Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
MBR wird laufend überschrieben (Win7-64)

MBR wird laufend überschrieben (Win7-64)


Plagegeister aller Art und deren Bekämpfung: MBR wird laufend überschrieben (Win7-64)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.01.2011, 21:16   #1
noreturn
 
MBR wird laufend überschrieben (Win7-64) - Standard

MBR wird laufend überschrieben (Win7-64)


Hallo,

seit einigen Wochen habe ich das Problem, dass mein MBR laufend überschrieben wird.
Ich habe den Bootmanager Plop hxxp://www.plop.at/ installiert und nach der Manipulation des MBR startet der Bootmanager nicht mehr. Der MBR wird nicht komplett überschrieben, sonst würde der neue ja funktionieren. Wenn ich den Bootmanager wieder neu installiere, dann funktioniert alles wieder.
Daher glaube ich, dass sich irgendein Rootkit installieren will; es aber auf Grund des anderen Bootmanagers nicht schafft.

Bei der Suche nach dem Problem bin ich auf dieses Forum gestoßen und habe die beschriebenen Tools schon angewendet.

Anti-Malware hat folgendes gefunden:
Code:
ATTFilter
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} (PUP.Dealio) -> Quarantined and deleted successfully.
Diese beiden Einträge hat Anti-Malware gelöscht und seither nichts mehr gerunden. Der MBR wird aber weiterhin überschrieben...

Hier das aktuelle Anti-Malware log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5578

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24.01.2011 20:09:57
mbam-log-2011-01-24 (20-09-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170855
Laufzeit: 1 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile:

Code:
ATTFilter
OTL logfile created on: 24.01.2011 20:53:45 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = D:\Software\Rootkit
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 54,81 Gb Free Space | 56,18% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 80,54 Gb Free Space | 54,98% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 78,75 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
 
Computer Name: BAREBONE | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Software\Rootkit\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
PRC - C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
PRC - C:\Users\***\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\A-Trust GmbH\a.sign Client\acLauncher.exe (A-Trust GmbH)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\vVX1000.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Software\Rootkit\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (vpnagent) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (cjpcsc) -- C:\Windows\SysWOW64\cjpcsc.exe (REINER SCT)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (vpnva) -- C:\Windows\SysNative\drivers\vpnva64.sys (Cisco Systems, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (MEMSWEEP2) -- C:\Windows\SysNative\A94A.tmp (Sophos Plc)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (cjusb) -- C:\Windows\SysNative\drivers\cjusb.sys (REINER SCT)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (VX1000) -- C:\Windows\SysNative\drivers\VX1000.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\Windows\sysWOW64\drivers\npf_devolo.sys (CACE Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757%3Au7sdf2-9qzh&ie=ISO-8859-1&q=&sa=Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 47 64 62 E3 95 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: de-AT@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.95.20100933
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.12 20:14:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.15 10:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.12.12 20:12:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.08.10 20:11:25 | 000,000,000 | ---D | M]
 
[2010.01.09 21:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.09 21:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.09.03 07:49:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2009.10.28 20:16:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009.10.28 20:42:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2009.10.28 20:16:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\MediaCoder-Setup-Wizard
[2011.01.24 20:49:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions
[2010.09.25 08:53:19 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.03.30 19:24:47 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010.12.23 20:30:36 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.17 21:38:20 | 000,000,000 | ---D | M] (German Dictionary, extended for Austria) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2010.10.01 07:43:34 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\foxmarks@kei.com
[2010.11.25 19:52:29 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\ietab@ip.cn
[2010.11.30 21:02:01 | 000,000,000 | ---D | M] (OptimizeGoogle) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\optimizegoogle@optimizegoogle.com
[2010.07.30 19:55:54 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\uskowlm9.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.01.15 10:41:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.15 10:41:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.24 20:07:24 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\***\PROGRAM FILES (X86)\DNA
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.10 20:10:56 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MMReminderService] C:\Program Files (x86)\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [acSecurityLayer] C:\Program Files (x86)\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe (A-Trust GmbH)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\***\Program Files (x86)\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files (x86)\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.01.23 14:07:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.01.23 14:07:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.01.23 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Malwarebytes' Anti-Malware
[2011.01.23 14:07:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.23 14:07:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.01.23 14:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.01.19 21:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics
[2011.01.19 21:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Auslogics
[2011.01.19 21:15:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2011.01.15 20:38:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.01.15 10:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Google Earth
[2011.01.15 10:41:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.01.15 10:41:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.01.15 10:41:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.01.15 10:41:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.01.15 10:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.01.15 10:41:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.01.12 21:20:19 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.01.12 21:20:19 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.01.12 21:20:19 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.01.12 21:20:19 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.01.12 21:20:19 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.01.12 21:20:19 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.01.12 21:20:18 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.01.12 21:20:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.01.12 21:20:18 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.01.12 21:20:18 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.01.12 21:20:18 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.01.12 21:20:17 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.01.12 21:20:17 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.01.12 21:20:17 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.01.12 21:20:17 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.01.12 21:20:17 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.01.12 21:20:17 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.01.12 21:20:17 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.01.12 21:20:17 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.01.12 21:20:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.01.12 21:20:17 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.01.12 21:20:16 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.01.12 21:20:16 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.01.12 21:20:16 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.01.12 21:20:16 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.01.12 21:20:16 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.01.12 21:20:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.01.12 21:20:02 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.01.12 21:20:02 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.01.04 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\***\user
[2011.01.04 21:06:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Code Composer Studio
[2011.01.04 21:06:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macrovision
[2011.01.04 21:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2011.01.04 21:05:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\.TI
[2011.01.04 21:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Texas Instruments
[2011.01.04 21:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011.01.04 20:59:57 | 000,000,000 | ---D | C] -- C:\Users\***\workspace
[2011.01.04 20:57:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallJammer Registry
[2010.12.31 13:56:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnkhSVN 2
[2010.12.31 07:52:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2010.12.31 07:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\FileZilla FTP Client
[2010.12.31 07:52:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.12.30 21:30:57 | 000,114,176 | ---- | C] (Microsoft) -- C:\Users\***\Desktop\DiagnosticAuthorizationTool.exe
[2010.12.26 07:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HomePlugConfigWizard
[2010.12.26 07:50:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\HomePlug
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.01.24 20:42:00 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001UA.job
[2011.01.24 20:39:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.24 20:15:00 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 20:15:00 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.24 20:07:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.24 20:07:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.24 20:07:01 | 3168,616,448 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.23 20:08:33 | 001,620,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.01.23 20:08:33 | 000,699,034 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.01.23 20:08:33 | 000,654,352 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.01.23 20:08:33 | 000,149,230 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.01.23 20:08:33 | 000,122,184 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.01.23 14:07:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.21 09:42:00 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3517675290-343808843-2993044393-1001Core.job
[2011.01.19 21:15:31 | 000,001,214 | ---- | M] () -- C:\Users\***\Desktop\Auslogics Disk Defrag.lnk
[2011.01.19 21:12:19 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.01.19 21:03:44 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\FreeFileSync.lnk
[2011.01.18 20:29:48 | 000,591,202 | ---- | M] () -- C:\Users\***\Desktop\Designing Software Quality.pdf
[2011.01.16 11:56:19 | 000,000,036 | ---- | M] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId
[2011.01.15 11:12:26 | 000,005,952 | ---- | M] () -- C:\Users\***\Desktop\bergfextour_talkenschrein-neunkirchner-huette.kml
[2011.01.15 10:15:46 | 000,002,420 | ---- | M] () -- C:\Users\***\Desktop\Google Chrome.lnk
[2011.01.10 08:04:16 | 000,004,246 | ---- | M] () -- C:\Users\***\Desktop\Storno Funimation - Verknüpfung.lnk
[2011.01.06 22:32:19 | 000,109,056 | ---- | M] () -- C:\Users\***\Desktop\StateMachine.vsd
[2011.01.04 21:03:15 | 000,000,697 | ---- | M] () -- C:\Users\Public\Desktop\Code Composer Studio v5.lnk
[2011.01.04 20:45:37 | 000,000,010 | ---- | M] () -- C:\Users\***\AppData\Roaming\hhxprot5
[2011.01.04 20:45:27 | 000,002,044 | ---- | M] () -- C:\Users\***\Desktop\10sec-Haushaltsbuch.lnk
[2010.12.31 13:40:10 | 000,001,038 | ---- | M] () -- C:\Users\***\Desktop\Lola - Das Kuckucksei.MP4 - Verknüpfung.lnk
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.01.23 14:07:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.19 21:15:31 | 000,001,214 | ---- | C] () -- C:\Users\***\Desktop\Auslogics Disk Defrag.lnk
[2011.01.18 20:29:44 | 000,591,202 | ---- | C] () -- C:\Users\***\Desktop\Designing Software Quality.pdf
[2011.01.16 11:56:19 | 000,000,036 | ---- | C] () -- C:\Users\***\.org.eclipse.epp.usagedata.recording.userId
[2011.01.15 11:12:25 | 000,005,952 | ---- | C] () -- C:\Users\***\Desktop\bergfextour_talkenschrein-neunkirchner-huette.kml
[2011.01.10 08:04:16 | 000,004,246 | ---- | C] () -- C:\Users\***\Desktop\Storno Funimation - Verknüpfung.lnk
[2011.01.06 22:32:19 | 000,109,056 | ---- | C] () -- C:\Users\***\Desktop\StateMachine.vsd
[2011.01.04 21:03:15 | 000,000,697 | ---- | C] () -- C:\Users\Public\Desktop\Code Composer Studio v5.lnk
[2011.01.04 20:45:37 | 000,000,010 | ---- | C] () -- C:\Users\***\AppData\Roaming\hhxprot5
[2010.12.31 13:40:10 | 000,001,038 | ---- | C] () -- C:\Users\***\Desktop\Lola - Das Kuckucksei.MP4 - Verknüpfung.lnk
[2010.11.04 22:00:39 | 000,000,016 | ---- | C] () -- C:\ProgramData\.7486160831680234
[2010.10.24 12:18:35 | 000,037,412 | ---- | C] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2010.09.27 12:09:39 | 000,000,053 | ---- | C] () -- C:\Windows\fcad5lt.ini
[2010.09.27 11:28:30 | 000,000,015 | ---- | C] () -- C:\Windows\DME32.INI
[2010.08.18 19:11:36 | 000,007,652 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.07.20 21:13:58 | 000,001,572 | ---- | C] () -- C:\Users\***\AppData\Roaming\MyMicroBalanceConfig.ini
[2010.04.02 18:37:46 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.04.02 18:37:45 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.04.02 18:37:42 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.02.21 20:43:29 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.20 21:04:07 | 000,000,479 | ---- | C] () -- C:\ProgramData\qcadrc
[2010.01.29 21:10:49 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.22 20:22:16 | 001,641,894 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.01.15 20:47:28 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2009.12.15 01:42:44 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009.12.15 01:42:44 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009.12.12 12:06:10 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2009.10.31 21:13:26 | 000,000,546 | ---- | C] () -- C:\Users\***\AppData\Roaming\AutoGK.ini
[2009.09.18 19:11:33 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2009.09.18 19:11:33 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2009.09.15 20:09:45 | 000,000,010 | ---- | C] () -- C:\Users\***\AppData\Roaming\hhxprot4
[2009.09.01 19:53:04 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.29 20:00:00 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2009.08.29 19:31:23 | 003,297,280 | ---- | C] () -- C:\Users\***\AppData\Local\filesync.metadata
[2009.07.24 14:04:54 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.25 22:10:48 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.09 00:01:22 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
 
========== LOP Check ==========
 
[2011.01.10 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\10-Sekunden-Haushaltsbuch
[2010.06.21 20:28:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\A-Trust GmbH
[2010.01.21 20:49:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2011.01.19 21:15:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2010.01.15 20:43:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Broad Intelligence
[2010.01.29 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.09.27 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CASta-C
[2010.08.30 20:50:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DirektFotoSystem3
[2011.01.24 20:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DNA
[2010.04.25 09:06:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.12.31 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2009.10.02 15:06:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Flash Undelete Software
[2009.08.29 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit
[2010.08.10 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software
[2010.04.04 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeFileSync
[2010.10.18 20:49:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JetBrains
[2010.10.18 13:55:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JOSM
[2011.01.21 20:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KeePass
[2010.12.13 21:06:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KOSTAL Solar Electric GmbH
[2011.01.04 20:28:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia
[2010.10.23 12:55:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite
[2010.12.28 20:47:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++
[2010.03.27 21:00:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Participatory Culture Foundation
[2010.10.23 05:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite
[2010.04.02 18:04:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCF-VLC
[2010.12.11 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pieps
[2010.11.16 08:31:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Pieps_GMBH
[2010.06.21 20:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SignaturUmgebung
[2010.10.28 08:09:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2010.12.12 20:30:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.11.10 16:42:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Termite
[2010.01.09 21:38:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2009.09.03 07:49:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2010.05.27 19:27:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\tradesignal
[2011.01.17 20:20:33 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.01.2011 20:53:45 - Run 1
OTL by OldTimer - Version 3.2.20.5     Folder = D:\Software\Rootkit
64bit- Enterprise Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 54,81 Gb Free Space | 56,18% Space Free | Partition Type: NTFS
Drive D: | 146,48 Gb Total Space | 80,54 Gb Free Space | 54,98% Space Free | Partition Type: NTFS
Drive E: | 123,96 Gb Total Space | 78,75 Gb Free Space | 63,53% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.txt[@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.ini [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.txt [@ = Notepad++_file] -- C:\Program Files (x86)\Notepad++\notepad++.exe (Don HO don.h@free.fr)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU 
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3E061CBA-1DBB-45DD-8873-D100072ADCAD}" = Microsoft LifeCam
"{4A851AAB-F47D-4C1E-813C-A21A87E80589}" = Foxit PDF IFilter
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{639673E9-D53F-44F4-A046-485C8A6ADA16}" = Paint.NET v3.5.6
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{76B91A94-33F6-4E92-88DF-3325427F4F47}" = Oracle VM VirtualBox 4.0.0
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80A620C1-B22C-4781-A351-B14B8A37BFE3}" = Image Resizer Powertoy Clone for Windows (64 bit)
"{818AA386-29D5-4DFF-BBB5-3F16133F1409}" = TortoiseSVN 1.6.12.20536 (64 bit)
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU 
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0054-0407-1000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0057-0000-1000-0000000FF1CE}" = Microsoft Office Visio 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98C8DF59-BE5F-4EC2-9B12-FD2A54928EDB}" = Microsoft IntelliType Pro 8.0
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BD430C50-784F-32CD-87E7-A8C47EE6107F}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"287456DB90C1DA963CF09266912A2F7FFEF599C5" = Windows-Treiberpaket - Texas Instruments, Inc (umpusbvista) Ports  (10/20/2009 6.5.9017.0)
"B89452C8A2A1FCF2E1BCF0ECA27FB6019CFA00CF" = Windows-Treiberpaket - Texas Instruments (usbser) Ports  (12/11/2007 1.3)
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HardlinkShellExt" = Link Shell Extension
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Office14.VISIOR" = Microsoft Visio Premium 2010
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0474CEF2-37AE-441D-8FDE-A1EF7EAD01B9}" = Cisco AnyConnect VPN Client
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1A772F15-B3FE-381A-BD29-82A78096B720}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2BA62480-D267-436C-B62F-12A54EEE055D}" = Mindjet MindManager Pro 7
"{3175553C-88D5-453B-93CB-4012A827533A}" = Microsoft StyleCop 4.3.3.0
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5E81B080-4629-4EC3-AA90-538394122120}" = MSVC80_Runtime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6742BE3D-1A59-3BFD-BA20-2FDA866099B8}" = Microsoft Visual Studio 2010 Premium - ENU
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BCCC651-1638-4D86-B6AF-F8B7BB0C9141}" = Windows Installer XML Toolset 3.5
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7270D01E-6AFF-4E45-9A05-1152BCFE3FB2}" = AnkhSVN 2.1.10019.14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B82827EC-C335-4986-9C89-A2A6FA8344F0}" = Microsoft Pex 2010 (x86) 0.90.50303.0
"{B99459D2-B91A-417E-9DFA-F53D569F4445}_is1" = H.264 Encoder 1.5
"{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth
"{C7E08583-EE96-44EC-8FE4-32FFA69965CF}" = JetBrains ReSharper 5.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"10-Sekunden-Haushaltsbuch 4" = 10-Sekunden-Haushaltsbuch 4 4.07 
"10-Sekunden-Haushaltsbuch 5" = 10-Sekunden-Haushaltsbuch 5 5.08 
"4F9A85D9-5F0E-E538-D71C-621DF59F81FA" = Debug Server
"a.sign Bürgerkartensoftware" = a.sign Bürgerkartensoftware 1.3.0.7
"a.sign Client" = a.sign Client 1.2.7.5
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Any Video Converter_is1" = Any Video Converter 3.0.7
"asignPDFverify" = asignPDFverify 1.0.5.0
"BadCopy Pro" = BadCopy Pro
"Code Composer Studio v5.0.1" = Code Composer Studio v5.0.1
"CollabNet Automatic Update" = CollabNet Automatic Update 1.2
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.13
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"dlanconftiny" = HomePlug-Konfigurationsassistent
"FileZilla Client" = FileZilla Client 3.3.5.1
"Foxit Reader" = Foxit Reader
"Free Studio_is1" = Free Studio version 4.6
"Free Video Dub_is1" = Free Video Dub version 1.8
"FreeFileSync" = FreeFileSync v3.13
"FreePortScanner_is1" = FreePortScanner 2.8.2
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.13
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Visual Studio 2010 Premium - ENU" = Microsoft Visual Studio 2010 Premium - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Notepad++" = Notepad++
"PIKO Master Control V2.0_is1" = PIKO Master Control V2.0 v1.0.4.0
"TeamViewer 6" = TeamViewer 6
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZetaResourceEditor" = Zeta Resource Editor 2.1.0.76 (nur entfernen)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.12.2010 11:18:55 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
 The language of this upgrade package is different than the language used in your
 original Security Essentials installation. Error code:0x8004FF36.
 
Error - 19.12.2010 11:20:57 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
 The language of this upgrade package is different than the language used in your
 original Security Essentials installation. Error code:0x8004FF36.
 
Error - 19.12.2010 11:21:05 | Computer Name = *** | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x8004FF36 Description:Cannot upgrade Microsoft Security Essentials..
 The language of this upgrade package is different than the language used in your
 original Security Essentials installation. Error code:0x8004FF36.
 
Error - 19.12.2010 15:04:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x2f8  Startzeit der fehlerhaften Anwendung: 0x01cb9fad1236740d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 c6c7f441-0ba2-11e0-949b-002354381eed
 
Error - 20.12.2010 16:04:55 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x104c  Startzeit der fehlerhaften Anwendung: 0x01cba080db8f411f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 693baeae-0c74-11e0-8db0-002354381eed
 
Error - 22.12.2010 09:30:36 | Computer Name = *** | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\direktfotosystem3\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\direktfotosystem3\DelZip179.dll" in Zeile 8.  Der Wert "*"
 des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.12.2010 11:33:11 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x9d8  Startzeit der fehlerhaften Anwendung: 0x01cba2b574fa2b98  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 f2f424ce-0ea9-11e0-ae6b-002354381eed
 
Error - 26.12.2010 04:06:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0x33c  Startzeit der fehlerhaften Anwendung: 0x01cba4cae3d8aec8  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 0ffa8281-10c7-11e0-9470-002354381eed
 
Error - 26.12.2010 15:34:52 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xcc  Startzeit der fehlerhaften Anwendung: 0x01cba52f904c71b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 3573d3de-1127-11e0-bd94-002354381eed
 
Error - 27.12.2010 15:07:38 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
 Zeitstempel: 0x4cf9293f  Name des fehlerhaften Moduls: FOXITR~1.OCX, Version: 1.0.1.224,
 Zeitstempel: 0x4b849404  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00002dce  ID des fehlerhaften
 Prozesses: 0xc18  Startzeit der fehlerhaften Anwendung: 0x01cba5f786eeb484  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: C:\PROGRA~2\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX  Berichtskennung:
 91ec6165-11ec-11e0-8d1e-002354381eed
 
[ Cisco AnyConnect VPN Client Events ]
Error - 22.01.2011 10:53:54 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 22.01.2011 10:53:54 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 08:32:06 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 08:32:06 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 09:23:09 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 09:23:09 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 14:48:26 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 23.01.2011 14:48:26 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 24.01.2011 15:07:13 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
Error - 24.01.2011 15:07:13 | Computer Name = *** | Source = vpnagent | ID = 67108866
Description = Function: CChangeRouteHelper::ClearRouteTable File: .\ChangeRouteHelper.cpp
Line:
 538 Invoked Function: DeleteRoute Return Code: -33095666 (0xFE07000E) Description:
 ROUTETABLE_ERROR_DELETEIPFORWARDENTRY_FAILED the interface appears to be available
 
[ System Events ]
Error - 18.01.2011 13:42:03 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 18.01.2011 15:06:51 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.01.2011 09:18:41 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.01.2011 15:11:35 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 19.01.2011 17:26:21 | Computer Name = *** | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 21.01.2011 04:31:22 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 22.01.2011 11:34:55 | Computer Name = *** | Source = SCardSvr | ID = 610
Description = 
 
Error - 23.01.2011 08:32:24 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 23.01.2011 14:48:32 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 24.01.2011 15:07:30 | Computer Name = *** | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 
0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
< End of report >
--- --- ---

Ich weiß leider nicht mehr wie ich dieses Problem in den Griff kriegen kann. Vielleicht kann mir jemand aus dem Board einen Tipp geben.

Vielen Dank,
Geändert von noreturn (24.01.2011 um 21:27 Uhr)

 

Themen zu MBR wird laufend überschrieben (Win7-64)
.dll, 32-bit, 7-zip, adblock, any video converter, bho, c:\windows\system32\rundll32.exe, cdburnerxp, converter, document, error, excel.exe, explorer, firefox, format, ftp, helper, home, ieframe.dll, install.exe, langs, location, log, logfile, manipulation, microsoft, microsoft office word, microsoft security, mozilla, mozilla thunderbird, mp3, oldtimer, otl.exe, plug-in, problem, programdata, programme, realtek, registry, richtlinie, rootkit, saver, schattenkopien, senden, shell32.dll, shortcut, software, staropen, start menu, suche, syswow64, usb, video converter, virtualbox, visual studio, webcheck, win7-64, windows


« Trojaner TR/ATRAPS.Gen | DR/Tropper.Gen »


Ähnliche Themen: MBR wird laufend überschrieben (Win7-64)


  1. Firefox Startseite wird geändert und Avira Echtzeitscan findet laufend etwas
    Log-Analyse und Auswertung - 31.05.2015 (11)
  2. Windows 7 - Passwort wird selbsttätig überschrieben
    Plagegeister aller Art und deren Bekämpfung - 21.11.2014 (14)
  3. Win7 wird immer langsamer und Norton wird ab und an doppelt autogestartet
    Log-Analyse und Auswertung - 17.10.2014 (9)
  4. Desktop wird laufend kurz schwarz
    Plagegeister aller Art und deren Bekämpfung - 21.06.2014 (3)
  5. Win7: Computer wird remote gesteuert
    Log-Analyse und Auswertung - 30.03.2014 (13)
  6. Startseiten werden überschrieben
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (11)
  7. Sophos On-Access-Scan wird deaktiviert; Win7 Sicherheitscenter wird deaktiviert; PC startet neu
    Log-Analyse und Auswertung - 07.08.2013 (25)
  8. Laufwerk wird nicht erkannt ( WIN7)
    Netzwerk und Hardware - 24.06.2012 (11)
  9. Hostsdatei wird bei jedem Neustart des Rechners wieder überschrieben
    Mülltonne - 27.12.2010 (1)
  10. Sound stürzt laufend ab [Win7 32-bit]
    Plagegeister aller Art und deren Bekämpfung - 10.07.2010 (5)
  11. Mp3 werden überschrieben
    Log-Analyse und Auswertung - 30.08.2009 (6)
  12. TR.Redol.C - hjgruirgixgvc.ddl wird laufend von antivir erkannt
    Plagegeister aller Art und deren Bekämpfung - 22.07.2009 (14)
  13. Dekstop Symbole überschrieben! Warum?
    Log-Analyse und Auswertung - 28.09.2008 (23)
  14. Keinen Zugriff auf Taskmanager / Firewall wird laufend deaktiviert
    Log-Analyse und Auswertung - 16.07.2008 (9)
  15. MBR von Grub überschrieben
    Alles rund um Mac OSX & Linux - 18.04.2008 (7)
  16. msvcr71.dll sollte überschrieben werden
    Log-Analyse und Auswertung - 25.02.2007 (1)
  17. Auslagerungsdatei wird bei Start von XP überschrieben
    Alles rund um Windows - 05.02.2007 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MBR wird laufend überschrieben (Win7-64) - Hallo, seit einigen Wochen habe ich das Problem, dass mein MBR laufend überschrieben wird. Ich habe den Bootmanager Plop hxxp://www.plop.at/ installiert und nach der Manipulation des MBR startet der Bootmanager - MBR wird laufend überschrieben (Win7-64)...
Archiv
Du betrachtest: MBR wird laufend überschrieben (Win7-64) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131