![]() |
|
Plagegeister aller Art und deren Bekämpfung: Antimalware Doctor entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Antimalware Doctor entfernen Habe mir den Antimalware Doctor eingefangen. Nachdem ich hier etwas rumgelsen habe, habe ich schon folgendes gemacht: Malwarebytes' Anti-Malware laufen lassen, dateien damit löschen. Systemscan mit OTL OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 3/5/2011 12:36:30 PM - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = D:\mama Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,014.00 Mb Total Physical Memory | 217.00 Mb Available Physical Memory | 21.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 50.90 Gb Total Space | 14.28 Gb Free Space | 28.05% Space Free | Partition Type: NTFS Drive D: | 83.05 Gb Total Space | 41.59 Gb Free Space | 50.07% Space Free | Partition Type: NTFS Computer Name: CHANTI-PC | User Name: mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - D:\mama\OTL.exe (OldTimer Tools) PRC - C:\Program Files\IncrediMail\Bin\IncMail.exe (IncrediMail, Ltd.) PRC - C:\Program Files\IncrediMail\Bin\ImApp.exe (IncrediMail, Ltd.) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackGround.exe () PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (SafeList) ========== MOD - D:\mama\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () ========== Driver Services (SafeList) ========== DRV - (aswSnx) -- C:\windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (CryptOSD) -- C:\Windows\System32\drivers\CryptOSD.sys (Phoenix Technologies Ltd.) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://mystart.incredimail.com" FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6 FF - prefs.js..extensions.enabledItems: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}:2.7.2.0 FF - prefs.js..keyword.URL: "hxxp://mystart.incredimail.com/?loc=ff_address_bar&search=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/28 22:06:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/28 22:06:12 | 000,000,000 | ---D | M] [2010/08/22 19:35:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mama\AppData\Roaming\mozilla\Extensions [2011/03/04 21:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mama\AppData\Roaming\mozilla\Firefox\Profiles\vj8wy9od.default\extensions [2011/02/26 16:21:22 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Toolbar) -- C:\Users\mama\AppData\Roaming\mozilla\Firefox\Profiles\vj8wy9od.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2011/02/25 16:16:49 | 000,000,000 | ---D | M] (شريط أدوات Ùيس بوك) -- C:\Users\mama\AppData\Roaming\mozilla\Firefox\Profiles\vj8wy9od.default\extensions\firefox@facebook.com [2011/02/26 16:17:21 | 000,002,153 | ---- | M] () -- C:\Users\mama\AppData\Roaming\Mozilla\Firefox\Profiles\vj8wy9od.default\searchplugins\MyStart Search.xml [2010/03/27 19:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/11/13 22:35:37 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010/11/13 22:35:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010/11/13 22:35:37 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010/08/17 16:33:48 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml [2010/11/13 22:35:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010/11/13 22:35:37 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\prxtbInc0.dll (Conduit Ltd.) O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [Pregohunir] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c32017f-43ee-11e0-82a9-002454154cd8}\Shell - "" = AutoRun O33 - MountPoints2\{0c32017f-43ee-11e0-82a9-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{455239c7-4c88-11df-893b-002454154cd8}\Shell - "" = AutoRun O33 - MountPoints2\{455239c7-4c88-11df-893b-002454154cd8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{648b13da-6a45-11df-b81d-002454154cd8}\Shell - "" = AutoRun O33 - MountPoints2\{648b13da-6a45-11df-b81d-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7a54c69b-4311-11e0-82b1-002454154cd8}\Shell - "" = AutoRun O33 - MountPoints2\{7a54c69b-4311-11e0-82b1-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{7a54c6ae-4311-11e0-82b1-002454154cd8}\Shell - "" = AutoRun O33 - MountPoints2\{7a54c6ae-4311-11e0-82b1-002454154cd8}\Shell\AutoRun\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\Windows\System32\Adobe ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - ac3filter.acm () Drivers32: msacm.avis - ff_acm.acm () Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - ff_vfw.dll () Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32: vidc.XVID - xvidvfw.dll () Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2011/03/04 23:22:10 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\Malwarebytes [2011/03/04 23:21:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2011/03/04 23:21:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/04 23:21:45 | 000,371,544 | ---- | C] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2011/03/04 23:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/03/04 23:21:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2011/03/04 23:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011/03/04 22:55:46 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\63B3A43B305985D9502EF76268F0DE84 [2011/03/03 22:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2011/03/03 22:20:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2011/03/02 11:18:37 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\Alien Skin [2011/03/01 16:21:52 | 000,000,000 | ---D | C] -- C:\Program Files\Alien Skin [2011/03/01 11:41:49 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\Conduit [2011/03/01 08:29:42 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\Programs [2011/03/01 08:27:45 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Roaming\Vodafone [2011/03/01 08:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone [2011/03/01 08:25:00 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\{DA6A30CA-2668-4F5F-93A5-9BDA19E3CCC4} [2011/02/26 16:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Notifier and Animation Creator [2011/02/26 16:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2011/02/26 16:21:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Photo Notifier and Animation Creator [2011/02/26 16:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine [2011/02/26 16:21:24 | 000,000,000 | ---D | C] -- C:\Program Files\IncrediMail_MediaBar_2 [2011/02/24 22:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\Native [2011/02/24 22:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual [2011/02/24 21:50:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus [2011/02/24 21:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint [2011/02/24 13:27:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2011/02/23 22:23:24 | 000,000,000 | ---D | C] -- C:\Users\mama\AppData\Local\Adobe [2011/02/10 16:00:08 | 002,329,088 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2011/02/10 15:59:54 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2011/02/10 15:59:54 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2011/02/10 15:59:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll [2011/02/10 15:59:28 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2011/02/10 15:59:28 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2011/02/10 15:59:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll [2011/02/10 15:59:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll [2011/02/10 15:59:26 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2011/02/10 15:59:26 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2011/02/10 15:59:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll [2011/02/10 15:59:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe [2011/02/10 15:59:25 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb [2011/02/10 15:59:25 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\html.iec [2011/02/10 15:59:20 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2011/02/10 15:59:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2011/02/10 15:59:11 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2011/02/10 15:59:10 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/05 12:51:33 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/03/05 12:33:10 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/05 12:33:10 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/05 12:23:26 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/03/05 12:21:33 | 000,016,384 | ---- | M] () -- C:\windows\System32\Ikeext.etl [2011/03/05 12:20:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/03/05 12:20:50 | 797,728,768 | -HS- | M] () -- C:\hiberfil.sys [2011/03/05 01:11:23 | 000,000,952 | -HS- | M] () -- C:\windows\System32\KGyGaAvL.sys [2011/03/04 23:21:51 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/04 23:21:44 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt [2011/03/04 09:51:43 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2011/03/04 09:51:43 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2011/03/04 09:51:43 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2011/03/04 09:51:43 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2011/03/01 08:27:17 | 000,002,755 | ---- | M] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2011/02/26 16:19:29 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk [2011/02/26 16:19:28 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Beschleunigen Sie Ihren Computer!.lnk [2011/02/25 21:44:53 | 000,302,408 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2011/02/24 21:50:12 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf [2011/02/23 22:26:59 | 000,000,619 | ---- | M] () -- C:\Users\mama\Desktop\mama - Verknüpfung.lnk [2011/02/23 16:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2011/02/23 16:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\windows\System32\aswBoot.exe [2011/02/23 15:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSnx.sys [2011/02/23 15:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswSP.sys [2011/02/23 15:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswTdi.sys [2011/02/23 15:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswRdr.sys [2011/02/23 15:55:03 | 000,053,592 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswMonFlt.sys [2011/02/23 15:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\windows\System32\drivers\aswFsBlk.sys [2011/02/13 21:58:47 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/04 23:21:51 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/01 14:53:17 | 000,016,384 | ---- | C] () -- C:\windows\System32\Ikeext.etl [2011/03/01 08:27:17 | 000,002,755 | ---- | C] () -- C:\Users\Public\Desktop\Vodafone Mobile Connect.lnk [2011/02/26 16:19:28 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Beschleunigen Sie Ihren Computer!.lnk [2011/02/24 21:50:12 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_point32_01009.Wdf [2011/02/23 22:26:59 | 000,000,619 | ---- | C] () -- C:\Users\mama\Desktop\mama - Verknüpfung.lnk [2011/02/13 21:58:47 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf [2010/05/22 22:20:58 | 000,000,038 | ---- | C] () -- C:\windows\dmi.ini [2010/05/22 22:20:57 | 000,210,944 | ---- | C] () -- C:\windows\System32\MSVCRT10.DLL [2010/03/24 02:45:50 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/03/24 02:16:01 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/03/23 22:16:36 | 000,000,952 | -HS- | C] () -- C:\windows\System32\KGyGaAvL.sys [2010/03/23 22:13:33 | 000,456,008 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe [2010/03/23 20:56:41 | 000,000,500 | ---- | C] () -- C:\windows\System32\drivers\RSTable.dat [2010/03/23 20:56:40 | 000,000,652 | ---- | C] () -- C:\windows\System32\drivers\scdskr01.dat [2010/03/23 20:56:40 | 000,000,436 | ---- | C] () -- C:\windows\System32\drivers\scdhkr01.dat [2010/03/23 20:56:40 | 000,000,036 | ---- | C] () -- C:\windows\System32\drivers\scdstr01.dat [2010/02/21 04:48:22 | 000,085,504 | ---- | C] () -- C:\windows\System32\ff_vfw.dll [2009/08/28 02:15:52 | 000,643,866 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/08/28 02:15:52 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/08/28 02:15:52 | 000,126,394 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/08/28 02:15:52 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/08/27 09:39:44 | 000,311,296 | ---- | C] () -- C:\windows\System32\Rezip.exe [2009/08/27 09:38:29 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll [2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\windows\System32\unrar.dll [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,302,408 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,607,190 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,103,568 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 01:55:09 | 001,332,736 | ---- | C] () -- C:\windows\System32\hpotiop1.dll [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2009/05/29 15:52:26 | 000,204,800 | ---- | C] () -- C:\windows\System32\xvidvfw.dll [2009/05/29 15:47:06 | 000,881,664 | ---- | C] () -- C:\windows\System32\xvidcore.dll [2009/05/01 16:24:14 | 000,000,184 | ---- | C] () -- C:\windows\System32\drivers\osdauth.dat [2009/05/01 15:41:06 | 000,000,020 | ---- | C] () -- C:\windows\System32\drivers\OSDSig.dat [2008/03/07 15:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4 [2008/03/07 12:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml [2007/02/05 19:05:26 | 000,000,038 | ---- | C] () -- C:\windows\AviSplitter.INI [2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\windows\System32\PSIService.exe ========== LOP Check ========== [2011/03/04 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\63B3A43B305985D9502EF76268F0DE84 [2011/03/02 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Alien Skin [2011/03/01 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Vodafone [2011/01/17 15:58:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/03/04 22:55:54 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\63B3A43B305985D9502EF76268F0DE84 [2011/03/04 22:55:30 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Adobe [2011/03/02 11:18:37 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Alien Skin [2011/03/05 01:11:47 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Corel [2010/08/22 19:33:39 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Google [2010/08/22 16:26:42 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Identities [2010/08/22 19:29:07 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Macromedia [2011/03/04 23:22:10 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Malwarebytes [2011/03/01 08:32:45 | 000,000,000 | --SD | M] -- C:\Users\mama\AppData\Roaming\Microsoft [2010/08/22 19:35:18 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Mozilla [2011/03/01 08:27:45 | 000,000,000 | ---D | M] -- C:\Users\mama\AppData\Roaming\Vodafone < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\mama\AppData\Local\Temp\RarSFX0\procs\explorer.exe [2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\mama\AppData\Local\Temp\RarSFX1\procs\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\mama\AppData\Local\Temp\RarSFX0\h\explorer.exe [2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\mama\AppData\Local\Temp\RarSFX1\h\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTORV.SYS > [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll < MD5 for: USERINIT.EXE > [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX0\userinit.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX1\userinit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX0\winlogon.exe [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\mama\AppData\Local\Temp\RarSFX1\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009/07/14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:A42A9F39 @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:6B50A605 < End of report > Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 3/5/2011 12:36:30 PM - Run 1 OTL by OldTimer - Version 3.2.22.2 Folder = D:\mama Starter Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,014.00 Mb Total Physical Memory | 217.00 Mb Available Physical Memory | 21.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 50.90 Gb Total Space | 14.28 Gb Free Space | 28.05% Space Free | Partition Type: NTFS Drive D: | 83.05 Gb Total Space | 41.59 Gb Free Space | 50.07% Space Free | Partition Type: NTFS Computer Name: CHANTI-PC | User Name: mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack "{0DCF2BB4-A124-4596-89F7-5670294E091B}" = Microsoft Office Activation Assistant for Netbooks "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6CF47FD1-3CF8-4206-BA24-A2B1E43D8CCA}" = IncrediMail "{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115246907}" = Elf Bowling Hawaiian Vacation "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{91DE5A42-8D5E-42EB-BA32-A80682FA94D7}" = Samsung Support Center "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A7581D39-EA20-4883-A480-80C21047052B}" = Easy Network Manager "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support "{AA16A9E5-40E9-44F5-801E-6B3D3CFE79E5}" = BatteryLifeExtender "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CD232781-26CA-4E18-BC70-4343A2F0D583}" = Microsoft IntelliPoint 8.0 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI "{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software "{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "avast" = avast! Free Antivirus "conduitEngine" = Conduit Engine "Exposure 2" = Alien Skin Exposure 2 "Filters Unlimited_is1" = Filters Unlimited 2.0.3 "Google Chrome" = Google Chrome "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "IncrediMail" = IncrediMail 2.0 "IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Jigsaw World 1.00" = Jigsaw World 1.00 "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "PhotoScape" = PhotoScape "PLAY ONLINE" = PLAY ONLINE "Snap Art" = Alien Skin Snap Art "SynTPDeinstKey" = Synaptics Pointing Device Driver "WinLiveSuite_Wave3" = Windows Live Essentials ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/1/2011 3:55:12 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227 Description = Error - 3/1/2011 7:17:02 AM | Computer Name = chanti-PC | Source = Application Hang | ID = 1002 Description = Programm IncMail.exe, Version 6.2.6.4878 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1224 Startzeit: 01cbd7fb5896c38d Endzeit: 4072 Anwendungspfad: C:\Program Files\IncrediMail\Bin\IncMail.exe Berichts-ID: 5517dd62-43f5-11e0-82a9-002454154cd8 Error - 3/1/2011 9:48:26 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227 Description = Error - 3/1/2011 9:52:23 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227 Description = Error - 3/1/2011 9:52:51 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227 Description = Error - 3/1/2011 9:54:19 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227 Description = Error - 3/1/2011 9:58:08 AM | Computer Name = chanti-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ImApp.exe, Version: 6.2.6.4878, Zeitstempel: 0x4d45558f Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xfffa2848 ID des fehlerhaften Prozesses: 0x290 Startzeit der fehlerhaften Anwendung: 0x01cbd8181dbca63a Pfad der fehlerhaften Anwendung: C:\Program Files\IncrediMail\Bin\ImApp.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: efbb46da-440b-11e0-83d3-002454154cd8 Error - 3/1/2011 9:58:30 AM | Computer Name = chanti-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: ImApp.exe, Version: 6.2.6.4878, Zeitstempel: 0x4d45558f Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xe06d7363 Fehleroffset: 0x00009617 ID des fehlerhaften Prozesses: 0x290 Startzeit der fehlerhaften Anwendung: 0x01cbd8181dbca63a Pfad der fehlerhaften Anwendung: C:\Program Files\IncrediMail\Bin\ImApp.exe Pfad des fehlerhaften Moduls: C:\windows\system32\KERNELBASE.dll Berichtskennung: fcbca13a-440b-11e0-83d3-002454154cd8 Error - 3/2/2011 7:50:24 AM | Computer Name = chanti-PC | Source = RasClient | ID = 20227 Description = Error - 3/2/2011 4:22:36 PM | Computer Name = chanti-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 8.0.7600.16722 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 334 Startzeit: 01cbd9174a09a892 Endzeit: 140 Anwendungspfad: C:\Program Files\Internet Explorer\iexplore.exe Berichts-ID: c68a2730-450a-11e0-8a6a-002454154cd8 [ System Events ] Error - 12/25/2010 7:06:58 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 12/25/2010 7:24:06 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error - 12/25/2010 10:37:02 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/25/2010 3:50:43 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/26/2010 1:05:15 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/26/2010 2:12:11 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/27/2010 10:10:44 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ShellHWDetection erreicht. Error - 12/27/2010 5:14:29 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. Error - 12/28/2010 7:12:51 AM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: cdrom Error - 12/28/2010 12:27:18 PM | Computer Name = chanti-PC | Source = Service Control Manager | ID = 7011 Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Wlansvc erreicht. < End of report > ...was muss ich noch tun, um alles von Antimalware Doctor wegzubekommen?? |
Themen zu Antimalware Doctor entfernen |
4d36e972-e325-11ce-bfc1-08002be10318, alternate, antivirus, autorun, avast, avast!, bho, c:\windows\system32\rundll32.exe, conduit, defender, desktop, entfernen, error, excel, explorer, extras.txt, firefox, flash player, format, google chrome, iexplore.exe, install.exe, installation, location, logfile, microsoft office word, mozilla, msvcrt, nvstor.sys, office 2007, oldtimer, otl.exe, plug-in, programdata, programm, rarsfx0, realtek, registry, rundll, saver, searchplugins, security update, software, start menu, taskhost.exe, usb, vodafone, webcheck, windows, winlogon.exe, wlansvc, wrapper |