Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Windows detected a hard disk problem / Windows - Delayed Write Failed

Windows detected a hard disk problem / Windows - Delayed Write Failed


Plagegeister aller Art und deren Bekämpfung: Windows detected a hard disk problem / Windows - Delayed Write Failed

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.12.2011, 21:17   #1
Haihappen271
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Guten Abend zusammen,

meine Freundin hat bis vor ca. 30 Minuten völlig vergnügt im Internet gesurft. Dann bekam Sie von Avira gemeldet, dass ein Exploit gefunden und in die Quarantäne verschoben wurde. Direkt im Anschluss an den Hinweis von Avira bekam sie folgende Meldungen:

1. "Windows detected a hard disk problem - A potential disk failure may cause...." => "Scan and fix" oder "Cancel and reboot"

2. "Windows - Delayed Write Failed: Failed to save all components for...." => "Cancel" , "Try again" oder "Continue"

Wie ich von Tante Google und aus diesem Board erfahren habe, ist meine Freundin wohl nicht die Einzigste die ein derartig geartetes Problem hat.

Bitte helft mir/ihr dieses zu beheben, vorallem ohne, dass ihre Fotos verloren gehen.

Im Voraus vielen Dank für die Mühen

Alt 10.12.2011, 21:26   #2
Chris4You
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

MBR-Check
Lade Dir http://ad13.geekstogo.com/MBRCheck.exe und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
  • Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste bitte den Inhalt des .txt Dokumentes

chris
__________________

__________________
Alt 11.12.2011, 00:44   #3
Haihappen271
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hallo, da ich gerade über zweieinhalb Stunden schmerzhaft lernen musste, dass der Rechner von meiner Freundin total vermüllt ist. Jetzt hier die Logs der Programme.

MalwareByte Anti MalWare:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8348

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11.12.2011 00:15:55
mbam-log-2011-12-11 (00-15-55).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 255875
Laufzeit: 2 Stunde(n), 34 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 9
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\tarwjfmmky.exe (Rogue.FakeHDD) -> 2188 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TaRwjfMMKY.exe (Rogue.FakeHDD) -> Value: TaRwjfMMKY.exe -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\tarwjfmmky.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\WINDOWS\niwradsoft shell pack\Backup\ctfmon.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.12.2011 00:21:11 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Nora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 295,81 Mb Available Physical Memory | 29,16% Memory free
2,38 Gb Paging File | 1,74 Gb Available in Paging File | 73,06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,01 Gb Total Space | 80,80 Gb Free Space | 54,23% Space Free | Partition Type: NTFS
 
Computer Name: NORAS-PC | User Name: Nora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Nora\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\WSED\WSED.exe (Dell)
PRC - C:\Programme\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
PRC - C:\Programme\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Programme\Battery Meter\BTMeter.exe (Dell)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Programme\Dell Video Chat\QtGui4.dll ()
MOD - C:\Programme\Dell Video Chat\QtCore4.dll ()
MOD - C:\Programme\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Programme\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Programme\Dell Video Chat\SDL.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\EMSC.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (OA012Ufd) -- C:\WINDOWS\system32\drivers\OA012Ufd.sys (Creative Technology Ltd.)
DRV - (OA012Vid) -- C:\WINDOWS\system32\drivers\OA012Vid.sys (Creative Technology Ltd.)
DRV - (OA012Afx) -- C:\WINDOWS\system32\drivers\OA012Afx.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (CtClsFlt) -- C:\WINDOWS\system32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (EMSC) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USCON/8
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.meinvz.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.26 20:26:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.26 10:34:45 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2011.01.22 16:40:27 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins [2011.06.18 17:32:53 | 000,000,000 | -H-D | M]
 
[2009.09.06 16:54:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Extensions
[2011.11.11 19:24:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions
[2010.08.23 19:53:49 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.21 13:24:23 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.01 14:55:25 | 000,000,000 | -H-D | M] (Personas) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions\personas@christopher.beard
[2009.10.12 14:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Sunbird\Profiles\ajfhmbc2.default\extensions
[2011.11.26 20:26:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NORA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\F7C8EBWW.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NORA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\F7C8EBWW.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2011.11.26 20:26:08 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.09.22 09:15:24 | 000,404,992 | -H-- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll
[2009.03.24 11:10:44 | 000,114,688 | -H-- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.10.20 12:55:36 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.20 12:55:36 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.20 12:55:36 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.20 12:55:36 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.20 12:55:36 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.20 12:55:36 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTMeter] C:\Programme\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Programme\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WSED] C:\Programme\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SightSpeed] C:\Programme\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A573518-7E16-4FD5-8386-7C533D90A30D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2008.04.29 17:09:27 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{eaf8b8d0-c583-11de-9b54-0024e8c8fa00}\Shell - "" = AutoRun
O33 - MountPoints2\{eaf8b8d0-c583-11de-9b54-0024e8c8fa00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eaf8b8d0-c583-11de-9b54-0024e8c8fa00}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Play.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.11 00:06:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Nora\Recent
[2011.12.10 21:34:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Malwarebytes
[2011.12.10 21:34:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.10 21:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.10 21:34:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.10 21:34:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.10 21:20:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nora\Desktop\OTL.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.11 00:18:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.11 00:18:33 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.10 21:36:50 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Nora\Desktop\MBRCheck.exe
[2011.12.10 21:34:33 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 21:19:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nora\Desktop\OTL.exe
[2011.12.10 18:39:49 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.19 19:02:32 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.10 21:37:26 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Nora\Desktop\MBRCheck.exe
[2011.12.10 21:34:33 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.19 22:34:09 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2010.12.11 10:44:56 | 000,169,280 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.10.13 12:45:48 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\UniFish3.exe
[2009.09.07 12:46:09 | 000,036,352 | -H-- | C] () -- C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 16:54:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.09.06 11:42:36 | 000,000,478 | -H-- | C] () -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\wklnhst.dat
[2009.09.06 11:31:33 | 000,000,141 | -H-- | C] () -- C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.08.03 11:17:47 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe
[2009.08.03 11:16:50 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.03 09:05:06 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.03 08:53:00 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009.08.03 08:41:11 | 000,266,240 | -H-- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009.08.03 08:39:13 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.08.03 08:39:12 | 000,753,664 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.08.03 08:39:12 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009.05.21 05:24:48 | 000,001,683 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.09.29 20:39:00 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.05.27 04:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.27 04:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.27 04:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.27 03:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.27 03:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.29 17:11:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.04.29 17:07:35 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.29 17:06:17 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.04.29 11:56:05 | 000,486,154 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.29 11:56:05 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.29 11:56:05 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.29 11:56:05 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.29 11:55:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.29 11:55:53 | 000,443,222 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.29 11:55:53 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.29 11:55:53 | 000,072,488 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.29 11:55:53 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.29 11:55:52 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.29 11:55:52 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.29 11:55:51 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.04.29 11:55:48 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.29 11:55:48 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.29 11:55:45 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.29 11:55:42 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.29 04:02:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.04.29 04:01:17 | 000,295,664 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001.11.14 19:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >
--- --- ---

Extras:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.12.2011 00:21:11 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Nora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,36 Mb Total Physical Memory | 295,81 Mb Available Physical Memory | 29,16% Memory free
2,38 Gb Paging File | 1,74 Gb Available in Paging File | 73,06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,01 Gb Total Space | 80,80 Gb Free Space | 54,23% Space Free | Partition Type: NTFS
 
Computer Name: NORAS-PC | User Name: Nora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process 
"C:\Programme\Dell Video Chat\DellVideoChat.exe" = C:\Programme\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{10F15459-C54E-41BA-AC83-F12ACAF24690}" = Moorfrosch XS
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391DEA9B-0EF0-4E13-993E-D5E84296558F}" = Kröt XXL
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C85747A-91B6-4233-AAF8-063506D0FF4F}" = LG United Mobile Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dienstprogramm für Dell Wireless WLAN Karte
"Cake Mania 2_is1" = Cake Mania 2
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)  
"Dell Support Center" = Dell Support Center
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Diner Dash_is1" = Diner Dash
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farm Frenzy_is1" = Farm Frenzy
"FormatFactory" = FormatFactory 2.10
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gardenscapes_is1" = Gardenscapes
"GoToAssist" = GoToAssist 8.0.0.514
"Gourmania" = Gourmania
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Akkuanzeige
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Mystery Cookbook" = Mystery Cookbook
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Ranch Rush_is1" = Ranch Rush
"RollerCoaster Tycoon Setup" = Roll
"Seven Remix XP" = Seven Remix XP 2.31
"Sprill Bermuda" = Sprill Bermuda
"SynTPDeinstKey" = Dell Touchpad
"The Clumsys 2 - Butterfly Effect" = The Clumsys 2 - Butterfly Effect (entfernen)
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaMizer" = VistaMizer 3.3.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.10.2011 12:19:58 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 730313
 
Error - 30.10.2011 03:24:28 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2011 03:24:28 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
 
Error - 30.10.2011 03:24:28 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
 
Error - 30.10.2011 03:24:30 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 30.10.2011 03:24:30 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4062
 
Error - 30.10.2011 03:24:30 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4062
 
Error - 14.11.2011 16:56:57 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 14.11.2011 16:56:57 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2016
 
Error - 14.11.2011 16:56:57 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2016
 
[ OSession Events ]
Error - 16.02.2011 09:56:00 | Computer Name = NORAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1477
 seconds with 600 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 10.12.2011 19:12:37 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:13:08 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:13:38 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:14:08 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:14:39 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:15:09 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:15:39 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:16:10 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:16:40 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 10.12.2011 19:17:11 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
 
< End of report >
--- --- ---

MBR:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7ABD000 \WINDOWS\system32\KDCOM.DLL
0xF79CD000 \WINDOWS\system32\BOOTVID.dll
0xF75BD000 msmewwl.sys
0xF73C9000 spgq.sys
0xF7ABF000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73B1000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7382000 ACPI.sys
0xF7371000 pci.sys
0xF75CD000 isapnp.sys
0xF79D1000 compbatt.sys
0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B85000 pciide.sys
0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75DD000 MountMgr.sys
0xF7352000 ftdisk.sys
0xF7845000 PartMgr.sys
0xF79D9000 ACPIEC.sys
0xF7B86000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75ED000 VolSnap.sys
0xF733A000 atapi.sys
0xF75FD000 disk.sys
0xF760D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF731A000 fltMgr.sys
0xF7308000 sr.sys
0xF761D000 PxHelp20.sys
0xF72F1000 KSecDD.sys
0xF72DE000 WudfPf.sys
0xF7251000 Ntfs.sys
0xF7224000 NDIS.sys
0xF720A000 Mup.sys
0xF766D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A75000 \SystemRoot\system32\DRIVERS\EMSC.SYS
0xF767D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF710D000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF6B77000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6B63000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B3B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF69E7000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF69C9000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF789D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF69A5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78A5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7A89000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF768D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6973000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78C5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF693A000 \SystemRoot\System32\Drivers\at64b72t.SYS
0xF6849000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7CE4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7ACD000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7935000 \SystemRoot\System32\Drivers\Modem.SYS
0xF769D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AA5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6832000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7955000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6821000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7965000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7975000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AD3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF67FE000 \SystemRoot\system32\DRIVERS\ks.sys
0xF67A0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF71E2000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
0xF76ED000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76FD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF799D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\btport.sys
0xF770D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79DD000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
0xF71A9000 \SystemRoot\system32\DRIVERS\lgbtport.sys
0xAA2C7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2A3000 \SystemRoot\system32\drivers\portcls.sys
0xF772D000 \SystemRoot\system32\drivers\drmk.sys
0xAA1DB000 \??\C:\WINDOWS\system32\Drivers\OA012Afx.sys
0xF773D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AB5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7ADB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BB8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF788D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7895000 \SystemRoot\System32\drivers\vga.sys
0xF7AE3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78B5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78D5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6794000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA158000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA0FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA0D7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0B1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA08F000 \SystemRoot\System32\drivers\afd.sys
0xF774D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78ED000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA064000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FF4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF776D000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FA5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7AEF000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7905000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9F7A000 \SystemRoot\System32\Drivers\RtsUStor.sys
0xA9F37000 \SystemRoot\system32\DRIVERS\OA012Vid.sys
0xA9F16000 \SystemRoot\system32\DRIVERS\OA012Ufd.sys
0xA9EF2000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0xF779D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77BD000 \SystemRoot\System32\Drivers\btwusb.sys
0xAA1A7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77CD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAA1A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA9ED4000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xF792D000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0xA9E53000 \SystemRoot\system32\drivers\btaudio.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\btwhid.sys
0xF7AA1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9E13000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AFB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9FEC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF797D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0xA9CBC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9D57000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA9CB0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9997000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9982000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9C64000 \SystemRoot\system32\drivers\sysaudio.sys
0xA960A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9079000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8FA9000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA8A68000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll

Processes (total 55):
0 System Idle Process
4 System
496 C:\WINDOWS\system32\smss.exe
908 csrss.exe
932 C:\WINDOWS\system32\winlogon.exe
976 C:\WINDOWS\system32\services.exe
988 C:\WINDOWS\system32\lsass.exe
1164 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1316 C:\WINDOWS\system32\svchost.exe
1468 svchost.exe
1532 svchost.exe
1760 C:\WINDOWS\system32\WLTRYSVC.EXE
1776 C:\WINDOWS\system32\BCMWLTRY.EXE
1796 C:\WINDOWS\system32\spoolsv.exe
1876 C:\Programme\Avira\AntiVir Desktop\sched.exe
128 svchost.exe
552 C:\Programme\Avira\AntiVir Desktop\avguard.exe
568 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
708 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
740 C:\WINDOWS\explorer.exe
444 C:\Programme\Bonjour\mDNSResponder.exe
848 C:\Programme\Java\jre6\bin\jqs.exe
1456 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
1912 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
628 C:\WINDOWS\system32\svchost.exe
828 C:\WINDOWS\system32\searchindexer.exe
2136 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2456 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2612 alg.exe
2692 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2836 C:\WINDOWS\RTHDCPL.EXE
2996 C:\WINDOWS\system32\igfxpers.exe
3028 C:\WINDOWS\OA012Mon.exe
3036 C:\WINDOWS\system32\igfxsrvc.exe
3176 C:\WINDOWS\system32\WLTRAY.EXE
3188 C:\Programme\WSED\WSED.exe
3220 C:\Programme\Battery Meter\BTMeter.exe
3328 C:\Programme\CapsLKNotify\CapsLKNotify.exe
3420 C:\Programme\Java\jre6\bin\jusched.exe
3436 C:\WINDOWS\system32\svchost.exe
3448 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3792 C:\Programme\iTunes\iTunesHelper.exe
3800 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
3836 C:\WINDOWS\system32\ctfmon.exe
4076 C:\Programme\Dell Video Chat\DellVideoChat.exe
2092 C:\Programme\iPod\bin\iPodService.exe
2556 C:\WINDOWS\system32\searchprotocolhost.exe
1112 C:\WINDOWS\NOTEPAD.EXE
2516 C:\WINDOWS\NOTEPAD.EXE
1956 searchfilterhost.exe
3300 C:\Programme\Mozilla Firefox\firefox.exe
3308 C:\WINDOWS\system32\notepad.exe
1652 C:\Dokumente und Einstellungen\Nora\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST9160314AS, Rev: 0003DEM1

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B


Done!

Schon nach dem Scan mit MalWare war eine Verbesserung zu verzeichnen, denn die neu abgelegten Dateien auf dem Desktop waren nach dem Neustart sichtbar. Die "Fehlermeldungen" sind nicht mehr gekommen. Wenn jetzt noch die alten Dateien wieder sichtbar werden, dann habt ihr echt jemanden glücklich gemacht und dadurch mich auch
__________________
Alt 11.12.2011, 09:48   #4
Chris4You
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hi,

muss gleich weg, hab die Logs überfolgen, auf den ersten Blick nichts aufgefallen, schaue sie mir später genauer an...

http://filepony.de/download-unhide/
Runterladen uns ausführen....

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 11.12.2011, 12:06   #5
Chris4You
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hi,

mit unhide Erfolg gehabt?


Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\WINDOWS\UniFish3.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Gruß an Nora ;o),
chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 11.12.2011, 17:13   #6
Haihappen271
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hiho,

dank unhide sind wieder alle Dateien sichtbar geworden.

Den Bericht von Virustotal anbei:

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
UniFish3.exe
Submission date:
2011-12-11 16:01:47 (UTC)
Current status:
finished
Result:
0/ 43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.12.10.00 2011.12.09 -
AntiVir 7.11.19.57 2011.12.09 -
Antiy-AVL 2.0.3.7 2011.12.11 -
Avast 6.0.1289.0 2011.12.11 -
AVG 10.0.0.1190 2011.12.11 -
BitDefender 7.2 2011.12.11 -
ByteHero 1.0.0.1 2011.12.07 -
CAT-QuickHeal 12.00 2011.12.11 -
ClamAV 0.97.3.0 2011.12.11 -
Commtouch 5.3.2.6 2011.12.10 -
Comodo 10920 2011.12.11 -
DrWeb 5.0.2.03300 2011.12.11 -
Emsisoft 5.1.0.11 2011.12.11 -
eSafe 7.0.17.0 2011.12.08 -
eTrust-Vet 37.0.9616 2011.12.09 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.11 -
Fortinet 4.3.388.0 2011.12.11 -
GData 22 2011.12.11 -
Ikarus T3.1.1.109.0 2011.12.11 -
Jiangmin 13.0.900 2011.12.11 -
K7AntiVirus 9.119.5640 2011.12.09 -
Kaspersky 9.0.0.837 2011.12.11 -
McAfee 5.400.0.1158 2011.12.11 -
McAfee-GW-Edition 2010.1E 2011.12.11 -
Microsoft 1.7903 2011.12.11 -
NOD32 6691 2011.12.07 -
Norman 6.07.13 2011.12.11 -
nProtect 2011-12-11.01 2011.12.11 -
Panda 10.0.3.5 2011.12.11 -
PCTools 8.0.0.5 2011.12.11 -
Prevx 3.0 2011.12.11 -
Rising 23.87.03.02 2011.12.08 -
Sophos 4.72.0 2011.12.11 -
SUPERAntiSpyware 4.40.0.1006 2011.12.10 -
Symantec 20111.2.0.82 2011.12.11 -
TheHacker 6.7.0.1.355 2011.12.11 -
TrendMicro 9.500.0.1008 2011.12.11 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.11 -
VBA32 3.12.16.4 2011.12.09 -
VIPRE 11233 2011.12.11 -
ViRobot 2011.12.10.4819 2011.12.11 -
VirusBuster 14.1.110.0 2011.12.11 -
Additional information
MD5 : 80e8a9d877445cd90ec72b630704af0a
SHA1 : aac5925f7c7d51c8344e040aecfef1aa58a643d5
SHA256: c9afec414c346fe4785b5b03143254f23b3d5dfec2d81b6c1982483f510da941
ssdeep: 768:ykrxsAxLy8PuBZA1HZb/olZnFaWLX/okB+4rsGC2PE0VUa85ux:lrxs2OQuB+j8lZFhLvok
B+Ei0qa8U
File size : 45568 bytes
First seen: 2009-03-19 19:26:23
Last seen : 2011-12-11 16:01:47
TrID:
Win32 Executable MS Visual C++ 4.x (64.8%)
Win32 Executable MS Visual C++ (generic) (18.1%)
Windows Screen Saver (6.3%)
Win32 Executable Generic (4.1%)
Win32 Dynamic Link Library (generic) (3.6%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x3380
timedatestamp....: 0x36C15D25 (Wed Feb 10 10:19:17 1999)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x6866, 0x6A00, 6.35, db5bb0e356deb1b618b663ea14d344f3
.rdata, 0x8000, 0x360, 0x400, 4.62, c92097c461f13fc0e06004843520ecf0
.data, 0x9000, 0x3788, 0x2000, 4.19, 1949249196a56e797ef84e8d1d771a63
.idata, 0xD000, 0x8F6, 0xA00, 4.77, be78da64278b9a78def21b0a71fdeb1e
.rsrc, 0xE000, 0x8E4, 0xA00, 3.46, ce34680208b09f90503e628aa66b14ca
.reloc, 0xF000, 0xA48, 0xC00, 5.61, 8b194fb28344a620c908ec23b543c0e0

[[ 5 import(s) ]]
KERNEL32.dll: GetSystemDefaultLangID, lstrlenA, lstrcmpiA, lstrcatA, GetCurrentDirectoryA, RemoveDirectoryA, FindNextFileA, CloseHandle, SetEnvironmentVariableA, CompareStringW, HeapReAlloc, GetStringTypeW, GetStringTypeA, CompareStringA, LoadLibraryA, GetProcAddress, SetEndOfFile, CreateFileA, SetFilePointer, GetTimeZoneInformation, SetStdHandle, WriteFile, FlushFileBuffers, GetFileType, SetHandleCount, GetStdHandle, GetACP, GetCPInfo, HeapFree, HeapAlloc, GetLastError, FindFirstFileA, lstrcpyA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, HeapCreate, UnhandledExceptionFilter, GetOEMCP, ReadFile, ExitProcess, TerminateProcess, GetCurrentProcess, RtlUnwind, GetModuleFileNameA, FreeEnvironmentStringsA, MultiByteToWideChar, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, WideCharToMultiByte
USER32.dll: ExitWindowsEx, EndDialog, MessageBoxA, SetWindowTextA, ShowWindow, EnableWindow, SetCursor, LoadCursorA, SendDlgItemMessageA, GetDlgItem, SetDlgItemTextA, DialogBoxParamA, FindWindowA, SendMessageA, wsprintfA, wvsprintfA
GDI32.dll: DeleteObject, CreateFontIndirectA
ADVAPI32.dll: RegDeleteKeyA, RegCloseKey, RegQueryValueExA, RegOpenKeyA, RegDeleteValueA
SHELL32.dll: SHGetMalloc, SHBrowseForFolder, SHGetPathFromIDList, SHFileOperationA
ExifTool:
file metadata
CodeSize: 27136
EntryPoint: 0x3380
FileSize: 44 kB
FileType: Win32 EXE
ImageVersion: 0.0
InitializedDataSize: 23552
LinkerVersion: 3.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 1999:02:10 11:19:17+01:00
UninitializedDataSize: 0

VT Community

This file has never been reviewed by any VT Community member. Be the first one to comment on it!

VirusTotal Team

Alt 11.12.2011, 19:19   #7
Chris4You
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hi,

das sollte es gewesen sein, wie verhält sich der Rechner?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 12.12.2011, 21:22   #8
Haihappen271
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hallo,

vielen Dank für die schnelle und kompetente Hilfe, nicht nur von mir sondern besonders von meiner Freundin.

Der Rechner läuft stabil und zeigt keinerlei Ausfälle.

Nochmals vielen Dank, eine schöne Adventszeit und ein Frohes Fest
(natürlich für das ganze Team)

Alt 12.12.2011, 21:27   #9
Chris4You
 
Windows detected a hard disk problem / Windows - Delayed Write Failed - Standard

Windows detected a hard disk problem / Windows - Delayed Write Failed


Hi,

Okay, Euch auch und noch einen schönen Advent... )

chris & out
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu Windows detected a hard disk problem / Windows - Delayed Write Failed
anschluss, avira, board, continue, detected, direkt, exploit, failed, fix, folge, folgende, freundin, google, guten, hard disk, helft, hinweis, internet, meldungen, problem, quarantäne, reboot, scan, tan, tante, verloren, windows, windows - delayed write failed, windows detected a hard disk problem


« TR/Crypt.XPACK.Gen auf WinXP plus evtl. andere Malware | Nach Virus keine Icons auf dem Desktop »


Ähnliche Themen: Windows detected a hard disk problem / Windows - Delayed Write Failed


  1. Dringend! Windows detected hard disk problem - alle Daten gehen verloren?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (10)
  2. Dringend! Windows detected hard disk problem - alle Daten gehen verloren?
    Lob, Kritik und Wünsche - 07.11.2014 (0)
  3. Virus: Windows detected a hard disk problem - WinXP
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (5)
  4. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (1)
  5. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (4)
  6. Windows detected a hard disk problem.
    Log-Analyse und Auswertung - 29.02.2012 (3)
  7. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (3)
  8. windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (3)
  9. Hard drive clusters are partly damaged / Windows - Delayed Write Failed / Critical Error und andere
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (1)
  10. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (12)
  11. Windows - Delayed Write Failed/Windows detected a hard disk problem
    Log-Analyse und Auswertung - 12.12.2011 (1)
  12. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  13. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  14. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  15. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (10)
  16. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)
  17. Windows detected a hard disk problem // critical error \\System32\\00005d03
    Log-Analyse und Auswertung - 05.11.2011 (38)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows detected a hard disk problem / Windows - Delayed Write Failed - Guten Abend zusammen, meine Freundin hat bis vor ca. 30 Minuten völlig vergnügt im Internet gesurft. Dann bekam Sie von Avira gemeldet, dass ein Exploit gefunden und in die Quarantäne - Windows detected a hard disk problem / Windows - Delayed Write Failed...
Archiv
Du betrachtest: Windows detected a hard disk problem / Windows - Delayed Write Failed auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55