.01.02 18:28:00 | 000,323,584 | ---- | C] () -- C:\Windows\System32\lxeains.dll
[2011.01.02 18:28:00 | 000,114,688 | ---- | C] () -- C:\Windows\System32\lxeainsr.dll
[2011.01.02 18:27:59 | 000,253,952 | ---- | C] () -- C:\Windows\System32\lxeacu.dll
[2011.01.02 18:27:59 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxeagrd.dll
[2011.01.02 18:27:59 | 000,090,112 | ---- | C] () -- C:\Windows\System32\lxeacub.dll
[2011.01.02 18:27:59 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxeacur.dll
[2011.01.02 18:27:58 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\lxeacomc.dll
[2011.01.02 18:27:58 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\lxeacoms.exe
[2011.01.02 18:27:58 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\lxeacfg.exe
[2011.01.02 18:27:58 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\lxeacomm.dll
[2011.01.02 18:27:08 | 000,299,008 | ---- | C] () -- C:\Windows\System32\LXEAsm.dll
[2011.01.02 18:27:08 | 000,024,064 | ---- | C] () -- C:\Windows\System32\LXEAsmr.dll
[2010.06.15 20:16:17 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
 
========== LOP Check ==========
 
[2011.12.16 14:28:50 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Academic Software Zurich
[2010.06.15 20:30:55 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\AnvSoft
[2012.05.07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
[2008.06.08 13:39:20 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Cuttermaran
[2009.10.02 14:34:05 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DeepBurner
[2012.01.03 21:45:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoft
[2011.05.15 20:51:33 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.02.11 19:15:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\EPSON
[2010.06.15 20:16:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeAudioPack
[2010.06.15 20:18:01 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeCDRipper
[2008.08.22 21:47:26 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant
[2010.08.07 09:27:58 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\ICQ
[2008.04.20 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\InterVideo
[2011.02.05 13:31:18 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.06.17 20:13:21 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\LaunchPad
[2010.01.02 11:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Leadertech
[2008.06.09 13:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\MAGIX
[2012.04.01 00:23:10 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Need4Video
[2010.11.20 08:14:29 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\OpenOffice.org
[2008.02.16 16:08:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Opera
[2009.10.02 08:49:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Pegasys Inc
[2011.10.12 19:02:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\RavensburgerTipToi
[2009.06.04 20:31:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Sony
[2008.02.26 22:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\T-Online
[2008.02.08 20:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\temp
[2008.02.16 14:10:07 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Template
[2011.05.25 16:22:44 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Ulead Systems
[2010.06.15 20:34:39 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Uniblue
[2012.05.11 19:15:25 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.12.16 14:28:50 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Academic Software Zurich
[2010.09.10 11:50:55 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Adobe
[2010.06.15 20:30:55 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\AnvSoft
[2012.04.26 06:33:44 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Avira
[2012.05.07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
[2008.06.08 13:39:20 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Cuttermaran
[2009.10.02 14:34:05 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DeepBurner
[2008.02.10 12:58:36 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DivX
[2012.04.01 15:30:07 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\dvdcss
[2012.01.03 21:45:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoft
[2011.05.15 20:51:33 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.02.11 19:15:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\EPSON
[2010.06.15 20:16:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeAudioPack
[2010.06.15 20:18:01 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\FreeCDRipper
[2008.02.24 19:10:57 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Google
[2008.08.22 21:47:26 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant
[2010.08.07 09:27:58 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\ICQ
[2007.07.20 15:00:04 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Identities
[2007.08.10 13:53:23 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\InstallShield
[2008.04.20 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\InterVideo
[2011.02.05 13:31:18 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\it.clementoni.SapPrimeParoleDE.290A939A40FB4C06653AD1460C6BEBD4C065087B.1
[2011.06.17 20:13:21 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\LaunchPad
[2010.01.02 11:34:12 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Leadertech
[2007.07.20 17:31:39 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Macromedia
[2008.06.09 13:05:14 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\MAGIX
[2012.05.07 21:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Media Center Programs
[2011.12.18 13:43:49 | 000,000,000 | --SD | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Microsoft
[2008.08.31 13:51:25 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla
[2012.04.01 00:23:10 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Need4Video
[2010.11.20 08:14:29 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\OpenOffice.org
[2008.02.16 16:08:51 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Opera
[2009.10.02 08:49:27 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Pegasys Inc
[2011.10.12 19:02:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\RavensburgerTipToi
[2008.05.02 20:06:46 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Roxio
[2011.01.14 22:12:13 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Skype
[2011.01.14 21:12:16 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\skypePM
[2009.06.04 20:31:17 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Sony
[2009.06.04 22:25:42 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Sony Corporation
[2008.02.25 18:20:57 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Symantec
[2008.02.26 22:35:30 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\T-Online
[2008.02.08 20:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\temp
[2008.02.16 14:10:07 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Template
[2011.05.25 16:22:44 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Ulead Systems
[2010.06.15 20:34:39 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Uniblue
[2011.02.01 15:52:43 | 000,000,000 | -H-D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2007.01.01 23:22:02 | 003,739,648 | -H-- | M] (Google) -- C:\Users\Jamie-Anthony\AppData\Roaming\Google\Google Talk\googletalk.exe
[2008.02.24 19:11:03 | 000,079,367 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Google\Google Talk\uninstall.exe
[2009.05.08 21:22:05 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\1675E721-3B46-44BF-95D0-E728D662D998\AutoRunCE.exe
[2009.05.08 21:22:07 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\1675E721-3B46-44BF-95D0-E728D662D998\1\module.exe
[2009.05.08 21:22:14 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\445946F7-51D3-4347-B681-370657140002\AutoRunCE.exe
[2009.05.08 21:22:16 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\445946F7-51D3-4347-B681-370657140002\1\module.exe
[2009.05.08 21:20:47 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4B15BDE1-3A77-4063-A296-34D462338FFF\AutoRunCE.exe
[2009.05.08 21:21:00 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4B15BDE1-3A77-4063-A296-34D462338FFF\1\module.exe
[2009.05.08 21:21:40 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4C2FEFBA-6383-45FB-89AF-273D92FB3F85\AutoRunCE.exe
[2009.05.08 21:21:44 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\4C2FEFBA-6383-45FB-89AF-273D92FB3F85\1\module.exe
[2009.05.08 21:21:55 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\519E8FE4-0FCE-45E6-B2B4-F0FC2CD562D1\AutoRunCE.exe
[2009.05.08 21:21:58 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\519E8FE4-0FCE-45E6-B2B4-F0FC2CD562D1\1\module.exe
[2009.05.08 21:22:02 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\5B951398-8563-4AED-8F69-D781081B9940\AutoRunCE.exe
[2009.05.08 21:22:04 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\5B951398-8563-4AED-8F69-D781081B9940\1\module.exe
[2009.05.08 21:21:28 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\76ABC327-6702-4E21-ADDB-E278E468F2F7\AutoRunCE.exe
[2009.05.08 21:21:31 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\76ABC327-6702-4E21-ADDB-E278E468F2F7\1\module.exe
[2009.05.08 21:21:52 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\8D191AF8-79EC-4372-91C8-F80C60F786D1\AutoRunCE.exe
[2009.05.08 21:21:54 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\8D191AF8-79EC-4372-91C8-F80C60F786D1\1\module.exe
[2009.05.08 21:21:49 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\90C63287-5C0E-4139-A12C-AF150E4EEB44\AutoRunCE.exe
[2009.05.08 21:21:51 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\90C63287-5C0E-4139-A12C-AF150E4EEB44\1\module.exe
[2009.05.08 21:21:18 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9937E393-19B4-4535-9452-2B85F9FA5FFD\AutoRunCE.exe
[2009.05.08 21:21:21 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9937E393-19B4-4535-9452-2B85F9FA5FFD\1\module.exe
[2009.05.08 21:21:46 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9BDDFA4D-A91A-45FE-A1A0-D6066BD01551\AutoRunCE.exe
[2009.05.08 21:21:47 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9BDDFA4D-A91A-45FE-A1A0-D6066BD01551\1\module.exe
[2009.05.08 21:22:11 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9F4E9777-D0FC-4699-967F-3411D3CB55A9\AutoRunCE.exe
[2009.05.08 21:22:13 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\9F4E9777-D0FC-4699-967F-3411D3CB55A9\1\module.exe
[2009.05.08 21:21:59 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\B12043A4-1398-446D-9220-C30E57DBB399\AutoRunCE.exe
[2009.05.08 21:22:00 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\B12043A4-1398-446D-9220-C30E57DBB399\1\module.exe
[2009.05.08 21:21:02 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\BCCCC94C-3ED6-41F6-81B6-D7F7AD769FDC\AutoRunCE.exe
[2009.05.08 21:21:04 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\BCCCC94C-3ED6-41F6-81B6-D7F7AD769FDC\1\module.exe
[2009.05.08 21:21:23 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E47752B6-4AC2-4AC8-841B-68B8DF784CEE\AutoRunCE.exe
[2009.05.08 21:21:26 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E47752B6-4AC2-4AC8-841B-68B8DF784CEE\1\module.exe
[2009.05.08 21:46:10 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E7C17A34-BFA3-4B43-A04D-A4DD9D1B6B68\AutoRunCE.exe
[2009.05.08 21:46:14 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\E7C17A34-BFA3-4B43-A04D-A4DD9D1B6B68\1\module.exe
[2009.05.08 21:22:08 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\ED55893A-BC84-42B7-A01A-935AA6FC6D85\AutoRunCE.exe
[2009.05.08 21:22:10 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\ED55893A-BC84-42B7-A01A-935AA6FC6D85\1\module.exe
[2009.05.08 21:21:33 | 000,028,672 | -H-- | M] (Elektrobit Automotive GmbH) -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\F284F578-98F8-4C98-BFD0-1A4A49CC1097\AutoRunCE.exe
[2009.05.08 21:21:37 | 000,057,856 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\GoPal Assistant\Library\F284F578-98F8-4C98-BFD0-1A4A49CC1097\1\module.exe
[2012.02.11 13:24:34 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Users\Jamie-Anthony\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.02.21 04:10:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.02.21 04:10:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.02.21 04:10:16 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\Drivers\SATA Driver (Intel) (Non-RAID) 7.0A - 7.0.0.1020\iastor.sys
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.03.01 02:03:07 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.07.20 15:18:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.07.20 15:18:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 518 bytes -> C:\Users\Jamie-Anthony\Documents\mailhpt.eml:OECustomProperty
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
         

Alt 13.05.2012, 15:51   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de/service/redir/ie7_start.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{4813470F-6B8C-4FEA-949B-526F953262C0}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKLM\..\SearchScopes\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKLM\..\SearchScopes\{C93EA644-5BF8-49CB-B277-2602FD0C0433}: "URL" = http://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=http://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=100478&tt=290412_4_vs&babsrc=SP_ss&mntrId=ccc35b19000000000000544249676659
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}: "URL" = http://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=interactivemesuche-21&index=blended&linkCode=ur2&camp=1638&creative=6742
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7SNYK_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=6zOq04dR1_74GZkqAM7_3CckmCc?q={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=wiki-tab&tpc=internet&ptl=std&classification=wiki-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}: "URL" = http://adfarm.mediaplex.com/ad/ck/707-1403-18840-0?mpro=http://search.ebay.de/search/search.dll?shortcut=4&query={searchTerms}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}: "URL" = http://suche.t-online.de/fast-cgi/tsc?mandant=toi&device=html&portallanguage=de&userlanguage=de&dia=suche&context=internet-tab&tpc=internet&ptl=std&classification=internet-tab_internet_std&q={searchTerms}&br=ie7-toi
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{E0B4A2C7-7699-432C-B096-C9B9367FA553}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-de Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=KW_ss&mntrId=ccc35b19000000000000544249676659&q="
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2010.07.14 21:45:31 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.05.07 20:49:30 | 000,000,000 | ---D | M] (Babylon Toolbar by Visicom) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{51dd3535-abea-484a-b1cf-06ab7b092c0c}
[2012.05.07 09:56:41 | 000,000,000 | -H-D | M] (ST-de Community Toolbar) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}
[2011.05.15 20:51:35 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.16 06:59:53 | 000,000,000 | -H-D | M] (Conduit Engine) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\engine@conduit.com
[2012.04.26 06:33:37 | 000,000,000 | -H-D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\toolbar@ask.com
[2009.05.19 11:28:48 | 000,000,884 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\conduit.xml
[2012.05.05 14:38:05 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-1.xml
[2010.07.22 20:40:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-10.xml
[2010.07.24 21:28:38 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-11.xml
[2010.09.10 08:22:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-12.xml
[2010.09.17 07:58:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-13.xml
[2010.10.23 14:32:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-14.xml
[2010.10.29 20:43:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-15.xml
[2010.12.13 19:23:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-16.xml
[2011.03.03 14:58:47 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-17.xml
[2011.03.08 13:13:00 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-18.xml
[2011.03.24 22:46:27 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-19.xml
[2009.08.24 10:44:09 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-2.xml
[2011.05.01 18:35:49 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-20.xml
[2011.05.15 11:19:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-21.xml
[2011.07.13 08:56:31 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-22.xml
[2011.07.21 20:31:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-23.xml
[2011.08.25 07:49:25 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-24.xml
[2011.09.01 18:55:37 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-25.xml
[2011.09.11 13:32:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-26.xml
[2011.10.12 16:23:44 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-27.xml
[2011.11.10 17:10:52 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-28.xml
[2011.12.10 16:43:43 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-29.xml
[2009.09.21 11:09:12 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-3.xml
[2011.12.10 18:58:07 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-30.xml
[2011.12.30 11:17:18 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-31.xml
[2012.02.15 20:47:42 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-32.xml
[2009.10.31 08:31:55 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-4.xml
[2009.12.17 22:29:16 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-5.xml
[2010.01.06 18:40:33 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-6.xml
[2010.03.13 09:21:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-7.xml
[2010.04.05 19:25:15 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-8.xml
[2010.04.06 19:37:21 | 000,000,950 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-9.xml
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin.xml
[2010.01.22 00:07:01 | 000,003,915 | -H-- | M] () -- C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\sweetim.xml
[2009.06.09 20:17:31 | 000,000,000 | ---D | M] (Dealio Toolbar Plugin) -- C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
[2009.07.22 13:09:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.05.07 20:48:22 | 000,002,354 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.02.15 20:39:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.07.21 20:27:10 | 000,002,047 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.05.15 20:52:37 | 000,002,051 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar by Visicom) - {51dd3535-abea-484a-b1cf-06ab7b092c0c} - C:\Program Files\babylon01\babylon01X.dll ()
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3850073437-3280287025-709413035-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell - "" = AutoRun
O33 - MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\Shell\AutoRun\command - "" = G:\DPFMate.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
[2012.05.07 20:49:10 | 000,000,000 | ---D | C] -- C:\Program Files\babylon01
[2012.05.01 19:26:51 | 000,000,000 | ---D | C] -- C:\Users\Jamie-Anthony\AppData\Local\AskToolbar
[2012.04.26 06:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2012.04.01 00:22:47 | 000,004,962 | ---- | C] () -- C:\ProgramData\etgxespc.rpo
[2012.04.01 00:22:47 | 000,004,884 | ---- | C] () -- C:\ProgramData\homrfjdr.aqx
[2012.05.07 20:47:45 | 000,000,000 | ---D | M] -- C:\Users\Jamie-Anthony\AppData\Roaming\Babylon
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.05.2012, 19:42   #12
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Also ich habe es jetzt 2 Mal ausprobiert, und einmal kamen zwei Fehlermeldungen, dass ein Fehler aufgetreten ist und der PC ist abgestürzt und beim zweiten Mal ist es wieder hängen geblieben, sodass ich den PC neu starten musste...
Mache ich was falsch? Muss ich irgendwas anderes anklicken?

Alt 14.05.2012, 09:01   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Wiederhol den Fix im abgesicherten Modus bitte
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.05.2012, 09:12   #14
Jami87
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Hi,

also der Fix hat jetzt im etwa 5. Versuch - warum auch immer - funktioniert, aber nun sind alle meine Dateien weg?!? Oder kann sie zumindest nicht mehr finden?!? Auch Fotos, Bilder, Videos, etc. :-( Und vor allem das Powerpointprogramm... Das benötige ich aber unbedingt - habe dafür viel Geld bezahlt... Kann ich das irgendwie wiederholen? Und warum ist das jetzt alles weg? Sollte das alles gelöscht werden?

Ansonsten ist die Ansicht auf dem Desktop unverändert...

Die Log-Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1EDB291C-67AC-4F9C-AB66-6087DFC21209}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4813470F-6B8C-4FEA-949B-526F953262C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4813470F-6B8C-4FEA-949B-526F953262C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C74610DB-2CCB-49CF-BB8D-650C6B4CD09F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C93EA644-5BF8-49CB-B277-2602FD0C0433}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C93EA644-5BF8-49CB-B277-2602FD0C0433}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3850073437-3280287025-709413035-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{497F9A79-F8AC-4AD2-A6DE-F256F1C069B4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6BCD3B4B-C7F8-4DDA-A150-729CD60BFDEB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71AE5633-4538-41C7-A7D0-BD06E47EE8CA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{86F5405D-4F8B-4B91-B415-6ECA80FB025B}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ADA26A4F-2C52-489F-B91A-06A7BAB3F2C9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E0B4A2C7-7699-432C-B096-C9B9367FA553}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0B4A2C7-7699-432C-B096-C9B9367FA553}\ not found.
Registry key HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Softonic-de Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=" removed from browser.search.defaulturl
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "Search the web (Babylon)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=HP_ss&mntrId=ccc35b19000000000000544249676659" removed from browser.startup.homepage
Prefs.js: "hxxp://search.babylon.com/?affID=100478&tt=290412_4_vs&babsrc=KW_ss&mntrId=ccc35b19000000000000544249676659&q=" removed from keyword.URL
Prefs.js: "localhost,127.0.0.1" removed from network.proxy.no_proxies_on
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from sweetim.toolbar.previous.keyword.URL
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{6b9c3e37-fcbd-4834-a71a-fa45c106a001}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\engine@conduit.com\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\mozilla\Firefox\Profiles\mdoh89q4.default\extensions\toolbar@ask.com\ not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\conduit.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-10.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-11.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-12.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-13.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-14.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-15.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-16.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-17.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-18.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-19.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-2.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-20.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-21.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-22.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-23.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-24.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-25.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-26.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-27.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-28.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-29.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-3.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-30.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-31.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-32.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-4.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-5.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-6.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-7.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-8.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin-9.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\icqplugin.xml not found.
File C:\Users\Jamie-Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\mdoh89q4.default\searchplugins\sweetim.xml not found.
Folder C:\Program Files\mozilla firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Folder C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Program Files\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\bing.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml not found.
File C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
File C:\Program Files\babylon01\babylon01X.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\ not found.
File C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{51dd3535-abea-484a-b1cf-06ab7b092c0c} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51dd3535-abea-484a-b1cf-06ab7b092c0c}\ not found.
File C:\Program Files\babylon01\babylon01X.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-3850073437-3280287025-709413035-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2d7a3e4-616f-11df-b59d-001a80249e6f}\ not found.
File G:\DPFMate.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Autorun\Autorun.exe not found.
Folder C:\Program Files\babylon01\ not found.
Folder C:\Users\Jamie-Anthony\AppData\Local\AskToolbar\ not found.
Folder C:\Program Files\Ask.com\ not found.
File C:\ProgramData\etgxespc.rpo not found.
File C:\ProgramData\homrfjdr.aqx not found.
Folder C:\Users\Jamie-Anthony\AppData\Roaming\Babylon\ not found.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:A8ADE5D8 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Jamie-Anthony
->Temp folder emptied: 667851 bytes
->Temporary Internet Files folder emptied: 303851098 bytes
->Java cache emptied: 6726529 bytes
->FireFox cache emptied: 52940311 bytes
->Google Chrome cache emptied: 14586026 bytes
->Flash cache emptied: 177499 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 5607 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 481153646 bytes
RecycleBin emptied: 1190912 bytes
 
Total Files Cleaned = 821,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: Jamie-Anthony
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.3 log created on 05142012_093406

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\logishrd\LVPrcInj07.dll not found!

Registry entries deleted on Reboot...
         
LG...

Alt 14.05.2012, 09:38   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Virus "System Error. Hard disk failure detected" - Standard

Virus "System Error. Hard disk failure detected"



Warum da alles angeblich weg sein soll kann ich nicht nachvollziehen!
Probier erstmal einen Neustart von Windows!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Virus "System Error. Hard disk failure detected"
andere, blöd, dateien, detected, failure, fehlermeldung, getwindowinfo, hard disk, hoffe, löschen?, ntdll.dll, passieren, schritte, system, versuche, verzweifel, virus



Ähnliche Themen: Virus "System Error. Hard disk failure detected"


  1. Windows 7 - PC stürzt ab und startet unzuverlässig: Meldung "Non-System disk or disk error..."; Trojaner/Viren oder mechanisches Problem?
    Log-Analyse und Auswertung - 16.11.2014 (21)
  2. System Error. Hard disk failure detected - November 2012
    Log-Analyse und Auswertung - 06.11.2012 (8)
  3. Your Computer is in critical state.Hard disk error detected[Schwarzer Desktop]
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (14)
  4. System Message - Write Fault Error / system error hard disk failure detected
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (9)
  5. System error, Hard disc failure detected is´s highly recommended to run complete...
    Log-Analyse und Auswertung - 29.06.2012 (1)
  6. system error hard disk failure detected
    Plagegeister aller Art und deren Bekämpfung - 20.06.2012 (1)
  7. System Error. Hard disk failure detected
    Log-Analyse und Auswertung - 07.06.2012 (5)
  8. "system error. hard disk failure detected" sämtliche daten gelöscht
    Log-Analyse und Auswertung - 25.05.2012 (29)
  9. SYSTEM ERROR. Hard disk failure detected
    Plagegeister aller Art und deren Bekämpfung - 17.05.2012 (1)
  10. system error hard disk failure detected
    Plagegeister aller Art und deren Bekämpfung - 11.05.2012 (1)
  11. "Hard Disk Fail" -Virus /Datensicherung
    Plagegeister aller Art und deren Bekämpfung - 09.04.2012 (1)
  12. Virus: Windows detected a hard disk problem - WinXP
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (5)
  13. Anfänger! "Windows detected a hard disk problem"
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (9)
  14. "Windows detected a hard disk problem" A potential disc failure... Hilfe :( :( :(
    Log-Analyse und Auswertung - 19.11.2011 (1)
  15. Windows detected a hard disk problem // critical error \\System32\\00005d03
    Log-Analyse und Auswertung - 05.11.2011 (38)
  16. "Windows detected a hard disk problem" - Fake
    Plagegeister aller Art und deren Bekämpfung - 27.10.2011 (3)
  17. SMART Failure Predicted on Hard Disk?
    Alles rund um Windows - 27.11.2009 (15)

Zum Thema Virus "System Error. Hard disk failure detected" - Hallo, ich hoffe mir kann jemand helfen? Die oben genannte Fehlermeldung steht bei mir sowie x-viele andere und ich bin gerade am Verzweifeln... Kann dadurch was mit meinen Dateien passieren?!? - Virus "System Error. Hard disk failure detected"...
Archiv
Du betrachtest: Virus "System Error. Hard disk failure detected" auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.