| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MBR wird laufend überschrieben (Win7-64)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.01.2011, 21:16
| #1 |
| |  MBR wird laufend überschrieben (Win7-64) Hallo, seit einigen Wochen habe ich das Problem, dass mein MBR laufend überschrieben wird. Ich habe den Bootmanager Plop hxxp://www.plop.at/ installiert und nach der Manipulation des MBR startet der Bootmanager nicht mehr. Der MBR wird nicht komplett überschrieben, sonst würde der neue ja funktionieren. Wenn ich den Bootmanager wieder neu installiere, dann funktioniert alles wieder. Daher glaube ich, dass sich irgendein Rootkit installieren will; es aber auf Grund des anderen Bootmanagers nicht schafft. Bei der Suche nach dem Problem bin ich auf dieses Forum gestoßen und habe die beschriebenen Tools schon angewendet. Anti-Malware hat folgendes gefunden: Code:
ATTFilter Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
Hier das aktuelle Anti-Malware log: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5578
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
24.01.2011 20:09:57
mbam-log-2011-01-24 (20-09-57).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170855
Laufzeit: 1 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.01.2011 20:53:45 - Run 1 OTL by OldTimer - Version 3.2.20.5 Folder = D:\Software\Rootkit 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 54,81 Gb Free Space | 56,18% Space Free | Partition Type: NTFS Drive D: | 146,48 Gb Total Space | 80,54 Gb Free Space | 54,98% Space Free | Partition Type: NTFS Drive E: | 123,96 Gb Total Space | 78,75 Gb Free Space | 63,53% Space Free | Partition Type: NTFS Computer Name: BAREBONE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\Software\Rootkit\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) PRC - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) PRC - C:\Users\***\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH) PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () PRC - C:\Windows\vVX1000.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet) ========== Modules (SafeList) ========== MOD - D:\Software\Rootkit\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.) DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\A94A.tmp (Sophos Plc) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys () DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\sysWOW64\drivers\npf_devolo.sys (CACE Technologies) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 47 64 62 E3 95 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7 FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2 FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933 FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.12 20:14:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.15 10:41:26 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.12 20:12:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.10 20:11:25 | 000,000,000 | ---D | M] [2010.01.09 21:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.01.09 21:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2009.09.03 07:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2009.10.28 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder [2009.10.28 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX [2009.10.28 20:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard [2011.01.24 20:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions [2010.09.25 08:53:19 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2010.03.30 19:24:47 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} [2010.12.23 20:30:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.11.17 21:38:20 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\de-AT@dictionaries.addons.mozilla.org [2010.10.01 07:43:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\foxmarks@kei.com [2010.11.25 19:52:29 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\ietab@ip.cn [2010.11.30 21:02:01 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\optimizegoogle@optimizegoogle.com [2010.07.30 19:55:54 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\YoutubeDownloader@PeterOlayev.com [2011.01.15 10:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011.01.15 10:41:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.24 20:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\***\PROGRAM FILES (X86)\DNA [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.10 20:10:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKCU..\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.23 14:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2011.01.23 14:07:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011.01.23 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware [2011.01.23 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.01.23 14:07:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011.01.23 14:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011.01.19 21:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics [2011.01.19 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Auslogics [2011.01.19 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics [2011.01.15 20:38:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.15 10:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Google Earth [2011.01.15 10:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2011.01.15 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2011.01.15 10:41:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2011.01.15 10:41:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2011.01.15 10:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2011.01.15 10:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2011.01.12 21:20:19 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2011.01.12 21:20:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2011.01.12 21:20:19 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2011.01.12 21:20:19 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll [2011.01.12 21:20:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2011.01.12 21:20:19 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll [2011.01.12 21:20:18 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2011.01.12 21:20:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2011.01.12 21:20:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll [2011.01.12 21:20:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011.01.12 21:20:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011.01.12 21:20:17 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2011.01.12 21:20:17 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2011.01.12 21:20:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2011.01.12 21:20:17 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011.01.12 21:20:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2011.01.12 21:20:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011.01.12 21:20:17 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll [2011.01.12 21:20:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2011.01.12 21:20:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll [2011.01.12 21:20:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll [2011.01.12 21:20:16 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys [2011.01.12 21:20:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2011.01.12 21:20:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2011.01.12 21:20:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll [2011.01.12 21:20:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2011.01.12 21:20:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2011.01.12 21:20:02 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll [2011.01.12 21:20:02 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll [2011.01.04 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\***\user [2011.01.04 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Code Composer Studio [2011.01.04 21:06:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macrovision [2011.01.04 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2011.01.04 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.TI [2011.01.04 21:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Texas Instruments [2011.01.04 21:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared [2011.01.04 20:59:57 | 000,000,000 | ---D | C] -- C:\Users\***\workspace [2011.01.04 20:57:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry [2010.12.31 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnkhSVN 2 [2010.12.31 07:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla [2010.12.31 07:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\FileZilla FTP Client [2010.12.31 07:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client [2010.12.30 21:30:57 | 000,114,176 | ---- | C] (Microsoft) -- C:\Users\***\Desktop\DiagnosticAuthorizationTool.exe [2010.12.26 07:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HomePlugConfigWizard [2010.12.26 07:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HomePlug [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.24 20:42:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001UA.job [2011.01.24 20:39:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.01.24 20:15:00 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.24 20:15:00 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.24 20:07:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.01.24 20:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.01.24 20:07:01 | 3168,616,448 | -HS- | M] () -- C:\hiberfil.sys [2011.01.23 20:08:33 | 001,620,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.01.23 20:08:33 | 000,699,034 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.01.23 20:08:33 | 000,654,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.01.23 20:08:33 | 000,149,230 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.01.23 20:08:33 | 000,122,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.01.23 14:07:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.21 09:42:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001Core.job [2011.01.19 21:15:31 | 000,001,214 | ---- | M] () -- C:\Users\***\Desktop\Auslogics Disk Defrag.lnk [2011.01.19 21:12:19 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.01.19 21:03:44 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk [2011.01.18 20:29:48 | 000,591,202 | ---- | M] () -- C:\Users\***\Desktop\Designing Software Quality.pdf [2011.01.16 11:56:19 | 000,000,036 | ---- | M] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId [2011.01.15 11:12:26 | 000,005,952 | ---- | M] () -- C:\Users\***\Desktop\bergfextour_talkenschrein-neunkirchner-huette.kml [2011.01.15 10:15:46 | 000,002,420 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk [2011.01.10 08:04:16 | 000,004,246 | ---- | M] () -- C:\Users\***\Desktop\Storno Funimation - Verknüpfung.lnk [2011.01.06 22:32:19 | 000,109,056 | ---- | M] () -- C:\Users\***\Desktop\StateMachine.vsd [2011.01.04 21:03:15 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Code Composer Studio v5.lnk [2011.01.04 20:45:37 | 000,000,010 | ---- | M] () -- C:\Users\***\AppData\Roaming\hhxprot5 [2011.01.04 20:45:27 | 000,002,044 | ---- | M] () -- C:\Users\***\Desktop\10sec-Haushaltsbuch.lnk [2010.12.31 13:40:10 | 000,001,038 | ---- | M] () -- C:\Users\***\Desktop\Lola - Das Kuckucksei.MP4 - Verknüpfung.lnk [2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.23 14:07:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.01.19 21:15:31 | 000,001,214 | ---- | C] () -- C:\Users\***\Desktop\Auslogics Disk Defrag.lnk [2011.01.18 20:29:44 | 000,591,202 | ---- | C] () -- C:\Users\***\Desktop\Designing Software Quality.pdf [2011.01.16 11:56:19 | 000,000,036 | ---- | C] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId [2011.01.15 11:12:25 | 000,005,952 | ---- | C] () -- C:\Users\***\Desktop\bergfextour_talkenschrein-neunkirchner-huette.kml [2011.01.10 08:04:16 | 000,004,246 | ---- | C] () -- C:\Users\***\Desktop\Storno Funimation - Verknüpfung.lnk [2011.01.06 22:32:19 | 000,109,056 | ---- | C] () -- C:\Users\***\Desktop\StateMachine.vsd [2011.01.04 21:03:15 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Code Composer Studio v5.lnk [2011.01.04 20:45:37 | 000,000,010 | ---- | C] () -- C:\Users\***\AppData\Roaming\hhxprot5 [2010.12.31 13:40:10 | 000,001,038 | ---- | C] () -- C:\Users\***\Desktop\Lola - Das Kuckucksei.MP4 - Verknüpfung.lnk [2010.11.04 22:00:39 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234 [2010.10.24 12:18:35 | 000,037,412 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.09.27 12:09:39 | 000,000,053 | ---- | C] () -- C:\Windows\fcad5lt.ini [2010.09.27 11:28:30 | 000,000,015 | ---- | C] () -- C:\Windows\DME32.INI [2010.08.18 19:11:36 | 000,007,652 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.07.20 21:13:58 | 000,001,572 | ---- | C] () -- C:\Users\***\AppData\Roaming\MyMicroBalanceConfig.ini [2010.04.02 18:37:46 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.04.02 18:37:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.02 18:37:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.02.21 20:43:29 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.20 21:04:07 | 000,000,479 | ---- | C] () -- C:\ProgramData\qcadrc [2010.01.29 21:10:49 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2010.01.22 20:22:16 | 001,641,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.01.15 20:47:28 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2009.12.15 01:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2009.12.15 01:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2009.12.12 12:06:10 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2009.10.31 21:13:26 | 000,000,546 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini [2009.09.18 19:11:33 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2009.09.18 19:11:33 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2009.09.15 20:09:45 | 000,000,010 | ---- | C] () -- C:\Users\***\AppData\Roaming\hhxprot4 [2009.09.01 19:53:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.08.29 20:00:00 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2009.08.29 19:31:23 | 003,297,280 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata [2009.07.24 14:04:54 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.01.25 22:10:48 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2009.01.09 00:01:22 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll ========== LOP Check ========== [2011.01.10 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10-Sekunden-Haushaltsbuch [2010.06.21 20:28:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\A-Trust GmbH [2010.01.21 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft [2011.01.19 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2010.01.15 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broad Intelligence [2010.01.29 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.09.27 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CASta-C [2010.08.30 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DirektFotoSystem3 [2011.01.24 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA [2010.04.25 09:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.31 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla [2009.10.02 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flash Undelete Software [2009.08.29 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit [2010.08.10 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2010.04.04 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFileSync [2010.10.18 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JetBrains [2010.10.18 13:55:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM [2011.01.21 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass [2010.12.13 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KOSTAL Solar Electric GmbH [2011.01.04 20:28:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2010.10.23 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2010.12.28 20:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2010.03.27 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Participatory Culture Foundation [2010.10.23 05:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2010.04.02 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCF-VLC [2010.12.11 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pieps [2010.11.16 08:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pieps_GMBH [2010.06.21 20:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SignaturUmgebung [2010.10.28 08:09:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion [2010.12.12 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.11.10 16:42:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Termite [2010.01.09 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2009.09.03 07:49:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom [2010.05.27 19:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\tradesignal [2011.01.17 20:20:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 24.01.2011 20:53:45 - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = D:\Software\Rootkit
64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 54,81 Gb Free Space | 56,18% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 80,54 Gb Free Space | 54,98% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 78,75 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{4A851AAB-F47D-4C1E-813C-A21A87E80589}" = Foxit PDF IFilter
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"287456DB90C1DA963CF09266912A2F7FFEF599C5" = Windows-Treiberpaket - Texas Instruments, Inc (umpusbvista) Ports (10/20/2009 6.5.9017.0)
"B89452C8A2A1FCF2E1BCF0ECA27FB6019CFA00CF" = Windows-Treiberpaket - Texas Instruments (usbser) Ports (12/11/2007 1.3)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HardlinkShellExt" = Link Shell Extension
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1A772F15-B3FE-381A-BD29-82A78096B720}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BA62480-D267-436C-B62F-12A54EEE055D}" = Mindjet MindManager Pro 7
"{3175553C-88D5-453B-93CB-4012A827533A}" = Microsoft StyleCop 4.3.3.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5E81B080-4629-4EC3-AA90-538394122120}" = MSVC80_Runtime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6BCCC651-1638-4D86-B6AF-F8B7BB0C9141}" = Windows Installer XML Toolset 3.5
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7270D01E-6AFF-4E45-9A05-1152BCFE3FB2}" = AnkhSVN 2.1.10019.14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B82827EC-C335-4986-9C89-A2A6FA8344F0}" = Microsoft Pex 2010 (x86) 0.90.50303.0
"{B99459D2-B91A-417E-9DFA-F53D569F4445}_is1" = H.264 Encoder 1.5
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C7E08583-EE96-44EC-8FE4-32FFA69965CF}" = JetBrains ReSharper 5.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"10-Sekunden-Haushaltsbuch 4" = 10-Sekunden-Haushaltsbuch 4 4.07
"10-Sekunden-Haushaltsbuch 5" = 10-Sekunden-Haushaltsbuch 5 5.08
"4F9A85D9-5F0E-E538-D71C-621DF59F81FA" = Debug Server
"a.sign Bürgerkartensoftware" = a.sign Bürgerkartensoftware 1.3.0.7
"a.sign Client" = a.sign Client 1.2.7.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.7
"asignPDFverify" = asignPDFverify 1.0.5.0
"BadCopy Pro" = BadCopy Pro
"Code Composer Studio v5.0.1" = Code Composer Studio v5.0.1
"CollabNet Automatic Update" = CollabNet Automatic Update 1.2
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.13
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"dlanconftiny" = HomePlug-Konfigurationsassistent
"FileZilla Client" = FileZilla Client 3.3.5.1
"Foxit Reader" = Foxit Reader
"Free Studio_is1" = Free Studio version 4.6
"Free Video Dub_is1" = Free Video Dub version 1.8
"FreeFileSync" = FreeFileSync v3.13
"FreePortScanner_is1" = FreePortScanner 2.8.2
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Notepad++" = Notepad++
"PIKO Master Control V2.0_is1" = PIKO Master Control V2.0 v1.0.4.0
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZetaResourceEditor" = Zeta Resource Editor 2.1.0.76 (nur entfernen)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 19.12.2010 11:18:55 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
The language of this upgrade package is different than the language used in your
original Security Essentials installation. Error code:0x8004FF36.
Error - 19.12.2010 11:20:57 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
The language of this upgrade package is different than the language used in your
original Security Essentials installation. Error code:0x8004FF36.
Error - 19.12.2010 11:21:05 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
The language of this upgrade package is different than the language used in your
original Security Essentials installation. Error code:0x8004FF36.
Error - 19.12.2010 15:04:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x2f8 Startzeit der fehlerhaften Anwendung: 0x01cb9fad1236740d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
c6c7f441-0ba2-11e0-949b-002354381eed
Error - 20.12.2010 16:04:55 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01cba080db8f411f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
693baeae-0c74-11e0-8db0-002354381eed
Error - 22.12.2010 09:30:36 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\direktfotosystem3\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\direktfotosystem3\DelZip179.dll" in Zeile 8. Der Wert "*"
des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 23.12.2010 11:33:11 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x9d8 Startzeit der fehlerhaften Anwendung: 0x01cba2b574fa2b98 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
f2f424ce-0ea9-11e0-ae6b-002354381eed
Error - 26.12.2010 04:06:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0x33c Startzeit der fehlerhaften Anwendung: 0x01cba4cae3d8aec8 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
0ffa8281-10c7-11e0-9470-002354381eed
Error - 26.12.2010 15:34:52 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0xcc Startzeit der fehlerhaften Anwendung: 0x01cba52f904c71b0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
3573d3de-1127-11e0-bd94-002354381eed
Error - 27.12.2010 15:07:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
Zeitstempel: 0x4b849404 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002dce ID des fehlerhaften
Prozesses: 0xc18 Startzeit der fehlerhaften Anwendung: 0x01cba5f786eeb484 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung:
91ec6165-11ec-11e0-8d1e-002354381eed
[ Cisco AnyConnect VPN Client Events ]
Error - 22.01.2011 10:53:54 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 22.01.2011 10:53:54 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 23.01.2011 08:32:06 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 23.01.2011 08:32:06 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 23.01.2011 09:23:09 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 23.01.2011 09:23:09 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 23.01.2011 14:48:26 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 23.01.2011 14:48:26 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 24.01.2011 15:07:13 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
Error - 24.01.2011 15:07:13 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
[ System Events ]
Error - 18.01.2011 13:42:03 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 18.01.2011 15:06:51 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 19.01.2011 09:18:41 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 19.01.2011 15:11:35 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 19.01.2011 17:26:21 | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error - 21.01.2011 04:31:22 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 22.01.2011 11:34:55 | Computer Name = *** | Source = SCardSvr | ID = 610
Description =
Error - 23.01.2011 08:32:24 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 23.01.2011 14:48:32 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
Error - 24.01.2011 15:07:30 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842
< End of report >
Ich weiß leider nicht mehr wie ich dieses Problem in den Griff kriegen kann. Vielleicht kann mir jemand aus dem Board einen Tipp geben. Vielen Dank, Geändert von noreturn (24.01.2011 um 21:27 Uhr) |
|
24.01.2011, 23:07
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | MBR wird laufend überschrieben (Win7-64) Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________
__________________ |
|
26.01.2011, 20:47
| #3 |
| | MBR wird laufend überschrieben (Win7-64) Hallo,
__________________ja, es gibt noch ein Log vor dem Entfernen der Registry Entries. |
|
26.01.2011, 20:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR wird laufend überschrieben (Win7-64) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.01.2011, 21:29
| #5 |
| | MBR wird laufend überschrieben (Win7-64) Combofix Logfile: Code:
ATTFilter ComboFix 11-01-25.05 - *** 26.01.2011 21:17:06.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7600.0.1252.43.1031.18.4029.2566 [GMT 1:00]
ausgeführt von:: d:\software\Rootkit\cofi.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
((((((((((((((((((((((( Dateien erstellt von 2010-12-26 bis 2011-01-26 ))))))))))))))))))))))))))))))
.
2011-01-26 20:20 . 2011-01-26 20:20 -------- d-----w- c:\users\***\AppData\Local\temp
2011-01-26 20:20 . 2011-01-26 20:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 09:24 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA4309ED-12B4-42CA-8F4A-2B147DAC1602}\mpengine.dll
2011-01-25 08:29 . 2011-01-25 08:29 -------- d-----w- c:\users\***\.Geopublisher
2011-01-25 08:29 . 2011-01-25 08:29 -------- d-----w- c:\users\***\.AtlasViewer
2011-01-25 08:29 . 2011-01-25 08:29 -------- d-----w- c:\users\***\.AtlasStyler
2011-01-24 21:03 . 2009-03-09 14:27 5425496 ----a-w- c:\windows\system32\D3DX9_41.dll
2011-01-24 21:03 . 2009-03-09 14:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2011-01-24 21:02 . 2011-01-24 21:02 -------- d-----w- c:\program files\Microsoft Mathematics
2011-01-23 13:07 . 2011-01-23 13:07 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2011-01-23 13:07 . 2011-01-23 13:07 -------- d-----w- c:\programdata\Malwarebytes
2011-01-23 13:07 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-23 13:07 . 2011-01-23 13:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-23 13:07 . 2010-12-20 17:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 20:15 . 2011-01-19 20:15 -------- d-----w- c:\users\***\AppData\Roaming\Auslogics
2011-01-19 20:15 . 2011-01-19 20:15 -------- d-----w- c:\program files (x86)\Auslogics
2011-01-15 09:41 . 2011-01-15 09:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-01-15 09:41 . 2010-11-12 17:53 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-01-15 09:41 . 2010-11-12 17:53 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-01-04 20:21 . 2011-01-04 20:21 -------- d-----w- c:\users\***\user
2011-01-04 20:06 . 2011-01-23 19:40 -------- d-----w- c:\users\***\AppData\Local\Code Composer Studio
2011-01-04 20:06 . 2011-01-04 20:06 -------- d-----w- c:\users\***\AppData\Roaming\Macrovision
2011-01-04 20:06 . 2011-01-04 20:06 -------- d-----w- c:\programdata\InstallShield
2011-01-04 20:05 . 2011-01-04 20:05 -------- d-----w- c:\users\***\AppData\Local\.TI
2011-01-04 20:01 . 2011-01-04 20:01 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-01-04 19:59 . 2011-01-04 19:59 -------- d-----w- c:\users\***\workspace
2011-01-04 19:57 . 2011-01-04 20:02 -------- d--h--w- c:\program files (x86)\InstallJammer Registry
2011-01-04 19:45 . 2010-12-28 10:18 420968 ----a-w- c:\windows\uninstall\10-Sekunden-Haushaltsbuch 5\setup.exe
2010-12-31 12:56 . 2010-12-31 12:56 -------- d-----w- c:\program files (x86)\AnkhSVN 2
2010-12-31 06:52 . 2010-12-31 08:27 -------- d-----w- c:\users\***\AppData\Roaming\FileZilla
2010-12-31 06:52 . 2010-12-31 06:52 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 10:20 . 2010-12-20 20:04 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-31 12:56 . 2010-01-22 19:33 1374720 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2010-12-22 14:08 . 2010-12-22 14:08 173840 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-12-22 14:08 . 2010-12-23 19:57 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-12-22 14:08 . 2010-12-23 19:57 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-12-22 14:08 . 2010-12-22 14:08 43792 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys
2010-12-22 14:08 . 2010-12-22 14:08 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-22 14:08 . 2010-12-22 14:08 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-19 15:34 . 2010-12-19 15:34 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51EB4182-6CE5-43BC-B119-3441B5E9EE5F}\gapaengine.dll
2010-11-07 12:02 . 2010-11-07 12:02 119808 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2010-11-04 06:35 . 2010-12-17 08:13 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-17 08:13 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-17 08:13 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-17 08:13 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-17 08:13 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-17 08:13 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-17 08:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-17 08:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-17 08:13 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-17 08:13 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:17 . 2010-12-17 08:13 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:16 . 2010-12-17 08:13 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-17 08:13 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-17 08:13 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-17 08:13 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-17 08:13 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-17 08:13 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-17 08:13 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"BitTorrent DNA"="c:\users\***\Program Files (x86)\DNA\btdna.exe" [2010-01-17 323392]
"Google Update"="c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-02 136176]
"acSecurityLayer"="c:\program files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe" [2010-08-12 3351712]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2009-07-24 118624]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"MMReminderService"="c:\program files (x86)\Mindjet\MindManager 7\MMReminderService.exe" [2008-03-19 37144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe 2\KeePass.exe" [2010-09-05 1655296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
a.sign Client.lnk - c:\program files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe [2009-12-22 1008800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2010-02-08 29184]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 51600]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-08-16 1436424]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A94A.tmp [2010-05-26 6144]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2010-12-22 43792]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-20 1255736]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework64\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 54864]
S2 cjpcsc;cyberJack PC/SC COM Service ;c:\windows\SysWOW64\cjpcsc.exe [2010-05-02 498096]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\sysWOW64\drivers\npf_devolo.sys [2007-02-07 34048]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-08-16 592120]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 173840]
.
Inhalt des "geplante Tasks" Ordners
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 07:56]
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 07:56]
2011-01-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001Core.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 18:30]
2011-01-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001UA.job
- c:\users\***\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-02 18:30]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 07:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\HardLinkMenu]
@="{0A479751-02BC-11d3-A855-0004AC2568AA}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568AA}]
2010-02-21 20:07 266752 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IconOverlayHardLink]
@="{0A479751-02BC-11d3-A855-0004AC2568DD}"
[HKEY_CLASSES_ROOT\CLSID\{0A479751-02BC-11d3-A855-0004AC2568DD}]
2010-02-21 20:07 266752 ----a-w- c:\program files\LinkShellExtension\HardlinkShellExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VX1000"="c:\windows\vVX1000.exe" [2009-07-24 762224]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-16 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2010-07-21 2306448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\uskowlm9.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: German Dictionary, extended for Austria: de-AT@dictionaries.addons.mozilla.org - %profile%\extensions\de-AT@dictionaries.addons.mozilla.org
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: 1-Click YouTube Video Downloader: YoutubeDownloader@PeterOlayev.com - %profile%\extensions\YoutubeDownloader@PeterOlayev.com
FF - Ext: Forecastfox Weather: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3} - %profile%\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: OptimizeGoogle: optimizegoogle@optimizegoogle.com - %profile%\extensions\optimizegoogle@optimizegoogle.com
.
.
------- Dateityp-Verknüpfung -------
.
.txt=Notepad++_file
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A94A.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-01-26 21:22:07
ComboFix-quarantined-files.txt 2011-01-26 20:22
Vor Suchlauf: 13 Verzeichnis(se), 57.092.915.200 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 56.764.850.176 Bytes frei
- - End Of File - - 8F8EFEBF3E4D9078952DE5B211F9A3A6
|
|
26.01.2011, 21:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR wird laufend überschrieben (Win7-64) Bitte nun Logs mit GMER und mbrcheck erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg Anleitung zu mbrcheck: Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ --> MBR wird laufend überschrieben (Win7-64) |
|
02.02.2011, 20:29
| #7 |
| | MBR wird laufend überschrieben (Win7-64) Hallo, des Ergebnis von GMER: No system modifications found. MBRCheck hat auf meiner externen Festplatte einen Non-standard MBR gefunden. Der auf Platte Datenträger0 ist klar, aber der auf Datenträger5 nicht? Meine Fragen dazu: - Wie kommt der dahin? - Wird der MBR beim Anstecken einer externen Festplatte überhaupt ausgeführt? Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Enterprise Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x02000fdc
Kernel Drivers (total 201):
0x02E61000 \SystemRoot\system32\ntoskrnl.exe
0x02E18000 \SystemRoot\system32\hal.dll
0x00BB8000 \SystemRoot\system32\kdcom.dll
0x00CD9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D1D000 \SystemRoot\system32\PSHED.dll
0x00D31000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00EAE000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F52000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F61000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FB8000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FC1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E00000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E0D000 \SystemRoot\System32\drivers\partmgr.sys
0x00E22000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E37000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E93000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E9A000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00D8F000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DA9000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00DB2000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00DDC000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00DE7000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010F1000 \SystemRoot\system32\drivers\fltmgr.sys
0x0113D000 \SystemRoot\system32\drivers\fileinfo.sys
0x01225000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01151000 \SystemRoot\System32\Drivers\msrpc.sys
0x013C8000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013E2000 \SystemRoot\System32\drivers\pcw.sys
0x013F3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014FF000 \SystemRoot\system32\drivers\ndis.sys
0x01400000 \SystemRoot\system32\drivers\NETIO.SYS
0x01460000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0148B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x014D5000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01073000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x014E5000 \SystemRoot\System32\Drivers\spldr.sys
0x011AF000 \SystemRoot\System32\drivers\rdyboost.sys
0x014ED000 \SystemRoot\System32\Drivers\mup.sys
0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0183B000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01875000 \SystemRoot\system32\DRIVERS\disk.sys
0x0188B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x018F3000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0191D000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x0194E000 \SystemRoot\System32\Drivers\Null.SYS
0x01957000 \SystemRoot\System32\Drivers\Beep.SYS
0x0195E000 \SystemRoot\System32\drivers\vga.sys
0x0196C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01991000 \SystemRoot\System32\drivers\watchdog.sys
0x019A1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019AA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019B3000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019BC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x019D8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x01800000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CBA000 \SystemRoot\system32\drivers\afd.sys
0x02D44000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D89000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D92000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DB8000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DC7000 \SystemRoot\system32\DRIVERS\serial.sys
0x02DE4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C00000 \SystemRoot\system32\DRIVERS\VBoxUSBMon.sys
0x02C0C000 \SystemRoot\system32\DRIVERS\VBoxDrv.sys
0x02C42000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C56000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02CA7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0180D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x01818000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x01823000 \SystemRoot\System32\drivers\discache.sys
0x03CEB000 \SystemRoot\system32\drivers\csc.sys
0x03D6E000 \SystemRoot\System32\Drivers\dfsc.sys
0x03D8C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DC3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04819000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x05238000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0532C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05372000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0537F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x053D5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03DD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C00000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x03C3E000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x03C94000 \SystemRoot\system32\DRIVERS\parport.sys
0x053E6000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x053EE000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04800000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03CB1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03CC7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x01200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x010BF000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E62000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E7D000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E9E000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x03EB8000 \SystemRoot\system32\DRIVERS\VBoxNetAdp.sys
0x03EDD000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x03EE8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x03EF7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03F06000 \SystemRoot\system32\DRIVERS\VClone.sys
0x03F15000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x03F44000 \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys
0x03F6D000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03F6F000 \SystemRoot\system32\DRIVERS\ks.sys
0x03FB2000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03E00000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03FC4000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0681F000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x06AD2000 \SystemRoot\system32\drivers\portcls.sys
0x06B0F000 \SystemRoot\system32\drivers\drmk.sys
0x06B31000 \SystemRoot\system32\drivers\ksthunk.sys
0x06B37000 \SystemRoot\system32\drivers\HdAudio.sys
0x000F0000 \SystemRoot\System32\win32k.sys
0x06B93000 \SystemRoot\System32\drivers\Dxapi.sys
0x06B9F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00470000 \SystemRoot\System32\TSDDD.dll
0x007D0000 \SystemRoot\System32\cdd.dll
0x06BAD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x06BCA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x008F0000 \SystemRoot\System32\ATMFD.DLL
0x02202000 \SystemRoot\system32\DRIVERS\VX1000.sys
0x06BCC000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x06BDD000 \SystemRoot\system32\drivers\usbaudio.sys
0x06A00000 \SystemRoot\system32\drivers\luafv.sys
0x06A23000 \SystemRoot\system32\drivers\WudfPf.sys
0x06A44000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x06A61000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x06A7C000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x06A8A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x06AA3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x06AAC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x06AB9000 \SystemRoot\system32\DRIVERS\point64.sys
0x069D0000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x069DE000 \SystemRoot\System32\Drivers\crashdmp.sys
0x069EC000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06800000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x0680B000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x03FD9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x018BB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02A06000 \SystemRoot\system32\drivers\HTTP.sys
0x02ACE000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02AEC000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02B04000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02B31000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02B7F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02BA2000 \SystemRoot\sysWOW64\drivers\npf_devolo.sys
0x038C2000 \SystemRoot\system32\drivers\peauth.sys
0x03968000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03973000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x039A0000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03800000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06E0A000 \SystemRoot\System32\DRIVERS\srv.sys
0x06EA0000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x06EB5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x06F57000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06F62000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x771A0000 \Windows\System32\ntdll.dll
0x47D50000 \Windows\System32\smss.exe
0xFF4C0000 \Windows\System32\apisetschema.dll
0xFF1C0000 \Windows\System32\autochk.exe
0xFF2A0000 \Windows\System32\ole32.dll
0xFF1D0000 \Windows\System32\usp10.dll
0xFF130000 \Windows\System32\msvcrt.dll
0x77370000 \Windows\System32\normaliz.dll
0xFF050000 \Windows\System32\advapi32.dll
0xFEFB0000 \Windows\System32\clbcatq.dll
0xFEF40000 \Windows\System32\gdi32.dll
0xFEE60000 \Windows\System32\oleaut32.dll
0xFEE30000 \Windows\System32\imm32.dll
0x77360000 \Windows\System32\psapi.dll
0xFEC50000 \Windows\System32\setupapi.dll
0xFDEC0000 \Windows\System32\shell32.dll
0xFDE20000 \Windows\System32\comdlg32.dll
0xFDD10000 \Windows\System32\msctf.dll
0xFDCC0000 \Windows\System32\ws2_32.dll
0xFDCB0000 \Windows\System32\nsi.dll
0x770A0000 \Windows\System32\user32.dll
0xFDB80000 \Windows\System32\wininet.dll
0xFD920000 \Windows\System32\iertutil.dll
0xFD900000 \Windows\System32\imagehlp.dll
0xFD8B0000 \Windows\System32\Wldap32.dll
0xFD8A0000 \Windows\System32\lpk.dll
0xFD770000 \Windows\System32\rpcrt4.dll
0xFD6F0000 \Windows\System32\difxapi.dll
0xFD670000 \Windows\System32\shlwapi.dll
0xFD4F0000 \Windows\System32\urlmon.dll
0xFD4D0000 \Windows\System32\sechost.dll
0x76F80000 \Windows\System32\kernel32.dll
0xFD490000 \Windows\System32\wintrust.dll
0xFD450000 \Windows\System32\cfgmgr32.dll
0xFD2E0000 \Windows\System32\crypt32.dll
0xFD270000 \Windows\System32\KernelBase.dll
0xFD250000 \Windows\System32\devobj.dll
0xFD1B0000 \Windows\System32\comctl32.dll
0xFD1A0000 \Windows\System32\msasn1.dll
0x77350000 \Windows\SysWOW64\normaliz.dll
Processes (total 59):
0 System Idle Process
4 System
276 C:\Windows\System32\smss.exe
492 csrss.exe
616 C:\Windows\System32\wininit.exe
644 csrss.exe
668 C:\Windows\System32\services.exe
708 C:\Windows\System32\winlogon.exe
736 C:\Windows\System32\lsass.exe
748 C:\Windows\System32\lsm.exe
840 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
984 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
508 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\svchost.exe
568 C:\Windows\System32\svchost.exe
1236 C:\Windows\System32\svchost.exe
1448 C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
1476 C:\Windows\System32\svchost.exe
1604 C:\Windows\System32\spoolsv.exe
1632 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\svchost.exe
1784 C:\Windows\SysWOW64\cjpcsc.exe
1832 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
1880 C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
1940 C:\Windows\System32\svchost.exe
2024 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
1188 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
2440 C:\Windows\System32\taskhost.exe
2556 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2648 WUDFHost.exe
2696 C:\Windows\System32\dwm.exe
2732 C:\Windows\explorer.exe
2944 C:\Windows\vVX1000.exe
2956 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
3004 C:\Windows\WindowsMobile\wmdc.exe
2124 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2412 C:\Program Files\Microsoft IntelliType Pro\itype.exe
2492 C:\Windows\System32\igfxtray.exe
2596 C:\Windows\System32\hkcmd.exe
2552 C:\Windows\System32\igfxpers.exe
2740 C:\Program Files\Microsoft Security Client\msseces.exe
2476 C:\Program Files\Windows Sidebar\sidebar.exe
3384 C:\Windows\System32\svchost.exe
3468 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
3556 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
3648 C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
3780 C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
3788 C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe
3796 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3872 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2852 C:\Windows\System32\SearchIndexer.exe
3444 C:\Program Files\Windows Media Player\wmpnetwk.exe
4392 C:\Windows\System32\svchost.exe
4968 C:\Windows\System32\svchost.exe
2280 C:\Windows\System32\audiodg.exe
3264 C:\Windows\System32\dllhost.exe
4528 D:\Software\Rootkit\MBRCheck.exe
4268 C:\Windows\System32\conhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000030`d4200000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000055`73300000 (NTFS)
\\.\Z: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: WDCWD5001AALS-00L3B2, Rev: 01.03B01
PhysicalDrive5 Model Number: WDC WD2500BB-00GUA0, Rev: 08.0
Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: CAD9DA2E2D6AE2B7F3C3BDEBB92696EF526A5849
232 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: 5CA5C0220C2165E9C07EE8A033F53F0D2083832C
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Done!
|
|
02.02.2011, 20:58
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR wird laufend überschrieben (Win7-64)Zitat:
Hast du dafür eine Win7-DVD (64 Bit) zur Hand?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2011, 21:14
| #9 |
| | MBR wird laufend überschrieben (Win7-64) Wie gesagt verwende ich einen Bootmanager namens plop (hxxp://www.plop.at/de/bootmanager.html) und der schreibt seinen eigenen MBR. Wenn ich den Standard Win7 MBR installiere, dann funktioniert mein Bootmanager nicht mehr. Kann es sein dass Windows selbst den MBR zurücksetzt? Glaube ich aber eher nicht, denn sonst könnte niemand den Bootmanager verwenden. |
|
02.02.2011, 21:20
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR wird laufend überschrieben (Win7-64) Ups sry das hab ich vergessen, hab zuviele Stränge wohl auf  Dein customisierter MBR wird wohl der Grund dafür sein, dass MBRCHEck ihn nicht kennt...  Zitat:
Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2011, 22:05
| #11 | |
| | MBR wird laufend überschrieben (Win7-64) Ich habe den Bootmanager drauf weil ich auch Linux installiert habe. Der Bootmanager hat seit Jahren problemlos funktioniert. Aus der Bootmanager Hilfe: Zitat:
|
|
02.02.2011, 22:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | MBR wird laufend überschrieben (Win7-64) Plop sagt mir aber garnichts. Daheim nutze ich fast nur noch Ubuntu, da wird GRUB genutzt. Welche Distro hast du denn? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu MBR wird laufend überschrieben (Win7-64) |
| .dll, 32-bit, 7-zip, adblock, any video converter, bho, c:\windows\system32\rundll32.exe, cdburnerxp, converter, document, error, excel.exe, explorer, firefox, format, ftp, helper, home, ieframe.dll, install.exe, langs, location, log, logfile, manipulation, microsoft, microsoft office word, microsoft security, mozilla, mozilla thunderbird, mp3, oldtimer, otl.exe, plug-in, problem, programdata, programme, realtek, registry, richtlinie, rootkit, saver, schattenkopien, senden, shell32.dll, shortcut, software, staropen, start menu, suche, syswow64, usb, video converter, virtualbox, visual studio, webcheck, win7-64, windows |
Linear-Darstellung
