|
Log-Analyse und Auswertung: System Error. Hard disk failure detectedWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
02.06.2012, 09:04 | #1 |
| System Error. Hard disk failure detected Guten Morgen, ich habe bei einen PC folgende Meldung "System Error. Hard disk failure detected", die laut google ein Trojaner ist, ich bräuchte bitte Hilfestellung wie ich diesen restlos vom System entferne. Ich habe zwar schon andere Beiträge gelesen, aber keine direkte Anleitung gefunden wie ich das Problem lösen kann. Ich bedanke mich schonmal für die Mühe |
03.06.2012, 07:52 | #2 | ||
/// Helfer-Team | System Error. Hard disk failure detected Hallo und Herzlich Willkommen!
__________________Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]: Zitat:
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen: Für Vista und Win7: Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen! 1. Lade Dir Malwarebytes Anti-Malware Lade Dir Malwarebytes Anti-Malware → von hier herunter
2. Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
3. Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Zitat:
kira
__________________ |
03.06.2012, 10:38 | #3 |
| System Error. Hard disk failure detected Hallo Kira,
__________________vielen Dank für deine Hilfe. Ich lass gerade die Tests durchlaufen, denke das ich bis 13 Uhr alles posten kann. Danke So ich versuche jetzt mal wie du beschrieben hast die Logs zu posten. Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.28.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User1 :: USER2[Administrator] Schutz: Deaktiviert 03.06.2012 11:05:02 mbam-log-2012-06-03 (11-05-02).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 394036 Laufzeit: 55 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\kUNgYkyVoQoSXQ.exe (Trojan.Fasagent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter OTL logfile created on: 03.06.2012 12:04:43 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1006,42 Mb Total Physical Memory | 287,23 Mb Available Physical Memory | 28,54% Memory free 1,62 Gb Paging File | 1,04 Gb Available in Paging File | 64,03% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,84 Gb Total Space | 21,74 Gb Free Space | 30,27% Space Free | Partition Type: NTFS Drive D: | 72,33 Gb Total Space | 3,04 Gb Free Space | 4,20% Space Free | Partition Type: NTFS Drive F: | 14,97 Gb Total Space | 13,51 Gb Free Space | 90,25% Space Free | Partition Type: NTFS Drive G: | 7,47 Gb Total Space | 7,40 Gb Free Space | 98,97% Space Free | Partition Type: FAT32 Computer Name: user| User Name: user1| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Trend Micro\OfficeScan Client\CNTAoSMgr.exe (Trend Micro Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Trend Micro\OfficeScan Client\PccNTMon.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) PRC - C:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) PRC - C:\Programme\Intel\AMT\LMS.exe (Intel) PRC - C:\Acer\Empowering Technology\eLock\LockServ.exe () PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\WINDOWS\system32\SysMonitor.exe ( ) PRC - c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) PRC - C:\Programme\SHV\Woerterbuch_der_Deutschen_Winzersprache2\Microsoft SQL Server\Mssql$WDW0107\Binn\MSSQL$WDW0107\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Trend Micro\OfficeScan Client\sqlite3.dll () MOD - C:\WINDOWS\system32\ssp1ml3.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_715a06f1\mscorlib.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_376dc7fd\system.drawing.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bd4d3d64\system.windows.forms.dll () MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_5b512f22\system.dll () MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll () MOD - c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll () MOD - c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll () MOD - c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll () MOD - c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll () MOD - C:\WINDOWS\system32\cl61cl3.dll () MOD - c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll () MOD - C:\Acer\Empowering Technology\eRecovery\it41.dll () MOD - C:\Acer\Empowering Technology\eLock\LockServ.exe () MOD - C:\Acer\Empowering Technology\eRecovery\imagefile.dll () MOD - C:\WINDOWS\system32\ngprtserv.dll () MOD - C:\Corel\Graphics8\Programs\CMFFld80.dll () MOD - C:\Corel\Versions\vers232.dll () MOD - C:\Corel\Versions\implode.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- F:\Malwarebytes' Anti-Malware\mbamservice.exe File not found SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (tmlisten) -- C:\Programme\Trend Micro\OfficeScan Client\TmListen.exe (Trend Micro Inc.) SRV - (ntrtscan) -- C:\Programme\Trend Micro\OfficeScan Client\NTRtScan.exe (Trend Micro Inc.) SRV - (TMBMServer) -- C:\Programme\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (TmProxy) -- C:\Programme\Trend Micro\OfficeScan Client\TmProxy.exe (Trend Micro Inc.) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (TlntSvr) -- C:\WINDOWS\system32\tlntsvr.exe (Microsoft Corporation) SRV - (NetDDEdsdm) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (NetDDE) -- C:\WINDOWS\system32\netdde.exe (Microsoft Corporation) SRV - (Fax) -- C:\WINDOWS\system32\fxssvc.exe (Microsoft Corporation) SRV - (ClipSrv) -- C:\WINDOWS\system32\clipsrv.exe (Microsoft Corporation) SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll (Microsoft Corporation) SRV - (RemoteAccess) -- C:\WINDOWS\system32\mprdim.dll (Microsoft Corporation) SRV - (Alerter) -- C:\WINDOWS\system32\alrsvc.dll (Microsoft Corporation) SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (LiveUpdate Notice Service) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.) SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.exe (Intel) SRV - (LockServ) -- C:\Acer\Empowering Technology\eLock\LockServ.exe () SRV - (LightScribeService) -- c:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (UPHClean) -- C:\Programme\UPHClean\uphclean.exe (Microsoft Corporation) SRV - (Acer ODDSpeedControl) -- C:\Acer\Empowering Technology\eAcoustics\ODDSpeedCtl\speedcontrol.exe (TODO: <公司名稱>) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MSSQL$WDW0107) -- C:\Programme\SHV\Woerterbuch_der_Deutschen_Winzersprache2\Microsoft SQL Server\Mssql$WDW0107\Binn\MSSQL$WDW0107\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLAgent$WDW0107) -- C:\Programme\SHV\Woerterbuch_der_Deutschen_Winzersprache2\Microsoft SQL Server\Mssql$WDW0107\Binn\MSSQL$WDW0107\Binn\sqlagent.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (SSPORT) -- C:\WINDOWS\system32\Drivers\SSPORT.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (osaio) -- C:\WINDOWS\system32\drivers\osaio.sys File not found DRV - (netlimiter) -- C:\WINDOWS\system32\drivers\netlimiter.sys File not found DRV - (lbrtfdc) -- File not found DRV - (kqsq) -- System32\drivers\xlpcr.sys File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (rxeqvay) -- C:\WINDOWS\system32\drivers\snpud.sys () DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (TmFilter) -- C:\Programme\Trend Micro\OfficeScan Client\tmxpflt.sys (Trend Micro Inc.) DRV - (TmPreFilter) -- C:\Programme\Trend Micro\OfficeScan Client\tmpreflt.sys (Trend Micro Inc.) DRV - (VSApiNt) -- C:\Programme\Trend Micro\OfficeScan Client\vsapint.sys (Trend Micro Inc.) DRV - (MHIKEY10) -- C:\WINDOWS\system32\drivers\MHIKEY10.sys (Generic USB smartcard reader) DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (Pcmcia) -- C:\WINDOWS\System32\drivers\pcmcia.sys (Microsoft Corporation) DRV - (dmboot) -- C:\WINDOWS\system32\drivers\dmboot.sys (Microsoft Corp., Veritas Software) DRV - (Udfs) -- C:\WINDOWS\System32\drivers\udfs.sys (Microsoft Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (SLEE_16_DRIVER) -- C:\WINDOWS\system32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt ) DRV - (dwvkbd) -- C:\WINDOWS\system32\drivers\dwvkbd.sys (DameWare) DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys () DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan) DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation) DRV - (eLock2BurnerLockDriver) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys (Windows (R) 2000 DDK provider) DRV - (eLock2FSCTLDriver) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys (Windows (R) 2000 DDK provider) DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (ZD1211U(ZyDAS)) ZyDAS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (cbidf2k) -- C:\WINDOWS\System32\drivers\cbidf2k.sys (Microsoft Corporation) DRV - (ACPIEC) -- C:\WINDOWS\System32\drivers\acpiec.sys (Microsoft Corporation) DRV - (ParVdm) -- C:\WINDOWS\System32\drivers\parvdm.sys (Microsoft Corporation) DRV - (PortRW) -- C:\WINDOWS\system32\drivers\PortRW.sys (acer) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE453 IE - HKCU\..\SearchScopes\{815EDF8F-FDA1-497D-9AC0-CAB25B04A442}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.104.55.155:80 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2008.12.19 09:18:25 | 000,000,937 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe ( ) O4 - HKLM..\Run: [Advanced System Protector] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [ntiMUI] c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe () O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Programme\Gemeinsame Dateien\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AAF39E91-E10C-43F5-B481-1F5B636934B2}: NameServer = 10.104.55.155 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\IfxWlxEN: DllName - (IfxWlxEN.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.06 04:34:00 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.02 16:23:15 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.06.02 16:14:10 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012.06.02 11:41:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2012.06.02 11:41:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.02 11:38:08 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\user-admin\Desktop\malwarebytes_antimalware_1.61(1).exe [2012.06.02 11:29:31 | 000,000,000 | ---D | C] -- C:\Programme\stinger [2012.06.01 17:28:33 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user-admin\Recent [2012.06.01 13:20:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user-admin\Anwendungsdaten\Sun [2012.06.01 13:17:34 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user-admin\Anwendungsdaten\TeamViewer [2012.06.01 13:15:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user-admin\PrivacIE [2012.06.01 13:15:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user-admin\Lokale Einstellungen\Anwendungsdaten\Google [2012.06.01 13:15:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user-admin\Anwendungsdaten\Google [2012.06.01 13:15:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user-admin\Anwendungsdaten\Apple Computer [2012.06.01 13:15:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\user-admin\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2012.06.01 13:15:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user-admin\IETldCache [2012.05.16 15:54:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Media Markt Fotoservice [2012.05.16 15:53:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Media Markt Fotoservice [2012.05.16 15:53:27 | 000,000,000 | -H-D | C] -- C:\Programme\Media Markt Fotoservice [29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.03 12:01:30 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\snpud.sys [2012.06.03 11:51:12 | 000,001,094 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.03 11:04:38 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2012.06.03 11:04:36 | 000,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.03 10:51:16 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.03 10:51:16 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.03 10:50:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.02 16:14:10 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys [2012.06.02 15:09:39 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2012.06.02 11:33:34 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\user-admin\Desktop\malwarebytes_antimalware_1.61(1).exe [2012.06.01 12:22:43 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1Er [2012.06.01 12:22:43 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1E [2012.06.01 12:22:36 | 000,000,256 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E [2012.06.01 12:10:33 | 000,249,856 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E.exe [2012.06.01 09:30:50 | 000,009,820 | -H-- | M] () -- C:\WINDOWS\cfgall.ini [2012.05.29 15:31:13 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.05.18 07:22:59 | 001,184,792 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.05.16 15:54:45 | 000,000,756 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Media Markt Fotoservice.lnk [29 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.03 12:01:30 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpud.sys [2012.06.02 11:41:11 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.01 12:10:52 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1Er [2012.06.01 12:10:52 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1E [2012.06.01 12:10:45 | 000,000,256 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E [2012.06.01 12:10:33 | 000,249,856 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E.exe [2012.05.16 15:54:45 | 000,000,756 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Media Markt Fotoservice.lnk [2012.05.04 08:32:59 | 000,017,136 | -H-- | C] () -- C:\WINDOWS\System32\sasnative32.exe [2011.09.15 15:25:14 | 000,593,072 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.05.21 12:17:32 | 000,946,053 | -H-- | C] () -- C:\WINDOWS\Diercke Globus Online Uninstaller.exe [2011.04.27 17:06:15 | 000,332,200 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.04.01 09:27:42 | 000,000,114 | -H-- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI [2011.04.01 09:27:42 | 000,000,050 | -H-- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT [2011.04.01 09:27:40 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL [2010.11.22 13:44:16 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\azeugnis.INI < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.06.2012 12:04:43 - Run 1 OTL by OldTimer - Version 3.2.45.0 Folder = G:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1006,42 Mb Total Physical Memory | 287,23 Mb Available Physical Memory | 28,54% Memory free 1,62 Gb Paging File | 1,04 Gb Available in Paging File | 64,03% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 71,84 Gb Total Space | 21,74 Gb Free Space | 30,27% Space Free | Partition Type: NTFS Drive D: | 72,33 Gb Total Space | 3,04 Gb Free Space | 4,20% Space Free | Partition Type: NTFS Drive F: | 14,97 Gb Total Space | 13,51 Gb Free Space | 90,25% Space Free | Partition Type: NTFS Drive G: | 7,47 Gb Total Space | 7,40 Gb Free Space | 98,97% Space Free | Partition Type: FAT32 Computer Name: user1| User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Dokumente und Einstellungen\user\Desktop\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Dokumente und Einstellungen\user\Desktop\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "9999:UDP" = 9999:UDP:*:Enabled:LANScope UDP Port "2804:TCP" = 2804:TCP:*:Enabled:LANScope TCP Port "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service "26775:TCP" = 26775:TCP:*:Enabled:Trend Micro OfficeScan Listener "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "I:\iTunes.exe" = I:\iTunes.exe:*:Enabled:iTunes "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle "{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2FAAECD0-1929-11DA-6784-006853A418BE}" = Arbeitszeugnis, Version 2.95 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{38C65D12-79E3-49C0-B211-DE3BE0A7AB39}" = commercial "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{76568412-0ED4-4C1E-A37E-59C887A94233}" = WDW 2 "{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{80A4C163-89D5-4F59-8B12-95792F68EC08}" = Steganos Safe 2008 "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007 "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A9212616-FCA2-4173-BD99-5C741EB3A068}" = Ulead DVD PictureShow 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A97792EC-E172-4B38-85DD-0F853599D5EF}" = OSCE_MSI_NT_CLIENT "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5 "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C7EC4EE3-ED7D-4DCD-86DC-29ACF0B122E9}" = Acer eAcoustics Management "{C9BB218C-2D4B-4FF4-97E2-2C7E3D1B2679}" = Acer eProtection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1 "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation) "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (WDW0107) "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2240 "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service "00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Citrix-ICA-Client" = Citrix-ICA-Client "Corel Uninstaller" = Corel Uninstaller "DeInst_d2aexcrd1.0 (Build 1.0.4.147)" = Austrian MAP (Version 1.0 (Build 1.0.4.147)) "Diercke Globus Online" = Diercke Globus Online "Digitale Bibliothek 4" = Digitale Bibliothek 4 "HDMI" = Intel(R) Graphics Media Accelerator Driver "HECI" = Intel(R) Management Engine Interface "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{0CB98AC0-D691-4B21-AD3D-95982517021D}" = Acer WLAN 11g USB Dongle "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker "InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3084 "KNOCHEN" = Knochen, Scherben, Grabbeigaben "Kyocera Product Library" = Kyocera Product Library "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Media Markt Fotoservice_is1" = Media Markt Fotoservice 4.2 "MESOL" = Intel(R) Active Management Technology LMS Service and SOL Driver "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NETGEAR Print Server Software" = NETGEAR Print Server Software "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OcaHistoryUpd" = OCA Client history tool install "ODBC" = ODBC "OfficeScanNT" = Trend Micro OfficeScan Client "Photobook" = i-port.de Fotobuch "PROPLUS" = Microsoft Office Professional Plus 2007 "PROSet" = Intel(R) PRO Network Connections Drivers "Samsung CLP-610 Series" = Samsung CLP-610 Series "Samsung ML-2240 Series" = Samsung ML-2240 Series "TeamViewer 5" = TeamViewer 5 "VLC media player" = VLC media player 1.1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.06.2012 04:52:25 | Computer Name = pc| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\ MALWAREBYTES ANTI-MALWARE .LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:25 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\ MALWAREBYTES ANTI-MALWARE .LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:25 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\MALWAREBYTES Anti-Malware HELP.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:25 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\MALWAREBYTES Anti-Malware HELP.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:25 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\TOOLS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:25 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\TOOLS> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:26 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\TOOLS\MALWAREBYTES Anti-Malware CHAMELEON.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:26 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\TOOLS\MALWAREBYTES Anti-Malware CHAMELEON.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:26 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\MALWAREBYTES Anti-Malware ENTFERNEN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 03.06.2012 04:52:26 | Computer Name = user| Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MALWAREBYTES' ANTI-MALWARE\MALWAREBYTES Anti-Malware ENTFERNEN.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) [ OSession Events ] Error - 23.11.2010 10:38:39 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 156 seconds with 120 seconds of active time. This session ended with a crash. Error - 17.01.2011 08:39:43 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 555 seconds with 240 seconds of active time. This session ended with a crash. Error - 28.04.2011 12:12:44 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 37205 seconds with 1980 seconds of active time. This session ended with a crash. Error - 01.07.2011 02:30:55 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 92 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.07.2011 02:37:07 | Computer Name = users | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 70 seconds with 60 seconds of active time. This session ended with a crash. Error - 19.10.2011 03:12:31 | Computer Name = lra| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1567 seconds with 120 seconds of active time. This session ended with a crash. Error - 24.10.2011 04:49:03 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2725 seconds with 180 seconds of active time. This session ended with a crash. Error - 06.12.2011 05:01:29 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 4455 seconds with 660 seconds of active time. This session ended with a crash. Error - 19.01.2012 05:24:22 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3791 seconds with 840 seconds of active time. This session ended with a crash. Error - 16.02.2012 11:08:48 | Computer Name = user| Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8523 seconds with 1260 seconds of active time. This session ended with a crash. [ System Events ] Error - 03.06.2012 04:50:59 | Computer Name = user| Source = Service Control Manager | ID = 7000 Description = Der Dienst "osaio" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.06.2012 04:50:59 | Computer Name = user| Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.06.2012 04:50:59 | Computer Name = user| Source = Service Control Manager | ID = 7023 Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler beendet: %%5 Error - 03.06.2012 04:51:06 | Computer Name = user| Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 03.06.2012 05:38:35 | Computer Name = user| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.06.2012 05:38:39 | Computer Name = user| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.06.2012 05:38:42 | Computer Name = user| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.06.2012 05:38:45 | Computer Name = user| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.06.2012 05:38:48 | Computer Name = user| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. Error - 03.06.2012 05:38:50 | Computer Name = user| Source = Disk | ID = 262151 Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D. < End of report > Code:
ATTFilter Acer eAcoustics Management acer 26.07.2007 2.00.2005 Acer eDataSecurity Management 2.0.3084 Acer 26.07.2007 2.0.3084 Acer eLock Management acer 26.07.2007 2.00.2031 Acer Empowering Technology Acer 26.07.2007 2.03.2027 Acer ePerformance Management Acer 26.07.2007 2.00.2011 Acer eProtection 1.0.5 Acer eSettings Management Acer 26.07.2007 2.03.2027 Acer WLAN 11g USB Dongle ACER Inc. 26.07.2007 1.0.8 Adobe Acrobat 5.0 Adobe Systems, Inc. 21.08.2008 5.0 Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 06.09.2006 10.0.42.34 Adobe Reader X (10.1.2) - Deutsch Adobe Systems Incorporated 29.02.2012 122,3MB 10.1.2 Advanced System Protector Systweak Inc 04.05.2012 2.1.1.74 Apple Application Support Apple Inc. 10.01.2012 62,9MB 2.1.6 Apple Mobile Device Support Apple Inc. 10.01.2012 24,1MB 4.0.0.97 Apple Software Update Apple Inc. 29.07.2011 2,38MB 2.1.3.127 Arbeitszeugnis, Version 2.95 ZIEL GmbH, Tutzing 2.95 Austrian MAP (Version 1.0 (Build 1.0.4.147)) 10.09.2007 Bonjour Apple Inc. 10.01.2012 1,06MB 3.0.0.10 CCleaner Piriform 23.05.2012 3.19 Citrix-ICA-Client 08.07.2010 Corel Uninstaller 03.06.2012 Diercke Globus Online Imagon GmbH 21.05.2011 2.1.36 Digitale Bibliothek 4 ElsterFormular 2007/2008 Steuerverwaltung des Bundes und der Länder 25.02.2009 9.1.0.0 Google Toolbar for Internet Explorer Google Inc. 13.10.2011 7.0.1710.2246 High Definition Audio Driver Package - KB888111 Microsoft Corporation 20040219.000000 HL-2240 Brother Industries, Ltd. 01.04.2011 1.0.5.0 i-port.de Fotobuch HP Silverwire 4.2.0.0 Intel(R) Active Management Technology LMS Service and SOL Driver 03.06.2012 Intel(R) Graphics Media Accelerator Driver 03.06.2012 Intel(R) Management Engine Interface 03.06.2012 Intel(R) PRO Network Connections Drivers 06.09.2006 iTunes Apple Inc. 27.12.2010 271MB 10.1.1.4 J2SE Runtime Environment 5.0 Update 6 Sun Microsystems, Inc. 26.07.2007 145,0MB 1.5.0.60 Java(TM) 6 Update 24 Oracle 22.11.2010 95,0MB 6.0.240 Kyocera Product Library Kyocera Mita Corporation 09.03.2010 2.0.713 LiveUpdate Notice (Symantec Corporation) Symantec Corporation 17.08.2007 4,50MB 1.2.0 Malwarebytes Anti-Malware Version 1.61.0.1400 Malwarebytes Corporation 02.06.2012 1.61.0.1400 Media Markt Fotoservice 4.2 16.05.2012 Microsoft .NET Framework 1.1 26.07.2007 Microsoft .NET Framework 1.1 German Language Pack Microsoft 06.09.2006 3,02MB 1.1.4322 Microsoft .NET Framework 1.1 Hotfix (KB928366) 03.06.2012 Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation 17.08.2007 Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Corporation 11.04.2008 185,7MB 2.1.21022 Microsoft .NET Framework 3.0 German Language Pack Microsoft Corporation 17.08.2007 Microsoft .NET Framework 3.0 Service Pack 1 Microsoft Corporation 15.09.2011 246MB 3.1.21022 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Corporation 17.08.2007 1 Microsoft Office Professional Plus 2007 Microsoft Corporation 13.05.2009 12.0.6215.1000 Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs Microsoft Corporation 27.10.2009 0,13MB 12.0.4518.1014 Microsoft Silverlight Microsoft Corporation 19.12.2011 32,3MB 4.0.60831.0 Microsoft SQL Server Desktop Engine (WDW0107) Microsoft Corporation 25.11.2010 69,1MB 8.00.760 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation 17.08.2007 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.05.2012 5,07MB 8.0.50727.42 Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket Microsoft Corporation MobileMe Control Panel Apple Inc. 29.07.2011 12,0MB 3.1.6.0 MSXML 4.0 SP2 (KB936181) Microsoft Corporation 09.06.2008 2,62MB 4.20.9848.0 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 12.11.2008 2,67MB 4.20.9870.0 MSXML 6.0 Parser (KB933579) Microsoft Corporation 20.08.2007 1,31MB 6.10.1200.0 NETGEAR Print Server Software 02.08.2007 NTI Backup NOW! 4.5 NewTech Infosystems 06.09.2006 4 NTI CD & DVD-Maker NewTech Infosystems 06.09.2006 7 OCA Client history tool install Microsoft Corporation 06.09.2006 8.3.0980 ODBC 03.06.2012 OSCE_MSI_NT_CLIENT Trend Micro 21.01.2008 7.3 PowerDVD CyberLink Corporation 06.09.2006 QuickTime Apple Inc. 10.01.2012 73,3MB 7.71.80.42 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 06.09.2006 5.10.0.5286 Safari Apple Inc. 10.01.2012 43,3MB 5.34.52.7 Samsung CLP-610 Series Samsung Electronics CO.,LTD 06.06.2008 Samsung ML-2240 Series Samsung Electronics CO.,LTD 24.02.2009 Steganos Safe 2008 Steganos GmbH 23.01.2008 10.1 TeamViewer 5 TeamViewer GmbH 10.08.2010 5.0.8703 Trend Micro OfficeScan Client 21.01.2008 10.6 Ulead DVD PictureShow 2 Ulead Systems, Inc. 03.09.2007 2.00.0000 User Profile Hive Cleanup Service Microsoft Corporation 02.08.2007 0,24MB 1.6.30 VLC media player 1.1.9 VideoLAN 06.09.2006 1.1.9 WDW 2 25.11.2010 1.0 Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation 26.07.2007 Windows Internet Explorer 8 Microsoft Corporation 12.04.2012 20090308.140743 Windows Media Format 11 runtime 06.09.2006 Windows Media Player 11 06.09.2006 Windows Search 4.0 Microsoft Corporation 05.08.2011 04.00.6001.503 Windows XP Service Pack 3 Microsoft Corporation 04.08.2008 20080414.031514 |
03.06.2012, 15:38 | #4 | |
/// Helfer-Team | System Error. Hard disk failure detected 1. Hast Du absichtlich die IP so als Proxy eingestellt? Code:
ATTFilter IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.104.55.155:80 wenn du keinen Proxyserver lokal installiert hast, nimm die Proxyeinstellungen aus den Interneteinstellungen raus im Internet Explorer: Extras => Internetoptionen => Verbindungen => Lan-Einstellungen Haken bei Proxyserver für LAN verwenden und Proxyserver für lokale Adressen umgehen entfernen. 2. Zitat:
Code:
ATTFilter :OTL DRV - (kqsq) -- System32\drivers\xlpcr.sys File not found IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE453 IE - HKCU\..\SearchScopes\{815EDF8F-FDA1-497D-9AC0-CAB25B04A442}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) [2012.06.03 11:51:12 | 000,001,094 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.03 10:51:16 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job :Files C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1Er C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1E C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E.exe ipconfig /flushdns /c :Commands [purity] [emptytemp]
3. Deine Javaversion ist nicht aktuell! Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen: → Systemsteuerung → Software → deinstallieren... → Rechner neu aufstarten → Downloade nun die Offline-Version von Java "Empfohlen Version Java(TM) 7 Update 4 " für 64 Bit: Java(TM) 7 Update 4 - von Oracle herunter Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)! 4. läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit) Achtung!: WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten! Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :
** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren! Anleitung:-> GMER - Rootkit Scanner 5. Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit) Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.
6. Datei-Überprüfung Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. ►Prüfende Datei/en: Code:
ATTFilter C:\WINDOWS\system32\drivers\snpud.sys
► Beispiel - das zu postende Logfile von Virustotal soll so wie hier aussehen Also nicht auslassen, sondern wie Du es bekommst da reinkopieren!: Scanergebnisse mitsamt Dateiname! Code:
ATTFilter Datei File name: <hier kommt die Dateiname> Submission date: 2010-10-22 03:34:01 (UTC) Current status: queued queued analysing finished Result: .....% VT Community goodware/badware Safety score: 100.0% Compact Print results Antivirus Version Last Update Result AhnLab-V3 2010.10.22.00 2010.10.21 - AntiVir 7.10.13.15 2010.10.21 - Antiy-AVL 2.0.3.7 2010.10.22 - Authentium 5.2.0.5 2010.10.22 - Avast 4.8.1351.0 2010.10.21 - Avast5 5.0.594.0 2010.10.21 - usw........ ...werden geprüft v. mehr wie 40 Online Virus Scanner...also Geduld!! ► Treten noch Probleme auf?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
03.06.2012, 17:26 | #5 |
| System Error. Hard disk failure detected So zu Punkt 1 mit dem Proxy liegt darin das ich die Log nicht sauber anoyminsiert habe. Punkt 2 [CODE] All processes killed ========== OTL ========== Service kqsq stopped successfully! Service kqsq deleted successfully! File System32\drivers\xlpcr.sys File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{815EDF8F-FDA1-497D-9AC0-CAB25B04A442}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{815EDF8F-FDA1-497D-9AC0-CAB25B04A442}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully. C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully. File C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found. C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully. C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully. ========== FILES ========== File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1Er not found. File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-hLOAAjtOhB5A1E not found. File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E not found. File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hLOAAjtOhB5A1E.exe not found. < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Auflösungscache wurde geleert. G:\cmd.bat deleted successfully. G:\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: user ->Temp folder emptied: 376892801 bytes ->Temporary Internet Files folder emptied: 500384229 bytes ->Java cache emptied: 8433259 bytes ->Apple Safari cache emptied: 544768 bytes ->Flash cache emptied: 30748 bytes User: LocalService ->Temp folder emptied: 82513 bytes ->Temporary Internet Files folder emptied: 43630 bytes User: -admin ->Temp folder emptied: 20432727 bytes ->Temporary Internet Files folder emptied: 6372068 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 606 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2105116 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 30199175 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18476363 bytes RecycleBin emptied: 2920308732 bytes Total Files Cleaned = 3.704,00 mb OTL by OldTimer - Version 3.2.45.0 log created on 06032012_164524 Files\Folders moved on Reboot... File\Folder C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\Perflib_Perfdata_b90.dat not found! Registry entries deleted on Reboot... <code> Kommt wohl Fehler beim löschen weil ich währenddessen ich meinen ersten post gemachth habe, mich dran gemacht habe das problem selber zu lösen Punkt 3 Ja kümmere ich mich drum mit java Punkt 4 <code>GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover Rootkit scan 2012-06-03 18:03:59 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600AAJS-00PSA0 rev.05.06H05 Running: dvqu5w6f.exe; Driver: C:\DOKUME~1\user\LOKALE~1\Temp\fgdiipog.sys ---- System - GMER 1.0.15 ---- SSDT 86B11154 ZwCreateKey SSDT 8655F16C ZwCreateMutant SSDT 8650F174 ZwCreateProcess SSDT 86A073DC ZwCreateProcessEx SSDT 86543CC4 ZwCreateSymbolicLinkObject SSDT 86A1CE34 ZwCreateThread SSDT 86AA5404 ZwDeleteKey SSDT 8687361C ZwDeleteValueKey SSDT 86A89634 ZwDuplicateObject SSDT 860EE194 ZwLoadDriver SSDT 86827194 ZwOpenProcess SSDT 868735DC ZwOpenSection SSDT 8650A194 ZwRenameKey SSDT 8650A12C ZwRestoreKey SSDT 86A88E2C ZwSetSystemInformation SSDT 8684FA24 ZwSetValueKey SSDT 8682712C ZwTerminateProcess SSDT 86B11194 ZwTerminateThread SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xA929D6D0] SSDT 86B420E4 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[1432] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs eLock2FSCTLDriver.sys (eLock2FSCTLDriver Filter Driver/Windows (R) 2000 DDK provider) AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) AttachedDevice \FileSystem\Fastfat \Fat eLock2FSCTLDriver.sys (eLock2FSCTLDriver Filter Driver/Windows (R) 2000 DDK provider) AttachedDevice \FileSystem\Fastfat \Fat psdfilter.sys (PSD Filter Driver/HiTRUST) ---- Threads - GMER 1.0.15 ---- Thread System [4:860] A9D0D399 Thread System [4:864] A9D0D399 Thread System [4:868] A9D0D399 Thread System [4:872] A9D0D7C2 Thread System [4:888] A9B88F3A Thread System [4:892] A9B88F3A Thread System [4:896] A9B88F3A Thread System [4:900] A9B89452 Thread System [4:1492] A980A8B6 Thread System [4:1496] A980A8B6 Thread System [4:1500] A980A8B6 Thread System [4:1504] A980A8B6 Thread System [4:1508] A980A8B6 Thread System [4:1512] A980A8B6 Thread System [4:1516] A980A8B6 Thread System [4:1520] A980A8B6 Thread System [4:1524] A980A8B6 Thread System [4:1532] A980A8B6 Thread System [4:1536] A980A8B6 Thread System [4:1540] A97B96B2 Thread System [4:2160] A9B8CADC Thread System [4:2324] A9B8CA62 Thread System [4:2328] A9B8CA62 Thread System [4:2332] A9B8CA62 Thread System [4:2336] A9B8CA62 Thread System [4:2344] A9B8CA62 Thread System [4:2348] A9B8CA62 Thread System [4:2352] A9B8CA62 Thread System [4:2364] A9B8CA62 Thread System [4:2368] A9B8CA62 ---- EOF - GMER 1.0.15 ---- <code> Punkt 5 <code> Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover Windows 5.1.2600 Disk: WDC_WD1600AAJS-00PSA0 rev.05.06H05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x86B73AB8] 3 CLASSPNP[0xF75E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000075[0x86B15F18] 5 ACPI[0xF747E620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Ide\IdeDeviceP2T0L0-7[0x86B10D98] kernel: MBR read successfully user & kernel MBR OK <code> Die Datei findet mein PC nicht sorry fürs formatieren, wie heißt der code auruf nochmal ? |
07.06.2012, 10:53 | #6 |
/// Helfer-Team | System Error. Hard disk failure detected ► Treten noch Probleme auf?
__________________ --> System Error. Hard disk failure detected |
Themen zu System Error. Hard disk failure detected |
andere, anleitung, beiträge, bräuchte, detected, ellung, failure, folge, folgende, gefunde, google, guten, hard disk, hilfestellung, leitung, lösen, morgen, problem, schonmal, system, troja, trojaner |