Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.05.2011, 16:24   #1
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Hallo ihr Lieben,
ich habe gerade ein großes Problem, da ich mich zwei Wochen vor der Abgabe meiner Abschlussarbeit befinde und sich mein Notebook nun wohl anscheinend einen Trojaner eingefangen hat. Ich bekam eine Warnmeldung von Avira, danach war der Hintergrund meines Bildschirmes schwarz. Beim erneuten Hochfahren sind sämtliche Dateien verschwunden. Ob ich versuche, die Dateien direkt zu öffnen oder über "Run" gehe, es heißt immer nur "keine Dateien vorhanden". Äußerst schlecht in meiner aktuellen Situation. Die meisten Dateien meiner Bachelorarbeit hab ich zwar gestern noch auf einen USB-Stick gezogen, aber ohne Rechner arbeitet es sich natürlich auch nicht so hervorragend.
Die Fehlermeldung war zunächst immer "Critical Error Damaged hard Drive Clusters detected"...aus diesem Grund habe ich inspiriert durch den Beitrag "HDD Defragmenter entfernen" den rkill.exe installiert und seitdem sind diese Meldungen verschwunden. Allerdings hat sich an meinem Rechner nichts verändert.
Heute vormittag habe ich in einem Computerfachhandel nachgefragt und ihnen meinen Rechner gezeigt, nur leider haben sie mir auch nur zu Dingen geraten, die ich bereits versucht hatte. Nun bin ich mit meinem Latein am Ende. Kann mir von euch jemand weiterhelfen?
Vielen Dank schonmal im Voraus...ich weiß, es ist Wochenende, dennoch hoffe ich natürlich, hier noch jemanden anzutreffen.

Mit OTL habe ich bereits einen Scan gemacht. Die folgenden zwei Logfiles wurden dadurch erstellt:

Code:
ATTFilter
OTL logfile created on: 28.05.2011 09:19:11 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\*****\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,20% Memory free
8,19 Gb Paging File | 6,43 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,54 Gb Total Space | 154,96 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 293,91 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
 
Computer Name: CREATION | User Name: Seranna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe
PRC - [2011.05.03 08:59:53 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.05.02 08:07:58 | 000,924,632 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.04.19 20:38:33 | 000,119,608 | -H-- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ7.4\ICQ.exe
PRC - [2011.03.20 11:08:27 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.03 10:42:54 | 000,253,952 | -H-- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe
PRC - [2010.11.03 08:37:26 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.12.31 15:13:52 | 000,110,592 | -H-- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Seranna\AppData\Roaming\T-Mobile Internet Manager\ouc.exe
PRC - [2009.07.15 09:18:48 | 000,102,400 | -H-- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2008.08.08 14:11:12 | 000,490,952 | -H-- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
PRC - [2008.06.04 20:03:36 | 000,817,672 | -H-- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE
PRC - [2008.04.20 18:30:20 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.20 18:30:16 | 000,178,712 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.02.18 18:33:52 | 000,077,824 | -H-- | M] (Cyberlink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe
MOD - [2010.08.31 17:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2008.04.30 20:20:42 | 001,371,136 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2008.04.30 19:42:20 | 000,826,368 | -H-- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2008.01.21 04:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.01.21 04:46:39 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006.04.29 07:23:04 | 000,048,128 | -H-- | M] (Dassault Systemes) [Auto | Running] -- C:\Program Files\Dassault Systemes\B17\win_b64\code\bin\CATSysDemon.exe -- (BBDemon)
SRV - [2011.05.03 08:59:53 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.20 11:08:27 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008.07.27 20:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.20 18:30:20 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.04.07 09:17:30 | 000,430,592 | -H-- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.21 04:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 04:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.11.23 13:38:21 | 000,083,120 | ---- | M] () [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.09.10 15:56:08 | 000,117,120 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.07.15 09:08:24 | 000,016,392 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2008.10.21 22:26:01 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2008.10.10 01:22:16 | 000,062,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2008.09.15 14:25:00 | 000,056,832 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\L1E60x64.sys -- (L1E)
DRV:64bit: - [2008.04.28 06:38:12 | 004,730,368 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.04.25 10:08:46 | 000,325,168 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.04.20 18:29:56 | 000,394,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.03.26 11:03:06 | 000,064,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.01.21 04:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 04:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 04:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 04:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008.01.21 04:46:00 | 000,019,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.07.03 17:04:44 | 000,142,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007.07.03 17:04:16 | 000,016,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007.07.03 17:02:12 | 000,105,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2007.03.28 07:50:16 | 000,046,592 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\winbondcir.sys -- (winbondcir)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | -H-- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2009.07.15 09:08:24 | 000,016,392 | -H-- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2008.02.01 17:24:06 | 000,032,240 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=gppc
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..browser.search.selectedEngine: "Facemoods Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.facemoods.com/?a=gppc"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.28 08:35:27 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.28 08:35:27 | 000,000,000 | -H-D | M]
 
[2008.10.21 20:41:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Extensions
[2011.05.28 06:54:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions
[2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (Flagfox) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (PDF Download) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.05.28 08:36:27 | 000,000,000 | -H-D | M] (Zynga Community Toolbar) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011.05.28 08:36:27 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.28 08:36:28 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.28 06:54:34 | 000,000,000 | -H-D | M] (Facemoods) -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\extensions\ffxtlbr@Facemoods.com
[2011.05.25 13:18:00 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-1.xml
[2011.05.28 06:57:35 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-10.xml
[2010.01.30 18:10:43 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-2.xml
[2010.03.02 13:43:28 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-3.xml
[2010.03.31 15:39:20 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-4.xml
[2010.09.17 14:08:47 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-5.xml
[2010.10.14 20:59:22 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-6.xml
[2010.12.11 11:04:23 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-7.xml
[2011.03.02 20:49:33 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-8.xml
[2011.05.02 08:08:16 | 000,000,950 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin-9.xml
[2010.05.12 17:40:48 | 000,001,042 | -H-- | M] () -- C:\Users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\searchplugins\icqplugin.xml
[2011.04.03 10:52:57 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.05.28 08:35:27 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
() (No name found) -- C:\USERS\SERANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9ZOV2N5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SERANNA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Y9ZOV2N5.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011.05.28 08:37:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.05.02 08:07:58 | 000,142,296 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.28 07:04:27 | 000,002,047 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2010.01.01 10:00:00 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O4 - Startup: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O24 - Desktop WallPaper: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Seranna\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\Shell\AutoRun\command - "" = F:\menu.exe
O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.28 09:10:51 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe
[2011.05.28 09:08:11 | 000,000,000 | R--D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD8
[2011.05.28 07:09:19 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Malwarebytes
[2011.05.28 07:09:09 | 000,038,224 | -H-- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.05.28 07:09:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.28 07:08:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.05.28 07:08:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.28 06:54:32 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\facemoods.com
[2011.05.28 05:55:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\WindowsSearch
[2011.05.27 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.27 21:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\Desktop\email
[2011.05.22 16:37:03 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\Desktop\Thesisbilder
[1 C:\Users\Seranna\Desktop\*.tmp files -> C:\Users\Seranna\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.28 09:10:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Seranna\Desktop\OTL.exe
[2011.05.28 08:48:38 | 000,707,392 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.28 08:48:38 | 000,598,900 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.28 08:48:38 | 000,104,914 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.28 08:41:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.28 08:41:02 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.28 08:40:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.28 08:40:45 | 4289,589,248 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.28 07:09:09 | 000,000,972 | -H-- | M] () -- C:\Users\Seranna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.05.28 07:09:09 | 000,000,948 | -H-- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.28 06:38:06 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~44228344r
[2011.05.28 06:38:06 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~44228344
[2011.05.28 06:35:37 | 000,028,029 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.05.28 06:35:37 | 000,028,029 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.05.28 06:19:30 | 000,000,392 | -H-- | M] () -- C:\ProgramData\44228344
[2011.05.27 22:55:17 | 000,000,595 | -H-- | M] () -- C:\Users\Seranna\Desktop\Windows Vista Recovery.lnk
[2011.05.18 14:40:09 | 000,014,848 | -H-- | M] () -- C:\Users\Seranna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Seranna\Desktop\*.tmp files -> C:\Users\Seranna\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.28 07:09:09 | 000,000,972 | -H-- | C] () -- C:\Users\Seranna\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011.05.28 07:09:09 | 000,000,948 | -H-- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.28 07:08:48 | 000,024,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011.05.27 22:55:30 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~44228344r
[2011.05.27 22:55:30 | 000,000,136 | -H-- | C] () -- C:\ProgramData\~44228344
[2011.05.27 22:55:17 | 000,000,595 | -H-- | C] () -- C:\Users\Seranna\Desktop\Windows Vista Recovery.lnk
[2011.05.27 22:55:09 | 000,000,392 | -H-- | C] () -- C:\ProgramData\44228344
[2011.05.15 10:17:42 | 739,575,158 | -H-- | C] () -- C:\Users\Seranna\Desktop\intro_black_swan.avi
[2011.02.02 16:45:08 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.09.17 18:33:30 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2008.11.10 22:18:22 | 000,700,730 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.10.22 11:03:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.21 23:23:51 | 000,014,848 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.21 22:08:47 | 000,028,029 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2008.10.21 22:08:42 | 000,028,029 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.21 21:51:00 | 000,000,680 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d9caps.dat
[2008.10.21 21:50:58 | 000,000,552 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d8caps.dat
[2008.10.21 21:14:40 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.10.21 21:14:40 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.10.21 20:59:08 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.10.21 20:41:38 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.10.21 20:17:48 | 000,000,732 | -H-- | C] () -- C:\Users\Seranna\AppData\Local\d3d9caps64.dat
[2008.01.21 04:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.10.25 17:26:10 | 000,005,632 | -H-- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2006.11.02 17:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | -H-- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2002.03.21 14:39:02 | 000,073,728 | -H-- | C] () -- C:\Windows\SysWow64\UNACEV2.DLL
 
========== LOP Check ==========
 
[2010.04.28 18:52:53 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\.purple
[2008.10.21 23:34:58 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ACD Systems
[2010.03.07 00:02:20 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\BSW
[2010.05.12 16:08:18 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\cerasus
[2010.05.12 16:08:40 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\cerasus.media
[2011.02.02 16:45:55 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Daedalic Entertainment
[2011.05.28 08:36:25 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\DAEMON Tools
[2008.10.23 00:33:00 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\DassaultSystemes
[2010.03.23 12:24:54 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\GARMIN
[2011.05.13 07:28:16 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ICQ
[2010.10.08 20:50:15 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\PC Suite
[2008.12.05 00:33:49 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Propellerhead Software
[2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\RobinsonCrusoeCER
[2010.10.08 20:47:16 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\Samsung
[2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\ScummVM
[2010.11.04 22:55:41 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\SecondLife
[2011.03.03 10:42:52 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\T-Mobile
[2011.05.28 08:36:28 | 000,000,000 | -H-D | M] -- C:\Users\Seranna\AppData\Roaming\T-Mobile Internet Manager
[2011.05.28 07:56:25 | 000,032,646 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
_________________________________

Code:
ATTFilter
OTL Extras logfile created on: 28.05.2011 09:19:11 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\*****\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 58,20% Memory free
8,19 Gb Paging File | 6,43 Gb Available in Paging File | 78,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284,54 Gb Total Space | 154,96 Gb Free Space | 54,46% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 293,91 Gb Free Space | 98,60% Space Free | Partition Type: NTFS
 
Computer Name: CREATION | User Name: Seranna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3637555439-4150254949-3577624952-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17930F34-BC3B-4C08-AD45-0208D56A11EE}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{182DEDBE-B77E-46B5-A304-EF80CC281F40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{1CB8E0A9-887C-4CD4-85DF-74B26AEA22A2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{20F684EE-756D-42F4-A27E-203DC3216B6F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2C05C31E-3FC7-461C-A81A-64BC9F80E777}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3416DAAD-0CE4-4E26-BEE4-08962BC3B9F1}" = rport=139 | protocol=6 | dir=out | app=system | 
"{39631D88-7EA6-4DC8-988C-DA21AFA8F6CE}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{4A3146C0-1AAE-494B-B821-64FBCF355A5C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5B679CAF-9B3B-48C1-8CC9-7D0CABF9A0A2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6880F4AA-1250-4897-9E11-999C14986BE6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6AB885BC-FEEE-47AE-BD1D-2D5F7C259EF6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6F89B276-A64B-467C-99D0-96840B5306EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{870E4E61-34FA-44DF-A6FE-13A8A827C894}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{89469868-C1B0-4F4E-AD96-3EF4023621D9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9AC2C4FD-F55A-4BBD-ACAF-132EFF2ACCF8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9CC53E31-B7C1-4BC5-8B3A-C602778350C8}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A4AC746B-0C85-48AA-A277-5343639724F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AB1FB534-2C9F-4072-B050-D6B9754EC293}" = rport=137 | protocol=17 | dir=out | app=system | 
"{C941E5ED-1661-4222-A16C-3C992ACD57D4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{CC174306-10B3-4729-A267-9857CA69569E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{CF215CAA-458B-49F1-8799-E371833FBBD1}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008D2BFC-12A6-449D-BB4C-BC4BCCD8598B}" = protocol=17 | dir=in | app=c:\users\seranna\appdata\local\microsoft\windows\temporary internet files\content.ie5\hidt6e7k\facemoods[1].exe | 
"{05E8F44E-86D2-4164-B085-FEB9787334B5}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{08CED774-B244-4E16-AD65-31987B5F4FE5}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{0C66D569-3A03-46CE-A1C0-5FD721D2905E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2460E9AB-A44B-4C48-B7C3-ACEA4CA9A2E9}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{2CEA3CA5-FA11-41E9-AD40-49473E7BA400}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{2E2BFF50-01B9-4467-BAE9-D2236D55EEE0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3000A818-7839-4007-A1BF-073005BDDF7F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{35D26E99-89B1-49F9-ADEA-9939E03A9EDF}" = protocol=6 | dir=in | app=c:\users\seranna\appdata\local\microsoft\windows\temporary internet files\content.ie5\hidt6e7k\facemoods[1].exe | 
"{403BF458-3F70-462D-A273-CA3362441744}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe | 
"{4F0E7F45-5A36-4E6C-9FDC-ED424866190F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{6EFFA785-64FF-4D06-86BD-9F5DA5A92759}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8CD72EA6-2473-4AF3-A60A-B44079D6D838}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9C2DB7E5-D9EF-4667-94A0-6264E0F81DF8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A529E36B-3DC3-4476-98FD-ADF4C5A69923}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C1032A12-E463-4218-BA5F-7ABF8F222D02}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{CBDB14C2-4D56-4459-AD5A-1C6E096E0BCC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{D0F7B2D9-4A43-4758-9611-D8CC08B9B03C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{D2AFCE0D-2054-47A3-9C5B-F55C83D57E2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DC690D0C-F6D9-41A3-A7C4-778E317B2A14}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{EA020FA3-22F8-423B-B89B-34E547A1A14A}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.4\icq.exe | 
"{EBCF026C-E650-4D75-A967-A0883F0C4349}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe | 
"{F1B3DCF4-A427-4425-849E-0563AB782A80}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"TCP Query User{0F6F76A8-D26A-46BF-ACE8-77CA0B2DA3A8}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"TCP Query User{1CC0DD38-3F50-4DC2-B1AA-D40AD93BD4E5}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"TCP Query User{30BA9705-FAC0-4F7B-8F2E-5AA1AB068D5E}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe | 
"TCP Query User{47842BC8-A13D-4FC3-AFCB-5A1246A8E7FC}C:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe | 
"TCP Query User{5CBA344A-3580-4D6F-910A-CA84438F9C27}C:\program files (x86)\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files (x86)\qip\qip.exe | 
"TCP Query User{641B7D96-E8DC-421B-901F-F6C1D3214311}C:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe" = protocol=6 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe | 
"TCP Query User{C8698F8A-E218-41EC-9E63-03C1DB15D3A1}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"TCP Query User{E561E25F-9A21-4FB5-AE2F-F9AE3AF992C9}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe | 
"TCP Query User{EB704B6F-5F25-4D70-8597-3864126F5509}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"UDP Query User{1AB1D604-D965-4F02-AA90-B58D5072B3AA}C:\program files (x86)\secondlifeviewer2\slvoice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\secondlifeviewer2\slvoice.exe | 
"UDP Query User{3E796A98-F514-4ED6-87C2-16D6E8E402B5}C:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\orbixd.exe | 
"UDP Query User{40C25660-9A01-4127-928F-9EDA42C173FC}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe | 
"UDP Query User{4E4D28A4-2AF3-4D73-B91F-0BF182A1DC82}C:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe" = protocol=17 | dir=in | app=c:\program files\dassault systemes\b17\win_b64\code\bin\cnext.exe | 
"UDP Query User{62E549DD-55DD-46FE-BBB7-072F962B16FD}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
"UDP Query User{BB3B5F2C-09F6-4646-AAD7-EF1B7C5FC12D}C:\program files (x86)\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"UDP Query User{BF03437E-D61F-47FD-B75A-E42A33D17836}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe | 
"UDP Query User{D7066990-A605-4203-A035-7B25AB6BA484}C:\program files (x86)\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files (x86)\qip\qip.exe | 
"UDP Query User{DD59D33C-EBDD-4646-A53A-76F811FB6F20}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C3BCE6-BFC3-4844-9EA5-33B6508CBF3B}" = TouchChip USB Driver 2.13
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows Driver Package - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dassault Systemes B17_0" = Dassault Systemes Software B17
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UltSounds" = Windows Sound Schemes
"UltSounds2" = Ultimate Extras sounds from Microsoft® Tinker™
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7DF5A0FE-EEC4-439A-A3B5-DF91958DD5A7}_is1" = Robinson Crusoe
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AD841E2B-2F15-498E-A6C0-2FDF716B2806}_is1" = Big City Mystery
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BD8A0C60-1AEB-11D6-B8E1-00025521AE60}" = VBA (3821b)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ENTERPRISE" = Microsoft Office Enterprise 2007
"facemoods" = Facemoods Toolbar
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"ICQToolbar" = ICQ Toolbar
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LEd_is1" = LEd Beta 0.52
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MiKTeX 2.7" = MiKTeX 2.7
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Pidgin" = Pidgin
"QIP2005" = QIP 2005 Uninstall
"Ravensburger Puzzle" = Ravensburger Puzzle
"Reason4_is1" = Reason 4.0
"ScummVM_is1" = ScummVM 0.12.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Skype™ for Windows Mobile_is1" = Skype™ for Windows Mobile 3.0
"SystemRequirementsLab" = System Requirements Lab
"T-Mobile Internet Manager" = T-Mobile Internet Manager
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Viele Liebe Grüße, "Sarina"

Alt 29.05.2011, 11:05   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________

Alt 29.05.2011, 11:55   #3
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Hallo cosinus und vielen lieben Dank für deine Willkommensgrüße.

Ich habe bereits gestern einen Scan durchgeführt, bei dem infizierte Dateien gefunden wurden. Diese habe ich gelöscht.
Im Folgenden stelle ich den Log von gestern und heute herein. Ältere habe ich leider nicht.

Log von gestern (28.05.11):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6697

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

28.05.2011 07:27:44
mbam-log-2011-05-28 (07-27-44).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165956
Laufzeit: 16 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xXjsKiNbkvU (Trojan.FakeMS) -> Value: xXjsKiNbkvU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\xxjskinbkvu.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\programdata\44228344.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\Users\Seranna\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Seranna\AppData\Local\Temp\ldrb5b9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Seranna\AppData\Local\Temp\ldrdc7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
         
Log von heute (29.05.11):
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6711

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29.05.2011 12:46:25
mbam-log-2011-05-29 (12-46-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166186
Laufzeit: 5 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Vielen Dank für deine Hilfe, cosinus. =)
__________________

Alt 29.05.2011, 11:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Zitat:
Art des Suchlaufs: Quick-Scan
Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Alt 29.05.2011, 14:04   #5
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Entschuldige, da habe ich wirklich nur den Quick-Scan gemacht. *shame on me*
Den Vollscan habe ich gerade mit der aktuellen Version nachgeholt. Nach dessen Abschluss gab es allerdings schon wieder zwei neue Aktualisierungen.

Vollscan vom 29.05.11:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6711

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

29.05.2011 14:59:16
mbam-log-2011-05-29 (14-59-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 593779
Laufzeit: 2 Stunde(n), 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 29.05.2011, 14:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Zitat:
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

Wieso fehlen eigentlich das SP2 und der IE8 (bzw. jetzt ist IE9 aktuell!) bei dir? Später must du dich unbedingt um die Updates kümmern. Aber erst wenn wir hier durch sind.


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [WinampAgent]  File not found
O4 - HKCU..\Run: [WMPNSCFG]  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\Shell\AutoRun\command - "" = F:\menu.exe
O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell - "" = AutoRun
O33 - MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011.05.27 22:55:17 | 000,000,000 | -H-D | C] -- C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.28 06:38:06 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~44228344r
[2011.05.28 06:38:06 | 000,000,136 | -H-- | M] () -- C:\ProgramData\~44228344
[2011.05.28 06:19:30 | 000,000,392 | -H-- | M] () -- C:\ProgramData\44228344
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
--> Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected

Alt 29.05.2011, 15:08   #7
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Vielen Dank für deine schnelle Antwort.
Ich habe vorab noch eine kurze Frage. Mit der Aktivierung des Virenscanners meinst du mein Avira AntiVir, oder?

Alt 29.05.2011, 15:32   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Ja, der muss deaktiviert werden => Regenschirm schließen
Dann möglichst alle anderen Programme beenden und den OTL-Fix wie beschrieben durchführen.

Alt 29.05.2011, 15:51   #9
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Zunächst zu deinen Fragen:
Den IE benutze ich eigentlich überhaupt nicht für das Internet, sondern nur Firefox. Von letzterem habe ich auch die neueste Version auf dem Rechner.
Bezüglich des SP2 kann ich nur sagen, dass ich leider seeehr wenig Ahnung von Computern habe und mir nicht bewusst war, dass es schon ein neues Programm zur Erweiterung gibt.

Ich danke dir, das mit dem Fix hat geklappt, nachdem du es so ausführlich beschrieben hast.
Dieser Log wurde mir ausgegeben:
Code:
ATTFilter
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4334898a-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4334898a-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4334898a-4571-11e0-9f5d-001e68d94597}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43348997-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43348997-4571-11e0-9f5d-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43348997-4571-11e0-9f5d-001e68d94597}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{512a9caf-9fb3-11dd-8b10-001e68d94597}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{684379f7-0578-11de-a2f3-d80cd9e7866e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{684379f7-0578-11de-a2f3-d80cd9e7866e}\ not found.
File F:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21bac0d-60ea-11e0-af29-001e68d94597}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f21bac0d-60ea-11e0-af29-001e68d94597}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f21bac0d-60ea-11e0-af29-001e68d94597}\ not found.
File F:\AutoRun.exe not found.
C:\Users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery folder moved successfully.
C:\ProgramData\~44228344r moved successfully.
C:\ProgramData\~44228344 moved successfully.
C:\ProgramData\44228344 moved successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.23.0 log created on 05292011_164126

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 29.05.2011, 16:01   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Da der IE ist aber eine Kernkomponente von Windows ist, muss auch dieser ständig aktuell gehalten werden.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!

Alt 29.05.2011, 16:12   #11
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Danke für diese Information, dann werde ich mir den neuen IE8 holen, wenn das hier alles bereinigt ist.

Ich habe nun den Scan durchgeführt und dieser Log wurde mir ausgegeben:
Code:
ATTFilter
2011/05/29 17:05:23.0657 4808	TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 17:05:24.0016 4808	================================================================================
2011/05/29 17:05:24.0016 4808	SystemInfo:
2011/05/29 17:05:24.0016 4808	
2011/05/29 17:05:24.0016 4808	OS Version: 6.0.6001 ServicePack: 1.0
2011/05/29 17:05:24.0016 4808	Product type: Workstation
2011/05/29 17:05:24.0016 4808	ComputerName: CREATION
2011/05/29 17:05:24.0031 4808	UserName: Seranna
2011/05/29 17:05:24.0031 4808	Windows directory: C:\Windows
2011/05/29 17:05:24.0031 4808	System windows directory: C:\Windows
2011/05/29 17:05:24.0031 4808	Running under WOW64
2011/05/29 17:05:24.0031 4808	Processor architecture: Intel x64
2011/05/29 17:05:24.0031 4808	Number of processors: 2
2011/05/29 17:05:24.0031 4808	Page size: 0x1000
2011/05/29 17:05:24.0031 4808	Boot type: Normal boot
2011/05/29 17:05:24.0031 4808	================================================================================
2011/05/29 17:05:24.0843 4808	Initialize success
2011/05/29 17:06:08.0523 4324	================================================================================
2011/05/29 17:06:08.0523 4324	Scan started
2011/05/29 17:06:08.0523 4324	Mode: Manual; 
2011/05/29 17:06:08.0523 4324	================================================================================
2011/05/29 17:06:08.0866 4324	ACPI            (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
2011/05/29 17:06:08.0928 4324	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/29 17:06:09.0006 4324	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/29 17:06:09.0037 4324	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/29 17:06:09.0069 4324	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/29 17:06:09.0147 4324	AFD             (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
2011/05/29 17:06:09.0225 4324	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/29 17:06:09.0287 4324	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/29 17:06:09.0365 4324	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/05/29 17:06:09.0381 4324	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/29 17:06:09.0427 4324	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/29 17:06:09.0552 4324	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/29 17:06:09.0583 4324	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/29 17:06:09.0661 4324	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/29 17:06:09.0693 4324	atapi           (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/05/29 17:06:09.0771 4324	avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/29 17:06:09.0817 4324	avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/29 17:06:09.0958 4324	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/29 17:06:10.0036 4324	bowser          (f0f035fcec3554cc1b70c5611bd87951) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/29 17:06:10.0067 4324	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/29 17:06:10.0145 4324	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/29 17:06:10.0176 4324	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/29 17:06:10.0207 4324	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/29 17:06:10.0223 4324	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/29 17:06:10.0239 4324	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/29 17:06:10.0270 4324	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/29 17:06:10.0332 4324	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/29 17:06:10.0348 4324	cdrom           (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/29 17:06:10.0395 4324	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
2011/05/29 17:06:10.0441 4324	CLFS            (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
2011/05/29 17:06:10.0566 4324	CmBatt          (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/29 17:06:10.0597 4324	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/29 17:06:10.0629 4324	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/29 17:06:10.0644 4324	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/29 17:06:10.0675 4324	CSC             (a25e4dd707714da07fe1febf1dc91d86) C:\Windows\system32\drivers\csc.sys
2011/05/29 17:06:10.0738 4324	DfsC            (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
2011/05/29 17:06:10.0816 4324	disk            (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
2011/05/29 17:06:10.0909 4324	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/29 17:06:10.0956 4324	DXGKrnl         (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/29 17:06:11.0034 4324	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/29 17:06:11.0081 4324	Ecache          (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
2011/05/29 17:06:11.0128 4324	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/29 17:06:11.0190 4324	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/29 17:06:11.0268 4324	exfat           (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
2011/05/29 17:06:11.0299 4324	fastfat         (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
2011/05/29 17:06:11.0331 4324	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/29 17:06:11.0362 4324	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/29 17:06:11.0377 4324	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/29 17:06:11.0409 4324	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/29 17:06:11.0424 4324	FltMgr          (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
2011/05/29 17:06:11.0455 4324	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/29 17:06:11.0487 4324	fvevol          (5cd88ce69bc24e5cfc0edcfc338b79e1) C:\Windows\system32\DRIVERS\fvevol.sys
2011/05/29 17:06:11.0502 4324	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/29 17:06:11.0565 4324	HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
2011/05/29 17:06:11.0596 4324	HDAudBus        (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/29 17:06:11.0627 4324	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/29 17:06:11.0658 4324	HidIr           (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
2011/05/29 17:06:11.0689 4324	HidUsb          (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/29 17:06:11.0721 4324	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/29 17:06:11.0767 4324	HSFHWAZL        (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/05/29 17:06:11.0861 4324	HSF_DPV         (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/05/29 17:06:11.0986 4324	HTTP            (e690736da6c543f5d99c8fa27bea31db) C:\Windows\system32\drivers\HTTP.sys
2011/05/29 17:06:12.0079 4324	hwdatacard      (3e31c1470aba81ba2dcb956f8504c037) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/05/29 17:06:12.0189 4324	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\Windows\system32\DRIVERS\ewusbdev.sys
2011/05/29 17:06:12.0235 4324	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/29 17:06:12.0282 4324	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/29 17:06:12.0345 4324	iaStor          (8bd53925c5675bc9a5efe12e2a42be31) C:\Windows\system32\DRIVERS\iaStor.sys
2011/05/29 17:06:12.0360 4324	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/29 17:06:12.0407 4324	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/29 17:06:12.0485 4324	IntcAzAudAddService (82a719429fb3c09fc2f8e03a84584452) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/29 17:06:12.0532 4324	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/29 17:06:12.0563 4324	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/29 17:06:12.0594 4324	IpFilterDriver  (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/29 17:06:12.0657 4324	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/29 17:06:12.0672 4324	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/29 17:06:12.0703 4324	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/29 17:06:12.0719 4324	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/29 17:06:12.0766 4324	iScsiPrt        (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/29 17:06:12.0797 4324	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/29 17:06:12.0828 4324	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/29 17:06:12.0875 4324	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/29 17:06:12.0906 4324	kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/29 17:06:12.0984 4324	KSecDD          (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/29 17:06:13.0015 4324	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/29 17:06:13.0062 4324	L1E             (22709c5ac366fd19621a489014d158be) C:\Windows\system32\DRIVERS\L1E60x64.sys
2011/05/29 17:06:13.0109 4324	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/29 17:06:13.0140 4324	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/29 17:06:13.0171 4324	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/29 17:06:13.0218 4324	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/29 17:06:13.0249 4324	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/29 17:06:13.0281 4324	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/29 17:06:13.0312 4324	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/29 17:06:13.0359 4324	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/29 17:06:13.0405 4324	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/29 17:06:13.0421 4324	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/29 17:06:13.0468 4324	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/29 17:06:13.0483 4324	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/29 17:06:13.0530 4324	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/29 17:06:13.0561 4324	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/29 17:06:13.0577 4324	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/29 17:06:13.0593 4324	MRxDAV          (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
2011/05/29 17:06:13.0671 4324	mrxsmb          (d2fc7c6c263a759c3f0ccf5c26831b50) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/29 17:06:13.0749 4324	mrxsmb10        (b48b14105724e7f3925d89cbaa8fc7a5) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/29 17:06:13.0780 4324	mrxsmb20        (effa581e7c5afba1163aafbfa09db475) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/29 17:06:13.0827 4324	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/05/29 17:06:13.0858 4324	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/29 17:06:13.0905 4324	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/29 17:06:13.0936 4324	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/29 17:06:13.0983 4324	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/29 17:06:14.0014 4324	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/29 17:06:14.0029 4324	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/29 17:06:14.0061 4324	MsRPC           (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/29 17:06:14.0092 4324	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/29 17:06:14.0107 4324	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/29 17:06:14.0139 4324	Mup             (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
2011/05/29 17:06:14.0185 4324	NativeWifiP     (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/29 17:06:14.0248 4324	NDIS            (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
2011/05/29 17:06:14.0295 4324	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/29 17:06:14.0310 4324	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/29 17:06:14.0341 4324	NdisWan         (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/29 17:06:14.0373 4324	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/29 17:06:14.0388 4324	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/29 17:06:14.0435 4324	netbt           (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/29 17:06:14.0591 4324	NETw5v64        (93915c41a0dbbd121a0fad2835e43776) C:\Windows\system32\DRIVERS\NETw5v64.sys
2011/05/29 17:06:14.0794 4324	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/29 17:06:14.0841 4324	Npfs            (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
2011/05/29 17:06:14.0872 4324	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/29 17:06:14.0919 4324	Ntfs            (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
2011/05/29 17:06:14.0997 4324	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/29 17:06:15.0262 4324	nvlddmkm        (de5899845e3cc72f4d9147370380f748) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/05/29 17:06:15.0324 4324	nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/29 17:06:15.0355 4324	nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/29 17:06:15.0387 4324	nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/29 17:06:15.0465 4324	ohci1394        (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/05/29 17:06:15.0511 4324	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/29 17:06:15.0527 4324	partmgr         (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
2011/05/29 17:06:15.0605 4324	pccsmcfd        (81b5e63131090879ad6ef9f32109b88d) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
2011/05/29 17:06:15.0636 4324	pci             (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
2011/05/29 17:06:15.0667 4324	pciide          (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/05/29 17:06:15.0699 4324	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/29 17:06:15.0730 4324	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/29 17:06:15.0870 4324	PptpMiniport    (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/29 17:06:15.0901 4324	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/29 17:06:15.0948 4324	PSched          (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/29 17:06:15.0995 4324	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/29 17:06:16.0057 4324	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/29 17:06:16.0089 4324	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/29 17:06:16.0135 4324	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/29 17:06:16.0182 4324	Rasl2tp         (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/29 17:06:16.0213 4324	RasPppoe        (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/29 17:06:16.0229 4324	RasSstp         (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/29 17:06:16.0260 4324	rdbss           (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/29 17:06:16.0291 4324	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/29 17:06:16.0323 4324	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/05/29 17:06:16.0338 4324	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/29 17:06:16.0369 4324	RDPWD           (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
2011/05/29 17:06:16.0447 4324	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/29 17:06:16.0510 4324	RTSTOR          (e8851db71b1a33be35dace8f26780cde) C:\Windows\system32\drivers\RTSTOR64.SYS
2011/05/29 17:06:16.0541 4324	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/29 17:06:16.0588 4324	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/29 17:06:16.0603 4324	Serenum         (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/29 17:06:16.0635 4324	Serial          (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/29 17:06:16.0650 4324	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/29 17:06:16.0697 4324	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/29 17:06:16.0713 4324	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/29 17:06:16.0728 4324	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/29 17:06:16.0759 4324	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/29 17:06:16.0791 4324	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/29 17:06:16.0806 4324	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/29 17:06:16.0869 4324	Smb             (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
2011/05/29 17:06:16.0915 4324	spldr           (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
2011/05/29 17:06:16.0978 4324	sptd            (9ab59cf736981ed1f83c6ab5faa8ba5c) C:\Windows\system32\Drivers\sptd.sys
2011/05/29 17:06:16.0978 4324	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 9ab59cf736981ed1f83c6ab5faa8ba5c
2011/05/29 17:06:16.0993 4324	sptd - detected LockedFile.Multi.Generic (1)
2011/05/29 17:06:17.0056 4324	srv             (a8abd7d0d907b45cf3831f4dd8644349) C:\Windows\system32\DRIVERS\srv.sys
2011/05/29 17:06:17.0134 4324	srv2            (72e529d52f87341918b90635d3a01517) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/29 17:06:17.0165 4324	srvnet          (1ee5fd978582764f0f280cf44efe3e9a) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/29 17:06:17.0243 4324	sscdbus         (1612881760c9df7fbb09b6cf1d3ba0df) C:\Windows\system32\DRIVERS\sscdbus.sys
2011/05/29 17:06:17.0274 4324	sscdmdfl        (d7803a687e85189ea2b525cc22093521) C:\Windows\system32\DRIVERS\sscdmdfl.sys
2011/05/29 17:06:17.0305 4324	sscdmdm         (06db3d5eb2444083c7f5af7874765505) C:\Windows\system32\DRIVERS\sscdmdm.sys
2011/05/29 17:06:17.0368 4324	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/29 17:06:17.0399 4324	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/29 17:06:17.0430 4324	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/29 17:06:17.0446 4324	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/29 17:06:17.0493 4324	SynTP           (0f2e5efdf6730780afea6ec6bf8aacb0) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/29 17:06:17.0617 4324	Tcpip           (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\drivers\tcpip.sys
2011/05/29 17:06:17.0711 4324	Tcpip6          (7d86275fb640011b372fd566c0eafa8d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/29 17:06:17.0758 4324	tcpipreg        (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/29 17:06:17.0789 4324	TcUsb           (940f2eef06989aaef1458f10909d9b7d) C:\Windows\system32\Drivers\tcusb.sys
2011/05/29 17:06:17.0820 4324	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/29 17:06:17.0836 4324	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/29 17:06:17.0898 4324	tdx             (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/29 17:06:17.0914 4324	TermDD          (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/29 17:06:17.0992 4324	TFsExDisk       (ce4b6956e4e12492715a53076e58761f) C:\Windows\System32\Drivers\TFsExDisk.sys
2011/05/29 17:06:18.0039 4324	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/29 17:06:18.0085 4324	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/29 17:06:18.0163 4324	tunnel          (2dc2c423572946e9a3131425bda73cb6) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/29 17:06:18.0195 4324	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/29 17:06:18.0210 4324	udfs            (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/29 17:06:18.0257 4324	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/29 17:06:18.0304 4324	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/29 17:06:18.0319 4324	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/29 17:06:18.0351 4324	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/29 17:06:18.0382 4324	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/29 17:06:18.0475 4324	usbaudio        (c899fb269be4740dbe2801b204cd71d4) C:\Windows\system32\drivers\usbaudio.sys
2011/05/29 17:06:18.0522 4324	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/29 17:06:18.0538 4324	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/29 17:06:18.0569 4324	usbehci         (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/29 17:06:18.0600 4324	usbhub          (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/29 17:06:18.0631 4324	usbohci         (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/29 17:06:18.0663 4324	usbprint        (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
2011/05/29 17:06:18.0694 4324	USBSTOR         (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/29 17:06:18.0709 4324	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/29 17:06:18.0756 4324	usbvideo        (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/29 17:06:18.0819 4324	usb_rndisx      (567d09d1c41809550ece9ed22d6d612b) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/05/29 17:06:18.0850 4324	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/29 17:06:18.0897 4324	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/29 17:06:18.0928 4324	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/29 17:06:18.0943 4324	volmgr          (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
2011/05/29 17:06:18.0975 4324	volmgrx         (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
2011/05/29 17:06:19.0006 4324	volsnap         (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
2011/05/29 17:06:19.0037 4324	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/29 17:06:19.0099 4324	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/29 17:06:19.0131 4324	Wanarp          (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 17:06:19.0146 4324	Wanarpv6        (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 17:06:19.0193 4324	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/29 17:06:19.0240 4324	Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/29 17:06:19.0333 4324	winachsf        (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/05/29 17:06:19.0396 4324	winbondcir      (54d68b92dc59fbba95919c804a7c3e07) C:\Windows\system32\DRIVERS\winbondcir.sys
2011/05/29 17:06:19.0474 4324	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/29 17:06:19.0552 4324	WpdUsb          (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/29 17:06:19.0583 4324	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/29 17:06:19.0645 4324	WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/29 17:06:19.0801 4324	{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
2011/05/29 17:06:19.0833 4324	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/05/29 17:06:19.0848 4324	MBR (0x1B8)     (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk1\DR1
2011/05/29 17:06:19.0911 4324	================================================================================
2011/05/29 17:06:19.0911 4324	Scan finished
2011/05/29 17:06:19.0911 4324	================================================================================
2011/05/29 17:06:19.0926 1140	Detected object count: 1
2011/05/29 17:06:19.0926 1140	Actual detected object count: 1
2011/05/29 17:06:39.0754 1140	LockedFile.Multi.Generic(sptd) - User select action: Skip
         
Da ich tatsächlich auf sämtliche Dateien nicht mehr zugreifen kann, werde ich nun auch unhide durchführen.


Zitat:
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
Was ist damit gemeint? Muss ich etwas tun oder Abwarten?

Alt 29.05.2011, 16:14   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Zitat:
Was ist damit gemeint? Muss ich etwas tun oder Abwarten?
Steht doch da: Sowas wie zB den TDSS-Killer nicht einfach per Doppelklick ausführen, sondern Rechtsklicken => als Admin ausführen

Alt 29.05.2011, 16:20   #13
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Oh hilfe, das ist jetzt peinlich...ich habe gedacht, dass sieben User etwas ausführen müssten.
Danke, dass du mir da nochmal auf die Sprünge geholfen hast.

Alt 29.05.2011, 16:23   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Alt 29.05.2011, 16:53   #15
SarinaS
 
Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Standard

Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected



Ich habe das ComboFix durchgeführt und mir wurde folgender Log ausgegeben:
Code:
ATTFilter
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-05-28.01 - Seranna 29.05.2011  17:40:10.1.2 - x64
Microsoft® Windows Vista™ Ultimate   6.0.6001.1.1252.49.1033.18.4090.2271 [GMT 2:00]
ausgeführt von:: c:\users\Seranna\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\facemoods.com
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoods.crx
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoods.png
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsApp.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsEng.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe
c:\users\Seranna\AppData\Local\Temp\RtkBtMnt.exe
c:\webupdater\WebUpdater.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-28 bis 2011-05-29  ))))))))))))))))))))))))))))))
.
.
2011-05-29 15:46 . 2011-05-29 15:46	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-05-29 15:37 . 2011-05-29 15:37	--------	d-----w-	C:\32788R22FWJFW
2011-05-29 15:22 . 2011-05-29 15:22	109360	----a-w-	c:\windows\system32\drivers\64901638.sys
2011-05-29 14:41 . 2011-05-29 14:41	--------	d-----w-	C:\_OTL
2011-05-29 10:39 . 2011-05-29 10:39	--------	d-----w-	c:\program files (x86)\sarina
2011-05-28 05:09 . 2011-05-28 05:09	--------	d-----w-	c:\users\Seranna\AppData\Roaming\Malwarebytes
2011-05-28 05:09 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-28 05:08 . 2011-05-28 05:08	--------	d-----w-	c:\programdata\Malwarebytes
2011-05-28 05:08 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-05-28 05:08 . 2011-05-29 10:36	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-28 04:53 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC0CDC87-9138-4326-9E5A-D633DC229B74}\mpengine.dll
2011-05-28 03:55 . 2011-05-28 03:55	--------	d-----w-	c:\programdata\WindowsSearch
2011-05-11 06:17 . 2011-04-07 12:02	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 06:17 . 2011-04-07 12:01	2409784	----a-w-	c:\program files (x86)\Windows Mail\OESpamFilter.dat
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-10 16:30 . 2011-04-16 07:02	1360384	----a-w-	c:\windows\system32\mfc42u.dll
2011-03-10 16:30 . 2011-04-16 07:02	1398784	----a-w-	c:\windows\system32\mfc42.dll
2011-03-10 16:12 . 2011-04-16 07:02	1161728	----a-w-	c:\windows\SysWow64\mfc42u.dll
2011-03-10 16:12 . 2011-04-16 07:02	1136640	----a-w-	c:\windows\SysWow64\mfc42.dll
2011-03-03 15:09 . 2011-04-15 15:34	975872	----a-w-	c:\windows\system32\inetcomm.dll
2011-03-03 15:06 . 2011-04-27 07:17	32256	----a-w-	c:\windows\system32\Apphlpdm.dll
2011-03-03 15:06 . 2011-04-27 07:17	100352	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:06 . 2011-04-27 07:17	331776	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:06 . 2011-04-27 07:17	281600	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:00 . 2011-04-15 15:34	738816	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-03-03 14:56 . 2011-04-27 07:17	28672	----a-w-	c:\windows\SysWow64\Apphlpdm.dll
2011-03-03 14:56 . 2011-04-27 07:17	173056	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2011-03-03 14:56 . 2011-04-27 07:17	459776	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2011-03-03 14:56 . 2011-04-27 07:17	541696	----a-w-	c:\windows\apppatch\AcLayers.dll
2011-03-03 14:56 . 2011-04-27 07:17	2153984	----a-w-	c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-27 07:17	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2011-03-03 13:15 . 2011-04-15 15:33	2760704	----a-w-	c:\windows\system32\win32k.sys
2011-03-03 13:01 . 2011-04-27 07:17	4240384	----a-w-	c:\windows\SysWow64\GameUXLegacyGDFs.dll
2011-03-02 15:10 . 2011-04-15 15:32	117760	----a-w-	c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"AutoStartNPSAgent"="c:\program files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-07-15 102400]
"HW_OPENEYE_OUC_T-Mobile Internet Manager"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe" [2009-12-31 110592]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-04-19 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\progra~2\LAUNCH~1\QtZgAcer.EXE" [2008-06-04 817672]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-02-18 77824]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-03-06 149280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"DataCardMonitor"="c:\program files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe" [2011-03-03 253952]
.
c:\users\Seranna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-07-15 16392]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-02-01 32240]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-03 136360]
S2 BBDemon;Backbone Service;c:\program files\Dassault Systemes\B17\win_b64\code\bin\CATSysDemon.exe [2006-04-29 48128]
S3 NETw5v64;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit ;c:\windows\system32\DRIVERS\NETw5v64.sys [x]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 04321542
*NewlyCreated* - 19248651
*NewlyCreated* - 29954329
*Deregistered* - 04321542
*Deregistered* - 19248651
*Deregistered* - 29954329
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-20 178712]
"RtHDVCpl"="RAVCpl64.exe" [2008-05-07 6291456]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1237288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-23 15848480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-23 82464]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.facemoods.com/?a=gppc
mLocal Page = %SystemRoot%\system32\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Seranna\AppData\Roaming\Mozilla\Firefox\Profiles\y9zov2n5.default\
FF - prefs.js: browser.search.selectedEngine - Facemoods Search
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=gppc
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodsTlbr.dll
Wow6432Node-HKLM-Run-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\facemoodssrv.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.9\uninstall.exe
AddRemove-Skype™ for Windows Mobile_is1 - c:\users\Seranna\AppData\Local\Temp\WPDNSE\f%7CF%7C%5CMy%20Documents%5C\c:\windows\WindowsMobile\Skype for Windows Mobile\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3637555439-4150254949-3577624952-1000)
@Denied: (2) (LocalSystem)
"Progid"="Applications\\OIS.EXE"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_USERS\S-1-5-21-3637555439-4150254949-3577624952-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}]
@Denied: (A 2) (Everyone)
@="FlashProp Class"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-29  17:50:03
ComboFix-quarantined-files.txt  2011-05-29 15:50
.
Vor Suchlauf: 172.218.486.784 bytes free
Nach Suchlauf: 174.855.524.352 bytes free
.
- - End Of File - - 1CD669920E6A396595081CB498E22C41
         
--- --- ---

Antwort

Themen zu Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected
64-bit, 7-zip, antivir, autorun, avira, bho, black, device driver, entfernen, error, excel, fehlermeldung, firefox, flash player, format, install.exe, installation, keine dateien, launch, microsoft office word, mozilla, object, oldtimer, plug-in, problem, realtek, registry, rundll, scan, searchplugins, security, shell32.dll, software, sptd.sys, start menu, studio, svchost.exe, syswow64, t-mobile, trojaner, trojaner eingefangen, udp, usb 2.0, vista



Ähnliche Themen: Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected


  1. Your Computer is in critical state.Hard disk error detected[Schwarzer Desktop]
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (14)
  2. windows detected a hard disc error
    Plagegeister aller Art und deren Bekämpfung - 11.09.2012 (11)
  3. Hard drive clusters are partly damaged
    Log-Analyse und Auswertung - 29.03.2012 (23)
  4. Hard drive clusters are partly damaged - Daten retten?
    Plagegeister aller Art und deren Bekämpfung - 28.03.2012 (5)
  5. Damaged Hard Drive Clusters Detected
    Log-Analyse und Auswertung - 18.03.2012 (4)
  6. Critical Error Damaged hard Drive Clusters detected
    Log-Analyse und Auswertung - 03.03.2012 (6)
  7. Hard drive clusters are partly damaged / Windows - Delayed Write Failed / Critical Error und andere
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (1)
  8. damaged hard drive Clusters detected
    Log-Analyse und Auswertung - 15.01.2012 (9)
  9. Hard Disk Problem - critical Error
    Log-Analyse und Auswertung - 26.12.2011 (3)
  10. Windows detected a hard disk problem // critical error \\System32\\00005d03
    Log-Analyse und Auswertung - 05.11.2011 (38)
  11. Critical Disk Hard Drive Error
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (1)
  12. [Wichtig] critical error hard drive not found und die anderen Übeltäter
    Log-Analyse und Auswertung - 17.04.2011 (27)
  13. TR/Crypt.XPACK.Gen von Antivir gefunden und Windwosmeldung ``Damaged hard disk clusters detected ``
    Plagegeister aller Art und deren Bekämpfung - 04.04.2011 (18)
  14. Critical Hard Disk, Hard Drive not found usw.
    Plagegeister aller Art und deren Bekämpfung - 16.02.2011 (5)
  15. A critical error has occurred while indexing data stored on hard drive.
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (1)
  16. HDD Low Critical Error, Damaged Hard Drive - Problem mit OTL
    Plagegeister aller Art und deren Bekämpfung - 29.12.2010 (13)
  17. HDDLOW auf PC! Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected
    Plagegeister aller Art und deren Bekämpfung - 27.12.2010 (41)

Zum Thema Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected - Hallo ihr Lieben, ich habe gerade ein großes Problem, da ich mich zwei Wochen vor der Abgabe meiner Abschlussarbeit befinde und sich mein Notebook nun wohl anscheinend einen Trojaner eingefangen - Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected...
Archiv
Du betrachtest: Fehlermeldungen: Critical Error Damaged hard Drive Clusters detected auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.