| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Anti Malware Doctor lässt sich nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
01.06.2010, 17:31
| #1 |
| |  Anti Malware Doctor lässt sich nicht löschen Hallo! Ich habe mir den Anti Malware Doctor eingefangen. Ich bin dann entsprechend der Anleitung hier im board vorgegangen. Jedoch startet der Malware doctor immer beim Neustart wieder. Schon mal vielen Dank für die Mühe, die Ihr Euch macht! Ich hab Anti Malware zweimal laufen lassen, weil ich das erste mal vergessen habe, zu aktualisieren. Hier beide log-files: der erste: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4160 Windows 6.0.6000 Internet Explorer 7.0.6000.16945 01.06.2010 14:23:43 mbam-log-2010-06-01 (14-23-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 189062 Laufzeit: 1 Stunde(n), 32 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 5 Infizierte Registrierungswerte: 3 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 1 Infizierte Dateien: 20 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qfgkxbho (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Users\****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3O9XGF4P\fwelcx[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\E7F7.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\ie2BF1.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\ieF309.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\uaufqma.exe (Rootkit.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\weoarscnmx.exe (Rootkit.Dropper) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\~TM929.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\~TMD942.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\Temp\8FE4.tmp (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\monymi32.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Windows\Temp\wpv251274465150.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. C:\Windows\Temp\wpv981274465324.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully. C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\Users\****\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully. C:\Users\****\AppData\Local\fbiuyegxe\ejovooctssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Der letzte: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4161 Windows 6.0.6000 Internet Explorer 7.0.6000.16945 01.06.2010 18:00:29 mbam-log-2010-06-01 (18-00-29).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 186418 Laufzeit: 51 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Der log von OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.06.2010 18:23:25 - Run 2 OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\****\Desktop Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation Internet Explorer (Version = 7.0.6000.16945) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.015,00 Mb Total Physical Memory | 264,00 Mb Available Physical Memory | 26,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 111,79 Gb Total Space | 40,05 Gb Free Space | 35,83% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ****-PC Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd) SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.) SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) ========== Driver Services (SafeList) ========== DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corp.) DRV - (ctxusbm) -- C:\Windows\System32\drivers\ctxusbm.sys (Citrix Systems, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (ADIHdAudAddService) -- C:\Windows\System32\drivers\ADIHdAud.sys (Analog Devices, Inc.) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 ========== FireFox ========== FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.05 10:33:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.05 10:33:54 | 000,000,000 | ---D | M] [2009.09.22 16:58:44 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions [2010.05.31 20:54:40 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\spxz2t8j.default\extensions [2009.10.30 17:36:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\spxz2t8j.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.05.22 17:40:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2009.09.13 00:05:42 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll [2009.09.13 00:06:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll [2009.09.13 00:06:32 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll [2009.09.13 00:06:28 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll [2009.09.13 00:08:36 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll [2009.10.27 13:22:50 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll [2009.09.13 00:06:24 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll [2010.03.20 16:42:53 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.20 16:42:53 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.20 16:42:53 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.20 16:42:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.20 16:42:53 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [gotnewupdate000.exe] C:\Users\****\AppData\Roaming\DEEE5BCDCF5221D9C5AADA0CB6CC6EC9\gotnewupdate000.exe (MS) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.169.185.33 192.168.0.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img32.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img32.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.01 18:21:03 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2010.06.01 18:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro [2010.06.01 18:06:26 | 000,000,000 | ---D | C] -- C:\rsit [2010.06.01 17:07:11 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Antimalware_Doctor_Removal_Tool [2010.06.01 12:50:02 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Malwarebytes [2010.06.01 12:49:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.01 12:49:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.01 12:49:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.01 12:49:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.06.01 12:44:51 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\fbiuyegxe [2010.06.01 12:44:04 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\DEEE5BCDCF5221D9C5AADA0CB6CC6EC9 [2010.05.26 19:52:55 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\484a62190b5368777fe35b1538c1b735dd885c89 [2010.05.23 21:54:15 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\DCIM [2010.05.22 17:31:53 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\skypePM [2010.05.22 17:29:44 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Skype [2010.05.22 17:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010.05.22 12:03:16 | 000,000,000 | ---D | C] -- C:\Windows\pss [2010.05.19 14:54:36 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll [2010.05.19 14:54:36 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll [2010.05.19 14:54:26 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll [2010.05.19 14:54:26 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll [2010.05.19 14:53:42 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll [2010.05.19 14:31:40 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\mkvtoolnix [2010.05.19 14:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix [2010.05.18 14:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\PS3 Media Server [2010.05.12 18:19:38 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\AVIAddXSub [2010.05.12 15:56:15 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\Das kalte Herz [2010.05.12 15:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity [2010.05.12 15:00:39 | 000,000,000 | ---D | C] -- C:\audio [2010.05.07 20:49:35 | 000,000,000 | ---D | C] -- C:\Temp [2010.05.07 20:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5 [2010.05.07 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Winnydows [2010.05.06 11:22:46 | 000,000,000 | -HSD | C] -- C:\Users\****\AppData\Roaming\lowsec ========== Files - Modified Within 30 Days ========== [2010.06.01 18:23:12 | 001,835,008 | -HS- | M] () -- C:\Users\****\ntuser.dat [2010.06.01 18:21:11 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe [2010.06.01 18:05:49 | 000,824,681 | ---- | M] () -- C:\Users\****\Desktop\RSIT.exe [2010.06.01 18:02:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 18:02:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.01 18:02:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.01 18:02:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.01 18:02:12 | 1064,624,128 | -HS- | M] () -- C:\hiberfil.sys [2010.06.01 18:00:50 | 002,417,692 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010.06.01 17:07:06 | 000,495,891 | ---- | M] () -- C:\Users\****\Desktop\Antimalware_Doctor_Removal_Tool.zip [2010.06.01 16:17:24 | 000,010,752 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.01 15:59:11 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.06.01 15:59:10 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.06.01 15:59:10 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.06.01 15:59:10 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.06.01 15:59:09 | 001,461,736 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.06.01 15:30:42 | 000,001,630 | ---- | M] () -- C:\Users\****\Desktop\CCleaner.lnk [2010.06.01 12:49:56 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.01 12:48:07 | 000,363,520 | ---- | M] () -- C:\Users\****\Desktop\rkill.com [2010.06.01 12:47:56 | 000,000,008 | ---- | M] () -- C:\Users\****\AppData\Roaming\vlsfdq.dat [2010.05.31 18:40:55 | 000,001,954 | ---- | M] () -- C:\Users\****\Documents\Abr. Mai.rtf [2010.05.22 17:31:55 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010.05.19 14:30:35 | 000,001,673 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2010.05.18 14:04:23 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2010.05.12 15:08:27 | 000,000,752 | ---- | M] () -- C:\Users\****\Desktop\Audacity.lnk [2010.05.12 15:08:10 | 000,001,470 | ---- | M] () -- C:\Users\****\AppData\Local\RecConfig.xml [2010.05.12 14:55:54 | 000,130,691 | ---- | M] () -- C:\Users\****\Documents\Unbenannt.wma [2010.05.07 17:22:51 | 002,684,643 | ---- | M] () -- C:\Users\****\Desktop\Der_Gotteswahn_Auflage_2007.pdf ========== Files Created - No Company Name ========== [2010.06.01 18:05:40 | 000,824,681 | ---- | C] () -- C:\Users\****\Desktop\RSIT.exe [2010.06.01 17:06:45 | 000,495,891 | ---- | C] () -- C:\Users\****\Desktop\Antimalware_Doctor_Removal_Tool.zip [2010.06.01 12:49:56 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.01 12:48:05 | 000,363,520 | ---- | C] () -- C:\Users\****\Desktop\rkill.com [2010.06.01 12:47:56 | 000,000,008 | ---- | C] () -- C:\Users\****\AppData\Roaming\vlsfdq.dat [2010.05.31 18:40:55 | 000,001,954 | ---- | C] () -- C:\Users\****\Documents\Abr. Mai.rtf [2010.05.22 17:31:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.05.19 14:54:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.05.19 14:30:35 | 000,001,673 | ---- | C] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk [2010.05.18 14:04:23 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk [2010.05.12 15:08:27 | 000,000,752 | ---- | C] () -- C:\Users\****\Desktop\Audacity.lnk [2010.05.12 15:00:46 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE [2010.05.12 14:55:54 | 000,130,691 | ---- | C] () -- C:\Users\****\Documents\Unbenannt.wma [2010.05.12 14:46:19 | 000,001,470 | ---- | C] () -- C:\Users\****\AppData\Local\RecConfig.xml [2010.05.07 17:18:20 | 002,684,643 | ---- | C] () -- C:\Users\****\Desktop\Der_Gotteswahn_Auflage_2007.pdf [2009.10.05 18:33:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.09.22 13:00:15 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll [2009.09.22 13:00:15 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2009.09.22 13:00:15 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2009.09.22 13:00:14 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll [2009.09.22 12:58:05 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2008.11.15 20:02:26 | 001,866,670 | ---- | C] () -- C:\Windows\System32\libfftw3f-3.dll [2008.04.05 19:53:24 | 000,140,288 | ---- | C] () -- C:\Windows\System32\avsfilter.dll [2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll [2007.06.08 09:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.09.13 05:09:34 | 000,004,608 | ---- | C] () -- C:\Windows\System32\AvsRecursion.dll [2004.01.24 04:35:44 | 000,057,344 | ---- | C] () -- C:\Windows\System32\avisynth_c.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.06.2010 18:23:25 - Run 2
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Users\****\Desktop
Windows Vista Home Basic Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16945)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.015,00 Mb Total Physical Memory | 264,00 Mb Available Physical Memory | 26,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,79 Gb Total Space | 40,05 Gb Free Space | 35,83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ****-PC
Current User Name: ****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5B62ADBC-3BA8-405B-A7DA-79A264EA7C8E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{DA8082EB-1212-47ED-B231-1CFFC55CCA6B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{8729C349-F7B1-4137-8965-3BCADBB4BDA9}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{9EA47BD1-7F77-46C8-90DF-C24535E476FF}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{CC4D30C4-42B5-4968-887A-942C7B2934A9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{1AE0CBDE-DC7A-4C97-9733-3539EBFF9338}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2A0995D1-06D0-4893-933D-95B0FDF627A4}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{719BA245-8CDC-4247-8B56-DA09C920A8A8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}" = Citrix Online Plug-in (Web)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{41977E38-C671-4383-96F2-D2C83A815EB4}" = Vista Default Settings
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{55392E52-1AAD-44C4-BE49-258FFE72434F}" = Citrix Online Plug-in (USB)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{812424AC-A8B5-44E6-8D48-07E939D1AD9A}" = Citrix Online Plug-in (HDX)
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF53CF7C-D996-43EB-9904-DBED57C25625}" = Citrix Online Plug-in (DV)
"{D98B6344-98EC-4196-9D61-DB0E8420C7C8}" = ESU for Microsoft Vista
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.12
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"Clean!" = Clean! v1.0
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"foobar2000" = foobar2000 v0.9.6.9
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 3.4.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PROSet" = Intel(R) PRO Network Connections Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2010 12:33:02 | Computer Name = ****-PC | Source = Windows Backup | ID = 4104
Description =
Error - 08.04.2010 02:14:14 | Computer Name = ****-PC | Source = EventSystem | ID = 4609
Description =
Error - 11.04.2010 03:56:20 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6000.16386, Zeitstempel
0x4549b734, fehlerhaftes Modul hpf3r70v.dll, Version 0.3.9103.15, Zeitstempel 0x49e6ee75,
Ausnahmecode 0xc0000005, Fehleroffset 0x00081a4f, Prozess-ID 0x5e0, Anwendungsstartzeit
01cad94b9e9e6b85.
Error - 11.04.2010 09:38:04 | Computer Name = ****-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 704 Anfangszeit: 01cad94ba0e4c9a3 Zeitpunkt
der Beendigung: 125
Error - 02.05.2010 08:42:23 | Computer Name = ****-PC | Source = Windows Backup | ID = 4104
Description =
Error - 10.05.2010 11:27:45 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3026
Description =
Error - 12.05.2010 09:01:07 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Clean!.exe, Version 1.0.0.0, Zeitstempel 0x3652dd76,
fehlerhaftes Modul WNASPI32.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9,
Ausnahmecode 0xc0000135, Fehleroffset 0x00008fc7, Prozess-ID 0x508, Anwendungsstartzeit
01caf1d32d159662.
Error - 29.05.2010 18:57:22 | Computer Name = ****-PC | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\****\Pictures\Weihnachten
+ Sylvester\PC310119.JPG. [ACCESS_VIOLATION Exception!! EIP = 0x1c0c258] Bitte
Avira informieren und die obige Datei übersenden!
Error - 01.06.2010 06:44:31 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mshta.exe, Version 7.0.6000.16386, Zeitstempel
0x4549b0fb, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x681415b0, Prozess-ID 0x848, Anwendungsstartzeit
01cb0176456d7294.
Error - 01.06.2010 09:37:47 | Computer Name = ****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6000.16771, Zeitstempel
0x4907deda, fehlerhaftes Modul Explorer.EXE, Version 6.0.6000.16771, Zeitstempel
0x4907deda, Ausnahmecode 0xc0000005, Fehleroffset 0x00049f72, Prozess-ID 0x6bc,
Anwendungsstartzeit 01cb018f506d48ec.
[ System Events ]
Error - 30.05.2010 16:29:30 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 31.05.2010 12:10:10 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 31.05.2010 14:43:47 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.06.2010 04:38:05 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.06.2010 08:26:17 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.06.2010 08:26:30 | Computer Name = ****-PC | Source = Microsoft-Windows-Kernel-General | ID = 5
Description =
Error - 01.06.2010 08:28:28 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.06.2010 09:35:20 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.06.2010 10:50:49 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
Error - 01.06.2010 12:02:08 | Computer Name = ****-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
25, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.
< End of report >
Danke Jörg |
| Themen zu Anti Malware Doctor lässt sich nicht löschen |
| .dll, adobe, agere systems, anti malware doctor, autorun, avgntflt.sys, avira, avsuite, cdburnerxp, cleansweep.exe, components, corp./icp, defender, desktop, error, erste mal, excel.exe, explorer, firefox, firefox 3.6.3, firefox.exe, flash player, format, home, install.exe, launch, local\temp, location, log-files, logfile, löschen, malware, microsoft office word, mozilla, neustart, nvidia, nvstor.sys, oldtimer, otl.exe, plug-in, port, programdata, programm, registry, rogue.antimalwaredoctor, rootkit.dropper, rundll, saver, sched.exe, searchplugins, security, shell32.dll, software, staropen, start menu, studio, tracker, trojan.downloader, trojan.fraudpack.gen, vista, vlc media player, wireless lan |
Baum-Darstellung