| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SDTray.exe Komponente nicht gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.02.2013, 09:44
| #1 |
 |  SDTray.exe Komponente nicht gefunden ...die Anwenundung konnte nicht gestartet werden, weil snlBase150.bpl nicht gefunden wurde. Neuinstallation der Anwendung könnte das Problem beheben. das kommt jedes Mal nach dem Starten. Halle liebe Gemeinde! durch googlen bin ich sofort auf eure Seite gestoßen und hoffe das ihr mir bei meinem Problem helfen könnt ohne das ich das System neu aufsetzen muss. hier der Malewarebytes Scan: Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.13.03 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Tanker :: TANKERBELL [Administrator] Schutz: Aktiviert 13.02.2013 07:53:19 mbam-log-2013-02-13 (07-53-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244513 Laufzeit: 36 Minute(n), 42 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\WINDOWS\system32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) danke im Vorraus  |
|
14.02.2013, 11:37
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | SDTray.exe Komponente nicht gefunden Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ |
|
14.02.2013, 18:51
| #3 |
| | SDTray.exe Komponente nicht gefunden OTL Text Code:
ATTFilter OTL logfile created on: 14.02.2013 18:38:24 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tanker\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,37 Mb Total Physical Memory | 324,12 Mb Available Physical Memory | 31,95% Memory free 2,38 Gb Paging File | 1,66 Gb Available in Paging File | 69,75% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,53 Gb Total Space | 17,12 Gb Free Space | 35,28% Space Free | Partition Type: NTFS Drive D: | 4,79 Gb Total Space | 1,37 Gb Free Space | 28,61% Space Free | Partition Type: NTFS Computer Name: TANKERBELL | User Name: Tanker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Tanker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll () ========== Services (SafeList) ========== SRV - (SDUpdateService) -- C:\Programme\Spybot File not found SRV - (SDScannerService) -- C:\Programme\Spybot File not found SRV - (SDHookService) -- C:\Programme\Spybot File not found SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (WLANKEEPER) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (SDHookDriver) -- C:\Programme\Spybot File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Appdrv) -- C:\Programme\Dell\NicConfigSvc\Appdrv.sys (Dell Inc) DRV - (avera800) -- C:\WINDOWS\system32\drivers\avera800.sys (AVerMedia Technologies, Inc.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: mail%40gutscheinrausch.de:2.6 FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87 FF - prefs.js..extensions.enabledItems: mail@gutscheinrausch.de:2.6 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.10 11:53:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.10 11:52:09 | 000,000,000 | ---D | M] [2010.10.31 10:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Extensions [2013.02.11 19:44:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions [2013.02.11 19:44:48 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.10.09 09:47:26 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions\mail@gutscheinrausch.de [2013.02.01 18:25:08 | 000,817,973 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.10 11:51:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.10 11:53:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2012.06.20 17:12:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 08:51:52 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.20 17:12:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.20 17:12:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 17:12:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 17:12:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.19 09:30:31 | 000,442,656 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15209 more lines... O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [SDTray] C:\Programme\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27742072-7327-47A8-B9EA-FA03A3973A09}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.19 13:09:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{96539b3c-73d4-11e0-8a3c-0015c51ccdb8}\Shell - "" = AutoRun O33 - MountPoints2\{96539b3c-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{96539b3c-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{96539b3f-73d4-11e0-8a3c-0015c51ccdb8}\Shell - "" = AutoRun O33 - MountPoints2\{96539b3f-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{96539b3f-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.14 18:28:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.02.13 21:35:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Desktop\Django.Unchained.2012.DVDSCR.German.AC3.5.1.Dubbed.NTSC.DVDR-MrProper [2013.02.13 07:52:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tanker\Desktop\OTL.exe [2013.02.13 07:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Malwarebytes [2013.02.13 07:50:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.13 07:50:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.13 07:50:45 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.13 07:50:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.11 20:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\mkvtoolnix [2013.02.11 20:30:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MKVToolNix [2013.02.11 20:30:06 | 000,000,000 | ---D | C] -- C:\Programme\MKVToolNix [2013.02.10 17:45:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Desktop\stick [2013.02.10 11:51:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.10 11:39:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2013.01.24 19:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Desktop\Adele - Live AT The Royal Albert Hall [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.14 18:25:51 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2013.02.14 18:24:55 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job [2013.02.14 18:24:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.14 03:55:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.13 21:34:51 | 000,240,640 | ---- | M] () -- C:\Dokumente und Einstellungen\Tanker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.13 07:51:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tanker\Desktop\OTL.exe [2013.02.13 07:50:49 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 20:30:27 | 000,001,489 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\mkvmerge GUI.lnk [2013.02.11 19:39:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.10 12:58:54 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.10 12:58:53 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.10 11:39:57 | 000,001,737 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.02.10 11:39:57 | 000,001,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.13 07:50:49 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.11 20:30:27 | 000,001,489 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\mkvmerge GUI.lnk [2013.02.10 11:39:57 | 000,001,737 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.02.10 11:39:33 | 000,001,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2012.02.16 00:55:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.16 11:37:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.10.09 09:47:25 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.04.29 09:10:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011.04.29 08:58:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll [2010.11.06 11:26:23 | 000,240,640 | ---- | C] () -- C:\Dokumente und Einstellungen\Tanker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.19 14:38:22 | 000,000,004 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QSLLPSVCShare ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.10.31 12:33:21 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 18:38:24 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tanker\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,37 Mb Total Physical Memory | 324,12 Mb Available Physical Memory | 31,95% Memory free
2,38 Gb Paging File | 1,66 Gb Available in Paging File | 69,75% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,53 Gb Total Space | 17,12 Gb Free Space | 35,28% Space Free | Partition Type: NTFS
Drive D: | 4,79 Gb Total Space | 1,37 Gb Free Space | 28,61% Space Free | Partition Type: NTFS
Computer Name: TANKERBELL | User Name: Tanker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Programme\Calibre2\calibre.exe" = C:\Programme\Calibre2\calibre.exe:*:Enabled:The main calibre program -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Energieverwaltung der internen Netzwerkkarte
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC97FBCD-448B-416C-A720-EBDEC9EF6340}" = AVerMedia DVB-T BDA Video Capture(A800)
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows-Treiberpaket - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows-Treiberpaket - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows-Treiberpaket - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"FLV Player" = FLV Player 2.0 (build 25)
"InstallShield_{AC97FBCD-448B-416C-A720-EBDEC9EF6340}" = AVerMedia DVB-T BDA Video Capture(A800)
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MKVToolNix" = MKVToolNix 6.0.0
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel(R) PROSet/Wireless Software
"PS3 Media Server" = PS3 Media Server
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.10.2011 07:43:47 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 24.10.2011 07:43:47 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 24.10.2011 07:43:47 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 24.10.2011 07:43:47 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2011 12:57:34 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 01.11.2011 12:57:34 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2011 12:57:35 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2011 12:57:35 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2011 12:57:35 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 01.11.2011 12:57:35 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
[ System Events ]
Error - 13.02.2013 03:33:05 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Updating Service.
Error - 13.02.2013 03:33:05 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.02.2013 04:34:11 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Scanner Service.
Error - 13.02.2013 04:34:11 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.02.2013 04:34:11 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Updating Service.
Error - 13.02.2013 04:34:11 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.02.2013 13:25:25 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Scanner Service.
Error - 14.02.2013 13:25:25 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.02.2013 13:25:25 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Spybot-S&D
2 Updating Service.
Error - 14.02.2013 13:25:25 | Computer Name = TANKERBELL | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Spybot-S&D 2 Updating Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
[ TuneUp Events ]
Error - 13.02.2013 04:35:28 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-13 09:35:28', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','304',0)
Error - 13.02.2013 04:49:25 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-13 09:49:25', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','3364',0)
Error - 13.02.2013 13:48:29 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-13 18:48:29', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbam.exe','3052',0)
Error - 14.02.2013 13:25:23 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:23', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamscheduler.exe','1424',0)
Error - 14.02.2013 13:25:23 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:23', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamservice.exe','1844',0)
Error - 14.02.2013 13:25:23 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:23', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2204',0)
Error - 14.02.2013 13:25:33 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:33', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2868',0)
Error - 14.02.2013 13:25:33 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:33', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','3144',0)
Error - 14.02.2013 13:25:38 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:38', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','3328',0)
Error - 14.02.2013 13:25:43 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-14 18:25:43', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','548',0)
< End of report >
|
|
15.02.2013, 10:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SDTray.exe Komponente nicht gefunden Mal ein genereller Hinweis zu Spybot, das Tool ist eigentlich unnötig weil rel. wirkungslos. Du kannst es deinstallieren, sdtray gehört ja zu Spybot. Und dann solltest du auch die Meldung los sein. Lass noch mal weiter reinschauen in deinen Rechner: Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.02.2013, 23:10
| #5 |
| | SDTray.exe Komponente nicht gefunden super! nachdem ich spybot deinstalliert habe, ist das Problem verschwunden Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-16 23:07:46
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST96812AS rev.8.03 54,49GB
Running: GMER_2.1.18952.exe; Driver: C:\DOKUME~1\Tanker\LOKALE~1\Temp\uflcruoc.sys
---- System - GMER 2.1 ----
SSDT F7BEBEBC ZwClose
SSDT F7BEBE76 ZwCreateKey
SSDT F7BEBEC6 ZwCreateSection
SSDT F7BEBE6C ZwCreateThread
SSDT F7BEBE7B ZwDeleteKey
SSDT F7BEBE85 ZwDeleteValueKey
SSDT F7BEBEB7 ZwDuplicateObject
SSDT F7BEBE8A ZwLoadKey
SSDT F7BEBE58 ZwOpenProcess
SSDT F7BEBE5D ZwOpenThread
SSDT F7BEBE94 ZwReplaceKey
SSDT F7BEBE8F ZwRestoreKey
SSDT F7BEBECB ZwSetContextThread
SSDT F7BEBE80 ZwSetValueKey
SSDT F7BEBE67 ZwTerminateProcess
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Fastfat \Fat A90B6D20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00164175a671
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00164175a671 (not active ControlSet)
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.16.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Tanker :: TANKERBELL [administrator]
16.02.2013 23:23:13
mbar-log-2013-02-16 (23-23-13).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 24617
Time elapsed: 10 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Geändert von Tanker (16.02.2013 um 23:37 Uhr) Grund: nachtrag |
|
18.02.2013, 13:36
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SDTray.exe Komponente nicht gefunden aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> SDTray.exe Komponente nicht gefunden |
|
19.02.2013, 11:09
| #7 |
| | SDTray.exe Komponente nicht gefundenCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-19 10:41:52
-----------------------------
10:41:52.921 OS Version: Windows 5.1.2600 Service Pack 3
10:41:52.921 Number of processors: 2 586 0xE08
10:41:52.921 ComputerName: TANKERBELL UserName: Tanker
10:41:53.484 Initialize success
10:45:03.531 AVAST engine defs: 13021800
10:46:52.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:46:52.968 Disk 0 Vendor: ST96812AS 8.03 Size: 55796MB BusType: 3
10:46:53.000 Disk 0 MBR read successfully
10:46:53.000 Disk 0 MBR scan
10:46:53.093 Disk 0 Windows XP default MBR code
10:46:53.109 Disk 0 Partition 1 00 DE Dell Utility MSWIN4.0 1200 MB offset 63
10:46:53.125 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 49693 MB offset 2457945
10:46:53.125 Disk 0 Partition - 00 0F Extended LBA 4902 MB offset 104229720
10:46:53.156 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 4902 MB offset 104229783
10:46:53.156 Disk 0 scanning sectors +114270345
10:46:53.812 Disk 0 scanning C:\WINDOWS\system32\drivers
10:47:05.140 Service scanning
10:47:22.718 Modules scanning
10:47:28.921 Disk 0 trace - called modules:
10:47:28.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
10:47:28.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8651dab8]
10:47:28.953 3 CLASSPNP.SYS[f761dfd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86573940]
10:47:30.156 AVAST engine scan C:\WINDOWS
10:47:36.593 AVAST engine scan C:\WINDOWS\system32
10:49:33.796 AVAST engine scan C:\WINDOWS\system32\drivers
10:49:49.812 AVAST engine scan C:\Dokumente und Einstellungen\Tanker
10:53:27.671 AVAST engine scan C:\Dokumente und Einstellungen\All Users
10:53:43.718 Scan finished successfully
11:05:28.484 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Tanker\Desktop\MBR.dat"
11:05:28.515 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Tanker\Desktop\aswMBR.txt"
Code:
ATTFilter 11:06:46.0109 2740 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:06:46.0265 2740 ============================================================
11:06:46.0265 2740 Current date / time: 2013/02/19 11:06:46.0265
11:06:46.0265 2740 SystemInfo:
11:06:46.0265 2740
11:06:46.0265 2740 OS Version: 5.1.2600 ServicePack: 3.0
11:06:46.0265 2740 Product type: Workstation
11:06:46.0265 2740 ComputerName: TANKERBELL
11:06:46.0265 2740 UserName: Tanker
11:06:46.0265 2740 Windows directory: C:\WINDOWS
11:06:46.0265 2740 System windows directory: C:\WINDOWS
11:06:46.0265 2740 Processor architecture: Intel x86
11:06:46.0265 2740 Number of processors: 2
11:06:46.0265 2740 Page size: 0x1000
11:06:46.0265 2740 Boot type: Normal boot
11:06:46.0265 2740 ============================================================
11:06:47.0062 2740 Drive \Device\Harddisk0\DR0 - Size: 0xD9F411200 (54.49 Gb), SectorSize: 0x200, Cylinders: 0x1BC9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:06:47.0078 2740 Drive \Device\Harddisk1\DR4 - Size: 0x1DEFFFE00 (7.48 Gb), SectorSize: 0x200, Cylinders: 0x3D1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:06:47.0078 2740 ============================================================
11:06:47.0078 2740 \Device\Harddisk0\DR0:
11:06:47.0078 2740 MBR partitions:
11:06:47.0078 2740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x258159, BlocksNum 0x610E9FF
11:06:47.0093 2740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x6366B97, BlocksNum 0x9934F2
11:06:47.0093 2740 \Device\Harddisk1\DR4:
11:06:47.0093 2740 MBR partitions:
11:06:47.0093 2740 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEF7FC0
11:06:47.0093 2740 ============================================================
11:06:47.0156 2740 C: <-> \Device\Harddisk0\DR0\Partition1
11:06:47.0203 2740 D: <-> \Device\Harddisk0\DR0\Partition2
11:06:47.0203 2740 ============================================================
11:06:47.0203 2740 Initialize success
11:06:47.0203 2740 ============================================================
11:06:51.0312 3532 ============================================================
11:06:51.0312 3532 Scan started
11:06:51.0312 3532 Mode: Manual;
11:06:51.0312 3532 ============================================================
11:06:52.0390 3532 ================ Scan system memory ========================
11:06:54.0546 3532 System memory - ok
11:06:54.0546 3532 ================ Scan services =============================
11:06:54.0703 3532 Abiosdsk - ok
11:06:54.0703 3532 abp480n5 - ok
11:06:54.0750 3532 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:06:54.0750 3532 ACPI - ok
11:06:54.0796 3532 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:06:54.0796 3532 ACPIEC - ok
11:06:54.0906 3532 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:06:54.0906 3532 AdobeFlashPlayerUpdateSvc - ok
11:06:54.0906 3532 adpu160m - ok
11:06:54.0968 3532 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:06:54.0968 3532 aec - ok
11:06:55.0015 3532 [ 12DAFD934641DCF61E446313BC261EC2 ] AegisP C:\WINDOWS\system32\DRIVERS\AegisP.sys
11:06:55.0015 3532 AegisP - ok
11:06:55.0062 3532 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:06:55.0062 3532 AFD - ok
11:06:55.0078 3532 Aha154x - ok
11:06:55.0078 3532 aic78u2 - ok
11:06:55.0078 3532 aic78xx - ok
11:06:55.0140 3532 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:06:55.0140 3532 Alerter - ok
11:06:55.0156 3532 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
11:06:55.0171 3532 ALG - ok
11:06:55.0171 3532 AliIde - ok
11:06:55.0171 3532 amsint - ok
11:06:55.0328 3532 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Programme\Avira\AntiVir Desktop\sched.exe
11:06:55.0328 3532 AntiVirSchedulerService - ok
11:06:55.0359 3532 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Programme\Avira\AntiVir Desktop\avguard.exe
11:06:55.0359 3532 AntiVirService - ok
11:06:55.0406 3532 [ EC94E05B76D033B74394E7B2175103CF ] Appdrv C:\Programme\Dell\NICCONFIGSVC\Appdrv.sys
11:06:55.0406 3532 Appdrv - ok
11:06:55.0421 3532 AppMgmt - ok
11:06:55.0437 3532 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
11:06:55.0437 3532 Arp1394 - ok
11:06:55.0437 3532 asc - ok
11:06:55.0453 3532 asc3350p - ok
11:06:55.0453 3532 asc3550 - ok
11:06:55.0609 3532 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
11:06:55.0671 3532 aspnet_state - ok
11:06:55.0718 3532 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:06:55.0718 3532 AsyncMac - ok
11:06:55.0750 3532 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:06:55.0750 3532 atapi - ok
11:06:55.0765 3532 Atdisk - ok
11:06:55.0796 3532 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:06:55.0796 3532 Atmarpc - ok
11:06:55.0828 3532 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:06:55.0828 3532 AudioSrv - ok
11:06:55.0875 3532 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:06:55.0875 3532 audstub - ok
11:06:55.0921 3532 [ F014B6116260E02E0A958E921966E748 ] avera800 C:\WINDOWS\system32\Drivers\avera800.sys
11:06:55.0921 3532 avera800 - ok
11:06:55.0953 3532 [ 0B497C79824F8E1BF22FA6AACD3DE3A0 ] avgio C:\Programme\Avira\AntiVir Desktop\avgio.sys
11:06:55.0953 3532 avgio - ok
11:06:55.0968 3532 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\WINDOWS\system32\DRIVERS\avgntflt.sys
11:06:55.0968 3532 avgntflt - ok
11:06:56.0015 3532 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\WINDOWS\system32\DRIVERS\avipbb.sys
11:06:56.0015 3532 avipbb - ok
11:06:56.0078 3532 [ CD4646067CC7DCBA1907FA0ACF7E3966 ] bcm4sbxp C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
11:06:56.0078 3532 bcm4sbxp - ok
11:06:56.0125 3532 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:06:56.0125 3532 Beep - ok
11:06:56.0187 3532 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
11:06:56.0203 3532 BITS - ok
11:06:56.0250 3532 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
11:06:56.0250 3532 Browser - ok
11:06:56.0281 3532 [ B279426E3C0C344893ED78A613A73BDE ] BthEnum C:\WINDOWS\system32\DRIVERS\BthEnum.sys
11:06:56.0281 3532 BthEnum - ok
11:06:56.0296 3532 [ 80602B8746D3738F5886CE3D67EF06B6 ] BthPan C:\WINDOWS\system32\DRIVERS\bthpan.sys
11:06:56.0296 3532 BthPan - ok
11:06:56.0359 3532 [ 592E1CEDBE314D0EF184DC6F46141E76 ] BTHPORT C:\WINDOWS\system32\Drivers\BTHport.sys
11:06:56.0375 3532 BTHPORT - ok
11:06:56.0437 3532 [ 26C601EF7525E31379744ABFC6F35A1B ] BthServ C:\WINDOWS\System32\bthserv.dll
11:06:56.0437 3532 BthServ - ok
11:06:56.0484 3532 [ F06D4CB9918B462A84D9AC00027EFC30 ] BTHUSB C:\WINDOWS\system32\Drivers\BTHUSB.sys
11:06:56.0484 3532 BTHUSB - ok
11:06:56.0515 3532 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:06:56.0515 3532 cbidf2k - ok
11:06:56.0531 3532 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
11:06:56.0531 3532 CCDECODE - ok
11:06:56.0546 3532 cd20xrnt - ok
11:06:56.0578 3532 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:06:56.0578 3532 Cdaudio - ok
11:06:56.0640 3532 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:06:56.0640 3532 Cdfs - ok
11:06:56.0656 3532 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:06:56.0656 3532 Cdrom - ok
11:06:56.0703 3532 [ 84853B3FD012251690570E9E7E43343F ] cercsr6 C:\WINDOWS\system32\drivers\cercsr6.sys
11:06:56.0703 3532 cercsr6 - ok
11:06:56.0703 3532 Changer - ok
11:06:56.0718 3532 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:06:56.0718 3532 CiSvc - ok
11:06:56.0750 3532 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:06:56.0750 3532 ClipSrv - ok
11:06:56.0796 3532 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:06:56.0937 3532 clr_optimization_v4.0.30319_32 - ok
11:06:56.0968 3532 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
11:06:56.0968 3532 CmBatt - ok
11:06:56.0968 3532 CmdIde - ok
11:06:57.0000 3532 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
11:06:57.0000 3532 Compbatt - ok
11:06:57.0000 3532 COMSysApp - ok
11:06:57.0000 3532 Cpqarray - ok
11:06:57.0062 3532 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:06:57.0062 3532 CryptSvc - ok
11:06:57.0109 3532 [ CCDF9186D7AD261B7FEBE733BA9A86AB ] CSRBC C:\WINDOWS\system32\Drivers\csrbcxp.sys
11:06:57.0109 3532 CSRBC - ok
11:06:57.0109 3532 dac2w2k - ok
11:06:57.0109 3532 dac960nt - ok
11:06:57.0171 3532 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:06:57.0171 3532 DcomLaunch - ok
11:06:57.0218 3532 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:06:57.0218 3532 Dhcp - ok
11:06:57.0234 3532 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:06:57.0234 3532 Disk - ok
11:06:57.0234 3532 dmadmin - ok
11:06:57.0296 3532 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:06:57.0359 3532 dmboot - ok
11:06:57.0390 3532 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:06:57.0390 3532 dmio - ok
11:06:57.0421 3532 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:06:57.0421 3532 dmload - ok
11:06:57.0437 3532 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:06:57.0453 3532 dmserver - ok
11:06:57.0484 3532 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:06:57.0484 3532 DMusic - ok
11:06:57.0531 3532 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:06:57.0531 3532 Dnscache - ok
11:06:57.0578 3532 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:06:57.0578 3532 Dot3svc - ok
11:06:57.0578 3532 dpti2o - ok
11:06:57.0609 3532 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:06:57.0609 3532 drmkaud - ok
11:06:57.0640 3532 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:06:57.0640 3532 EapHost - ok
11:06:57.0671 3532 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:06:57.0671 3532 ERSvc - ok
11:06:57.0718 3532 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
11:06:57.0718 3532 Eventlog - ok
11:06:57.0781 3532 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
11:06:57.0781 3532 EventSystem - ok
11:06:58.0015 3532 [ ED9C755312F29D55B8C815EEC7115635 ] EvtEng C:\Programme\Intel\Wireless\Bin\EvtEng.exe
11:06:58.0015 3532 EvtEng - ok
11:06:58.0015 3532 ewusbnet - ok
11:06:58.0078 3532 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:06:58.0078 3532 Fastfat - ok
11:06:58.0125 3532 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:06:58.0125 3532 FastUserSwitchingCompatibility - ok
11:06:58.0140 3532 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
11:06:58.0140 3532 Fdc - ok
11:06:58.0156 3532 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:06:58.0156 3532 Fips - ok
11:06:58.0171 3532 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
11:06:58.0171 3532 Flpydisk - ok
11:06:58.0218 3532 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
11:06:58.0218 3532 FltMgr - ok
11:06:58.0234 3532 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:06:58.0234 3532 Fs_Rec - ok
11:06:58.0265 3532 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:06:58.0265 3532 Ftdisk - ok
11:06:58.0296 3532 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:06:58.0296 3532 Gpc - ok
11:06:58.0312 3532 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
11:06:58.0312 3532 HDAudBus - ok
11:06:58.0406 3532 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:06:58.0406 3532 helpsvc - ok
11:06:58.0406 3532 HidServ - ok
11:06:58.0421 3532 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:06:58.0421 3532 hidusb - ok
11:06:58.0468 3532 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:06:58.0468 3532 hkmsvc - ok
11:06:58.0468 3532 hpn - ok
11:06:58.0546 3532 [ E8EC1767EA315A39A0DD8989952CA0E9 ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
11:06:58.0625 3532 HSF_DPV - ok
11:06:58.0671 3532 [ 61478FA42EE04562E7F11F4DCA87E9C8 ] HSXHWAZL C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
11:06:58.0671 3532 HSXHWAZL - ok
11:06:58.0734 3532 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:06:58.0750 3532 HTTP - ok
11:06:58.0796 3532 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:06:58.0796 3532 HTTPFilter - ok
11:06:58.0812 3532 hwdatacard - ok
11:06:58.0812 3532 i2omgmt - ok
11:06:58.0828 3532 i2omp - ok
11:06:58.0843 3532 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
11:06:58.0843 3532 i8042prt - ok
11:06:58.0953 3532 [ CC449157474D5E43DAEA7E20F52C635A ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:06:59.0046 3532 ialm - ok
11:06:59.0093 3532 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:06:59.0093 3532 Imapi - ok
11:06:59.0156 3532 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
11:06:59.0156 3532 ImapiService - ok
11:06:59.0156 3532 ini910u - ok
11:06:59.0171 3532 IntelIde - ok
11:06:59.0218 3532 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:06:59.0218 3532 intelppm - ok
11:06:59.0250 3532 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
11:06:59.0250 3532 Ip6Fw - ok
11:06:59.0296 3532 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:06:59.0296 3532 IpFilterDriver - ok
11:06:59.0312 3532 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:06:59.0312 3532 IpInIp - ok
11:06:59.0343 3532 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:06:59.0359 3532 IpNat - ok
11:06:59.0375 3532 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:06:59.0375 3532 IPSec - ok
11:06:59.0375 3532 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:06:59.0375 3532 IRENUM - ok
11:06:59.0437 3532 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:06:59.0437 3532 isapnp - ok
11:06:59.0578 3532 [ 9AE07549A0D691A103FAF8946554BDB7 ] JavaQuickStarterService C:\Programme\Java\jre6\bin\jqs.exe
11:06:59.0578 3532 JavaQuickStarterService - ok
11:06:59.0593 3532 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:06:59.0593 3532 Kbdclass - ok
11:06:59.0625 3532 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:06:59.0625 3532 kmixer - ok
11:06:59.0671 3532 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:06:59.0671 3532 KSecDD - ok
11:06:59.0703 3532 [ 2BBDCB79900990F0716DFCB714E72DE7 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
11:06:59.0718 3532 lanmanserver - ok
11:06:59.0765 3532 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:06:59.0765 3532 lanmanworkstation - ok
11:06:59.0765 3532 lbrtfdc - ok
11:06:59.0828 3532 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:06:59.0828 3532 LmHosts - ok
11:06:59.0859 3532 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\WINDOWS\system32\drivers\mbam.sys
11:06:59.0859 3532 MBAMProtector - ok
11:06:59.0906 3532 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:06:59.0906 3532 MBAMScheduler - ok
11:06:59.0953 3532 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
11:07:00.0000 3532 MBAMService - ok
11:07:00.0093 3532 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe
11:07:00.0093 3532 McComponentHostService - ok
11:07:00.0109 3532 [ E246A32C445056996074A397DA56E815 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
11:07:00.0109 3532 mdmxsdk - ok
11:07:00.0140 3532 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:07:00.0140 3532 Messenger - ok
11:07:00.0171 3532 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:07:00.0171 3532 mnmdd - ok
11:07:00.0203 3532 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:07:00.0218 3532 mnmsrvc - ok
11:07:00.0234 3532 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:07:00.0234 3532 Modem - ok
11:07:00.0250 3532 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:07:00.0250 3532 Mouclass - ok
11:07:00.0265 3532 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:07:00.0265 3532 mouhid - ok
11:07:00.0281 3532 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:07:00.0281 3532 MountMgr - ok
11:07:00.0359 3532 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
11:07:00.0359 3532 MozillaMaintenance - ok
11:07:00.0406 3532 [ C0F8E0C2C3C0437CF37C6781896DC3EC ] MPE C:\WINDOWS\system32\DRIVERS\MPE.sys
11:07:00.0406 3532 MPE - ok
11:07:00.0406 3532 mraid35x - ok
11:07:00.0437 3532 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:07:00.0437 3532 MRxDAV - ok
11:07:00.0468 3532 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:07:00.0484 3532 MRxSmb - ok
11:07:00.0515 3532 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:07:00.0515 3532 MSDTC - ok
11:07:00.0546 3532 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:07:00.0546 3532 Msfs - ok
11:07:00.0546 3532 MSIServer - ok
11:07:00.0593 3532 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:07:00.0593 3532 MSKSSRV - ok
11:07:00.0609 3532 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:07:00.0609 3532 MSPCLOCK - ok
11:07:00.0609 3532 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:07:00.0609 3532 MSPQM - ok
11:07:00.0656 3532 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:07:00.0656 3532 mssmbios - ok
11:07:00.0671 3532 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
11:07:00.0671 3532 MSTEE - ok
11:07:00.0687 3532 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:07:00.0687 3532 Mup - ok
11:07:00.0734 3532 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
11:07:00.0765 3532 NABTSFEC - ok
11:07:00.0859 3532 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
11:07:00.0875 3532 napagent - ok
11:07:00.0906 3532 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:07:00.0906 3532 NDIS - ok
11:07:00.0921 3532 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
11:07:00.0921 3532 NdisIP - ok
11:07:00.0968 3532 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:07:00.0968 3532 NdisTapi - ok
11:07:01.0015 3532 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:07:01.0015 3532 Ndisuio - ok
11:07:01.0015 3532 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:07:01.0015 3532 NdisWan - ok
11:07:01.0046 3532 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:07:01.0046 3532 NDProxy - ok
11:07:01.0046 3532 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:07:01.0046 3532 NetBIOS - ok
11:07:01.0093 3532 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:07:01.0093 3532 NetBT - ok
11:07:01.0109 3532 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
11:07:01.0109 3532 NetDDE - ok
11:07:01.0125 3532 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:07:01.0125 3532 NetDDEdsdm - ok
11:07:01.0171 3532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:07:01.0171 3532 Netlogon - ok
11:07:01.0187 3532 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
11:07:01.0203 3532 Netman - ok
11:07:01.0234 3532 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
11:07:01.0281 3532 NetTcpPortSharing - ok
11:07:01.0312 3532 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
11:07:01.0312 3532 NIC1394 - ok
11:07:01.0343 3532 [ 24D29A87A141B5CCDF34260D4890BE89 ] NICCONFIGSVC C:\Programme\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
11:07:01.0343 3532 NICCONFIGSVC - ok
11:07:01.0406 3532 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
11:07:01.0406 3532 Nla - ok
11:07:01.0515 3532 [ 7AEA4DF1CA68FD45DD4BBE1F0243CE7F ] NMSAccess C:\Programme\CDBurnerXP\NMSAccessU.exe
11:07:01.0515 3532 NMSAccess - ok
11:07:01.0531 3532 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:07:01.0531 3532 Npfs - ok
11:07:01.0593 3532 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:07:01.0625 3532 Ntfs - ok
11:07:01.0640 3532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:07:01.0640 3532 NtLmSsp - ok
11:07:01.0703 3532 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:07:01.0703 3532 NtmsSvc - ok
11:07:01.0734 3532 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:07:01.0734 3532 Null - ok
11:07:01.0781 3532 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:07:01.0781 3532 NwlnkFlt - ok
11:07:01.0781 3532 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:07:01.0781 3532 NwlnkFwd - ok
11:07:01.0796 3532 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
11:07:01.0796 3532 ohci1394 - ok
11:07:01.0828 3532 [ CEC7E2C6C1FA00C7AB2F5434F848AE51 ] OMCI C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
11:07:01.0828 3532 OMCI - ok
11:07:01.0921 3532 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
11:07:01.0921 3532 ose - ok
11:07:01.0968 3532 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
11:07:01.0968 3532 Parport - ok
11:07:01.0984 3532 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:07:01.0984 3532 PartMgr - ok
11:07:02.0031 3532 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:07:02.0031 3532 ParVdm - ok
11:07:02.0093 3532 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:07:02.0093 3532 PCI - ok
11:07:02.0093 3532 PCIDump - ok
11:07:02.0093 3532 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
11:07:02.0093 3532 PCIIde - ok
11:07:02.0125 3532 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:07:02.0125 3532 Pcmcia - ok
11:07:02.0140 3532 PDCOMP - ok
11:07:02.0140 3532 PDFRAME - ok
11:07:02.0140 3532 PDRELI - ok
11:07:02.0156 3532 PDRFRAME - ok
11:07:02.0156 3532 perc2 - ok
11:07:02.0156 3532 perc2hib - ok
11:07:02.0203 3532 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
11:07:02.0203 3532 PlugPlay - ok
11:07:02.0203 3532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:07:02.0203 3532 PolicyAgent - ok
11:07:02.0250 3532 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:07:02.0265 3532 PptpMiniport - ok
11:07:02.0265 3532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:07:02.0265 3532 ProtectedStorage - ok
11:07:02.0265 3532 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:07:02.0265 3532 PSched - ok
11:07:02.0281 3532 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:07:02.0281 3532 Ptilink - ok
11:07:02.0281 3532 ql1080 - ok
11:07:02.0281 3532 Ql10wnt - ok
11:07:02.0296 3532 ql12160 - ok
11:07:02.0296 3532 ql1240 - ok
11:07:02.0296 3532 ql1280 - ok
11:07:02.0343 3532 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:07:02.0359 3532 RasAcd - ok
11:07:02.0406 3532 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:07:02.0406 3532 RasAuto - ok
11:07:02.0421 3532 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:07:02.0421 3532 Rasl2tp - ok
11:07:02.0484 3532 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:07:02.0500 3532 RasMan - ok
11:07:02.0500 3532 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:07:02.0500 3532 RasPppoe - ok
11:07:02.0500 3532 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:07:02.0515 3532 Raspti - ok
11:07:02.0531 3532 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:07:02.0531 3532 Rdbss - ok
11:07:02.0546 3532 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:07:02.0546 3532 RDPCDD - ok
11:07:02.0593 3532 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:07:02.0609 3532 RDPWD - ok
11:07:02.0625 3532 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:07:02.0640 3532 RDSessMgr - ok
11:07:02.0671 3532 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:07:02.0671 3532 redbook - ok
11:07:02.0703 3532 [ 6F81C8A63FB824EB8A2401AB45795553 ] RegSrvc C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
11:07:02.0703 3532 RegSrvc - ok
11:07:02.0734 3532 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:07:02.0734 3532 RemoteAccess - ok
11:07:02.0781 3532 [ 851C30DF2807FCFA21E4C681A7D6440E ] RFCOMM C:\WINDOWS\system32\DRIVERS\rfcomm.sys
11:07:02.0781 3532 RFCOMM - ok
11:07:02.0828 3532 [ 24ED7AF20651F9FA1F249482E7C1F165 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
11:07:02.0828 3532 rimmptsk - ok
11:07:02.0828 3532 [ 1BDBA2D2D402415A78A4BA766DFE0F7B ] rimsptsk C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
11:07:02.0828 3532 rimsptsk - ok
11:07:02.0843 3532 [ F774ECD11A064F0DEBB2D4395418153C ] rismxdp C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
11:07:02.0843 3532 rismxdp - ok
11:07:02.0843 3532 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
11:07:02.0859 3532 RpcLocator - ok
11:07:02.0890 3532 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
11:07:02.0890 3532 RpcSs - ok
11:07:02.0937 3532 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:07:02.0937 3532 RSVP - ok
11:07:03.0000 3532 [ B792F2C647B1FC3E4987DE582EE00FE3 ] S24EventMonitor C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
11:07:03.0015 3532 S24EventMonitor - ok
11:07:03.0046 3532 [ 2E4E912CE95F5EF4D4A5079F6CE367FC ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
11:07:03.0046 3532 s24trans - ok
11:07:03.0046 3532 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
11:07:03.0046 3532 SamSs - ok
11:07:03.0093 3532 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:07:03.0093 3532 SCardSvr - ok
11:07:03.0140 3532 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:07:03.0140 3532 Schedule - ok
11:07:03.0187 3532 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
11:07:03.0187 3532 sdbus - ok
11:07:03.0234 3532 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:07:03.0234 3532 Secdrv - ok
11:07:03.0265 3532 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
11:07:03.0265 3532 seclogon - ok
11:07:03.0281 3532 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
11:07:03.0281 3532 SENS - ok
11:07:03.0296 3532 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
11:07:03.0296 3532 Serial - ok
11:07:03.0312 3532 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
11:07:03.0312 3532 Sfloppy - ok
11:07:03.0375 3532 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:07:03.0390 3532 SharedAccess - ok
11:07:03.0406 3532 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:07:03.0406 3532 ShellHWDetection - ok
11:07:03.0406 3532 Simbad - ok
11:07:03.0453 3532 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
11:07:03.0453 3532 SLIP - ok
11:07:03.0468 3532 Sparrow - ok
11:07:03.0500 3532 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:07:03.0500 3532 splitter - ok
11:07:03.0562 3532 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:07:03.0562 3532 Spooler - ok
11:07:03.0578 3532 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:07:03.0578 3532 sr - ok
11:07:03.0625 3532 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
11:07:03.0640 3532 srservice - ok
11:07:03.0703 3532 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:07:03.0703 3532 Srv - ok
11:07:03.0718 3532 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:07:03.0718 3532 SSDPSRV - ok
11:07:03.0765 3532 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
11:07:03.0765 3532 ssmdrv - ok
11:07:03.0812 3532 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys
11:07:03.0812 3532 StarOpen - ok
11:07:03.0890 3532 [ 2A2DC39623ADEF8AB3703AB9FAC4B440 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
11:07:03.0937 3532 STHDA - ok
11:07:03.0984 3532 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:07:04.0000 3532 stisvc - ok
11:07:04.0031 3532 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
11:07:04.0031 3532 streamip - ok
11:07:04.0078 3532 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:07:04.0078 3532 swenum - ok
11:07:04.0093 3532 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:07:04.0093 3532 swmidi - ok
11:07:04.0093 3532 SwPrv - ok
11:07:04.0109 3532 symc810 - ok
11:07:04.0109 3532 symc8xx - ok
11:07:04.0109 3532 sym_hi - ok
11:07:04.0125 3532 sym_u3 - ok
11:07:04.0171 3532 [ 35D5B3632E0BCEBE27B391157DE05996 ] SynTP C:\WINDOWS\system32\DRIVERS\SynTP.sys
11:07:04.0187 3532 SynTP - ok
11:07:04.0187 3532 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:07:04.0203 3532 sysaudio - ok
11:07:04.0218 3532 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:07:04.0218 3532 SysmonLog - ok
11:07:04.0265 3532 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:07:04.0265 3532 TapiSrv - ok
11:07:04.0328 3532 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:07:04.0343 3532 Tcpip - ok
11:07:04.0359 3532 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:07:04.0359 3532 TDPIPE - ok
11:07:04.0359 3532 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:07:04.0375 3532 TDTCP - ok
11:07:04.0390 3532 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:07:04.0390 3532 TermDD - ok
11:07:04.0421 3532 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
11:07:04.0421 3532 TermService - ok
11:07:04.0437 3532 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
11:07:04.0437 3532 Themes - ok
11:07:04.0453 3532 TosIde - ok
11:07:04.0468 3532 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:07:04.0468 3532 TrkWks - ok
11:07:04.0531 3532 [ 6A29CD69D1128BDF49A705BEFC614A5B ] TuneUp.Defrag C:\WINDOWS\System32\TuneUpDefragService.exe
11:07:04.0546 3532 TuneUp.Defrag - ok
11:07:04.0625 3532 [ 51EE2913ED525DE18FDA96DCCBC5386A ] TuneUp.ProgramStatisticsSvc C:\WINDOWS\System32\TUProgSt.exe
11:07:04.0640 3532 TuneUp.ProgramStatisticsSvc - ok
11:07:04.0656 3532 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:07:04.0656 3532 Udfs - ok
11:07:04.0671 3532 UIUSys - ok
11:07:04.0671 3532 ultra - ok
11:07:04.0734 3532 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:07:04.0734 3532 Update - ok
11:07:04.0796 3532 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:07:04.0796 3532 upnphost - ok
11:07:04.0812 3532 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
11:07:04.0828 3532 UPS - ok
11:07:04.0843 3532 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:07:04.0859 3532 usbccgp - ok
11:07:04.0890 3532 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:07:04.0890 3532 usbehci - ok
11:07:04.0906 3532 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:07:04.0906 3532 usbhub - ok
11:07:04.0953 3532 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:07:04.0953 3532 usbprint - ok
11:07:04.0984 3532 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:07:04.0984 3532 USBSTOR - ok
11:07:05.0015 3532 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:07:05.0015 3532 usbuhci - ok
11:07:05.0062 3532 [ 2E2E93041C8058BC7DE6F0D743C4A0C6 ] UxTuneUp C:\WINDOWS\System32\uxtuneup.dll
11:07:05.0062 3532 UxTuneUp - ok
11:07:05.0062 3532 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:07:05.0062 3532 VgaSave - ok
11:07:05.0078 3532 ViaIde - ok
11:07:05.0109 3532 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:07:05.0109 3532 VolSnap - ok
11:07:05.0156 3532 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
11:07:05.0156 3532 VSS - ok
11:07:05.0203 3532 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] W32Time C:\WINDOWS\system32\w32time.dll
11:07:05.0218 3532 W32Time - ok
11:07:05.0328 3532 [ B1F126E7E28877106D60E6FF3998D033 ] w39n51 C:\WINDOWS\system32\DRIVERS\w39n51.sys
11:07:05.0406 3532 w39n51 - ok
11:07:05.0421 3532 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:07:05.0421 3532 Wanarp - ok
11:07:05.0437 3532 WDICA - ok
11:07:05.0437 3532 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:07:05.0453 3532 wdmaud - ok
11:07:05.0484 3532 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:07:05.0484 3532 WebClient - ok
11:07:05.0546 3532 [ BA6B6FB242A6BA4068C8B763063BEB63 ] winachsf C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
11:07:05.0562 3532 winachsf - ok
11:07:05.0671 3532 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:07:05.0671 3532 winmgmt - ok
11:07:05.0781 3532 [ AFB5A2A79BB01699A269C316D8B9BEF1 ] WLANKEEPER C:\Programme\Intel\Wireless\Bin\WLKeeper.exe
11:07:05.0875 3532 WLANKEEPER - ok
11:07:05.0953 3532 [ 6E18978B749F0696A774DE3F2CB142DD ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
11:07:05.0968 3532 WmdmPmSN - ok
11:07:06.0000 3532 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:07:06.0015 3532 WmiApSrv - ok
11:07:06.0437 3532 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:07:06.0843 3532 WPFFontCache_v0400 - ok
11:07:06.0906 3532 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:07:06.0937 3532 wscsvc - ok
11:07:06.0953 3532 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
11:07:06.0953 3532 WSTCODEC - ok
11:07:06.0984 3532 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:07:07.0015 3532 wuauserv - ok
11:07:07.0218 3532 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:07:07.0593 3532 WZCSVC - ok
11:07:07.0656 3532 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:07:07.0656 3532 xmlprov - ok
11:07:07.0671 3532 ================ Scan global ===============================
11:07:07.0703 3532 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
11:07:07.0890 3532 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:07:08.0281 3532 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
11:07:08.0328 3532 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
11:07:08.0328 3532 [Global] - ok
11:07:08.0328 3532 ================ Scan MBR ==================================
11:07:08.0375 3532 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
11:07:08.0828 3532 \Device\Harddisk0\DR0 - ok
11:07:08.0843 3532 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR4
11:07:08.0843 3532 \Device\Harddisk1\DR4 - ok
11:07:08.0843 3532 ================ Scan VBR ==================================
11:07:08.0843 3532 [ F1CD9953CF0A07FA011E9A4E504C9D27 ] \Device\Harddisk0\DR0\Partition1
11:07:08.0843 3532 \Device\Harddisk0\DR0\Partition1 - ok
11:07:08.0890 3532 [ 4EE6CCF45AE056A5678046996B7318BA ] \Device\Harddisk0\DR0\Partition2
11:07:08.0890 3532 \Device\Harddisk0\DR0\Partition2 - ok
11:07:08.0890 3532 [ E261414A8601C238832A132BC82326D6 ] \Device\Harddisk1\DR4\Partition1
11:07:08.0890 3532 \Device\Harddisk1\DR4\Partition1 - ok
11:07:08.0890 3532 ============================================================
11:07:08.0890 3532 Scan finished
11:07:08.0890 3532 ============================================================
11:07:08.0906 1712 Detected object count: 0
11:07:08.0906 1712 Actual detected object count: 0
|
|
20.02.2013, 13:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SDTray.exe Komponente nicht gefunden Unauffällig  JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.02.2013, 21:09
| #9 |
| | SDTray.exe Komponente nicht gefunden sieht wohl so aus, als ob es keinerlei Probleme gibt  eine Frage hab ich allerdings. wieso habe ich die ganzen Scans nicht gleich am Anfang gemacht, hätte doch eine Menge Zeit gespart!? vielen Dank für die geopferte Zeit. Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Tanker on 20.02.2013 at 16:56:45,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\opencandy"
Successfully deleted: [Folder] "C:\Programme\icq6toolbar"
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\mozilla\firefox\profiles\k5yoyn47.default\user.js
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.02.2013 at 17:02:09,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.112 - Datei am 20/02/2013 um 17:02:38 erstellt
# Aktualisiert am 10/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Tanker - TANKERBELL
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Tanker\Desktop\adwcleaner0.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar
Ordner Gefunden : C:\Dokumente und Einstellungen\Tanker\Lokale Einstellungen\Anwendungsdaten\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.5512
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.icq.com/
[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1375 octets] - [20/02/2013 17:02:38]
########## EOF - C:\AdwCleaner[R1].txt - [1435 octets] ##########
Code:
ATTFilter OTL logfile created on: 20.02.2013 19:54:36 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tanker\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014,37 Mb Total Physical Memory | 653,99 Mb Available Physical Memory | 64,47% Memory free 2,38 Gb Paging File | 2,02 Gb Available in Paging File | 84,60% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,53 Gb Total Space | 33,03 Gb Free Space | 68,06% Space Free | Partition Type: NTFS Drive D: | 4,79 Gb Total Space | 1,37 Gb Free Space | 28,61% Space Free | Partition Type: NTFS Drive F: | 7,48 Gb Total Space | 3,04 Gb Free Space | 40,67% Space Free | Partition Type: NTFS Computer Name: TANKERBELL | User Name: Tanker | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Tanker\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Intel\Wireless\Bin\acAuth.dll () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (NMSAccess) -- C:\Programme\CDBurnerXP\NMSAccessU.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (WLANKEEPER) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (ewusbnet) -- system32\DRIVERS\ewusbnet.sys File not found DRV - (Changer) -- File not found DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation) DRV - (CSRBC) -- C:\WINDOWS\system32\drivers\csrbcxp.sys (CSR, plc) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (w39n51) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (Appdrv) -- C:\Programme\Dell\NicConfigSvc\Appdrv.sys (Dell Inc) DRV - (avera800) -- C:\WINDOWS\system32\drivers\avera800.sys (AVerMedia Technologies, Inc.) DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC) DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: mail%40gutscheinrausch.de:2.6 FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.90 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.87 FF - prefs.js..extensions.enabledItems: mail@gutscheinrausch.de:2.6 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2010.10.31 12:25:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.19 21:54:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.19 21:54:19 | 000,000,000 | ---D | M] [2010.10.31 10:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Extensions [2010.10.31 10:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2013.02.14 20:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions [2013.02.11 19:44:48 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2011.10.09 09:47:26 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions\mail@gutscheinrausch.de [2013.02.14 20:56:42 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Mozilla\Firefox\Profiles\k5yoyn47.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.19 21:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.02.19 21:54:42 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2013.02.19 21:54:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2003.07.14 22:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\NPOFFICE.DLL [2010.09.22 18:10:52 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\mozilla firefox\plugins\nppdf32.dll [2012.06.20 17:12:45 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.02 08:51:52 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.20 17:12:45 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.22 19:02:30 | 000,002,669 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml [2012.06.20 17:12:45 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.20 17:12:45 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.20 17:12:45 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.19 09:30:31 | 000,442,656 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 15209 more lines... O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKU\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27742072-7327-47A8-B9EA-FA03A3973A09}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.19 13:09:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{96539b3c-73d4-11e0-8a3c-0015c51ccdb8}\Shell - "" = AutoRun O33 - MountPoints2\{96539b3c-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{96539b3c-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{96539b3f-73d4-11e0-8a3c-0015c51ccdb8}\Shell - "" = AutoRun O33 - MountPoints2\{96539b3f-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{96539b3f-73d4-11e0-8a3c-0015c51ccdb8}\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 16:56:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.02.20 16:56:37 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.20 16:54:18 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Tanker\Desktop\JRT.exe [2013.02.19 21:54:14 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.18 17:12:21 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Tanker\Desktop\tdsskiller.exe [2013.02.18 17:10:21 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Tanker\Desktop\aswMBR.exe [2013.02.18 17:04:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\dvdcss [2013.02.15 20:10:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Desktop\mbar [2013.02.13 07:52:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tanker\Desktop\OTL.exe [2013.02.13 07:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\Malwarebytes [2013.02.13 07:50:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.13 07:50:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.13 07:50:45 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.13 07:50:45 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.11 20:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Anwendungsdaten\mkvtoolnix [2013.02.11 20:30:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MKVToolNix [2013.02.11 20:30:06 | 000,000,000 | ---D | C] -- C:\Programme\MKVToolNix [2013.02.10 17:45:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Desktop\stick [2013.02.10 11:39:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2013.01.24 19:55:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Tanker\Desktop\Adele - Live AT The Royal Albert Hall [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.20 19:55:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.20 19:00:00 | 000,000,494 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2013.02.20 16:55:34 | 000,587,671 | ---- | M] () -- C:\Dokumente und Einstellungen\Tanker\Desktop\adwcleaner0.exe [2013.02.20 16:54:22 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Tanker\Desktop\JRT.exe [2013.02.20 16:32:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.19 22:43:23 | 000,012,800 | ---- | M] () -- C:\Dokumente und Einstellungen\Tanker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.19 11:05:28 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Tanker\Desktop\MBR.dat [2013.02.18 17:12:27 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Tanker\Desktop\tdsskiller.exe [2013.02.18 17:12:06 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Tanker\Desktop\aswMBR.exe [2013.02.18 09:11:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.15 20:13:53 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Tanker\Desktop\GMER_2.1.18952.exe [2013.02.15 03:26:10 | 000,114,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.15 03:05:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.15 03:02:05 | 000,460,966 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.15 03:02:05 | 000,442,834 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.15 03:02:05 | 000,085,190 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.15 03:02:05 | 000,069,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.13 07:51:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Tanker\Desktop\OTL.exe [2013.02.13 07:50:49 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 12:58:54 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.10 12:58:53 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.10 11:39:57 | 000,001,731 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.01.26 04:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.20 16:55:34 | 000,587,671 | ---- | C] () -- C:\Dokumente und Einstellungen\Tanker\Desktop\adwcleaner0.exe [2013.02.19 11:05:28 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Tanker\Desktop\MBR.dat [2013.02.15 20:13:52 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Tanker\Desktop\GMER_2.1.18952.exe [2013.02.13 07:50:49 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 11:39:33 | 000,001,731 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2012.02.16 00:55:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.16 11:37:19 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini [2011.10.09 09:47:25 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.04.29 09:10:09 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2011.04.29 08:58:45 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\CardID.dll [2010.11.06 11:26:23 | 000,012,800 | ---- | C] () -- C:\Dokumente und Einstellungen\Tanker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.19 14:38:22 | 000,000,004 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QSLLPSVCShare ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.12.27 11:24:13 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.02.2013 19:54:36 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Tanker\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,37 Mb Total Physical Memory | 653,99 Mb Available Physical Memory | 64,47% Memory free
2,38 Gb Paging File | 2,02 Gb Available in Paging File | 84,60% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,53 Gb Total Space | 33,03 Gb Free Space | 68,06% Space Free | Partition Type: NTFS
Drive D: | 4,79 Gb Total Space | 1,37 Gb Free Space | 28,61% Space Free | Partition Type: NTFS
Drive F: | 7,48 Gb Total Space | 3,04 Gb Free Space | 40,67% Space Free | Partition Type: NTFS
Computer Name: TANKERBELL | User Name: Tanker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Spybot - Search & Destroy 2\SDTray.exe" = C:\Programme\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon
"C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service
"C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater
"C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service
"C:\Programme\Calibre2\calibre.exe" = C:\Programme\Calibre2\calibre.exe:*:Enabled:The main calibre program -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Energieverwaltung der internen Netzwerkkarte
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC52794-9EFB-4E79-A9BC-2CFFAB13DB0A}" = calibre
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC97FBCD-448B-416C-A720-EBDEC9EF6340}" = AVerMedia DVB-T BDA Video Capture(A800)
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"3635FC5A3FE7DACCEF2123BDBDA808BA811B977B" = Windows-Treiberpaket - Ricoh Company Memorystick Host Controller (07/09/2005 1.00.01.12)
"452416B030C25BAA383F3DA368FECD5D48FAE727" = Windows-Treiberpaket - Ricoh Company xD-Picture Card/SmartMedia Host Controller (07/14/2005 1.00.02.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"F631A62FA5E06534A0FE3637D75AAA5B1D3E4FB7" = Windows-Treiberpaket - Ricoh Company MMC Host Controller (07/14/2005 1.00.00.06)
"FLV Player" = FLV Player 2.0 (build 25)
"InstallShield_{AC97FBCD-448B-416C-A720-EBDEC9EF6340}" = AVerMedia DVB-T BDA Video Capture(A800)
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV 6.0
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MKVToolNix" = MKVToolNix 6.0.0
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel(R) PROSet/Wireless Software
"PS3 Media Server" = PS3 Media Server
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.4
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1993962763-1482476501-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 06.11.2011 11:32:19 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 06.11.2011 11:32:19 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 06.11.2011 11:32:20 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 07.11.2011 14:59:35 | Computer Name = TANKERBELL | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung cdbxpp.exe, Version 4.3.7.2423, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 26.11.2011 13:52:58 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 26.11.2011 13:52:59 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 04.12.2011 11:17:21 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 04.12.2011 11:17:21 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 04.12.2011 11:17:22 | Computer Name = TANKERBELL | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten
Vorgang nicht ausführen. .
Error - 04.12.2011 11:33:25 | Computer Name = TANKERBELL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tsmuxer.exe, Version 0.0.0.0, fehlgeschlagenes
Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00011689.
[ System Events ]
Error - 18.02.2013 12:04:51 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:04:53 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:04:56 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:04:58 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:05:00 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:05:02 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:05:04 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:05:05 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 18.02.2013 12:05:07 | Computer Name = TANKERBELL | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 19.02.2013 05:48:34 | Computer Name = TANKERBELL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
[ TuneUp Events ]
Error - 19.02.2013 05:40:39 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 10:40:39', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2760',0)
Error - 19.02.2013 05:40:39 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 10:40:39', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2956',0)
Error - 19.02.2013 05:40:44 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 10:40:44', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','3148',0)
Error - 19.02.2013 05:40:49 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-19 10:40:49', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','4024',0)
Error - 20.02.2013 11:32:58 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:32:58', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamscheduler.exe','1388',0)
Error - 20.02.2013 11:32:58 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:32:58', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamservice.exe','1624',0)
Error - 20.02.2013 11:32:58 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:32:58', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2056',0)
Error - 20.02.2013 11:33:28 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:33:28', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2604',0)
Error - 20.02.2013 11:33:28 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:33:28', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2824',0)
Error - 20.02.2013 11:33:28 | Computer Name = TANKERBELL | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2013-02-20 16:33:28', '\device\harddiskvolume2\programme\malwarebytes'
anti-malware\mbamgui.exe','2980',0)
< End of report >
|
|
21.02.2013, 00:15
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SDTray.exe Komponente nicht gefundenZitat:
 Soll heißen: wenn du in einer Wohnung alles putzen muss, musst du erstmal schauen ob Sperrmüll drin ist und wenn ja, den erstmal wegschaffen, danach kann man das Tafelsilber polieren  Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..extensions.enabledAddons: mail%40gutscheinrausch.de:2.6
FF - prefs.js..extensions.enabledItems: mail@gutscheinrausch.de:2.6
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 22:20
| #11 |
| | SDTray.exe Komponente nicht gefunden okay...gefixt! ich weiß zwar nicht was, da ja laut Scans keine Probleme erkennbar waren, aber ich sage dennoch vielen Dank für die investierte Zeit!  |
|
26.02.2013, 10:47
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SDTray.exe Komponente nicht gefunden Warum postest du das Fixlog nicht? Ohne das kann ich doch nicht sehen ob der Fix erfolgreich war!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 11:25
| #13 |
| | SDTray.exe Komponente nicht gefunden sorry vergessen ^^ Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: mail%40gutscheinrausch.de:2.6 removed from extensions.enabledAddons
Prefs.js: mail@gutscheinrausch.de:2.6 removed from extensions.enabledItems
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\Tanker\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\Tanker\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 4813466 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Tanker
->Temp folder emptied: 189101162 bytes
->Temporary Internet Files folder emptied: 362861653 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93411852 bytes
->Flash cache emptied: 15950 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2167231 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
RecycleBin emptied: 4236240000 bytes
Total Files Cleaned = 4.662,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 02252013_221320
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
26.02.2013, 11:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SDTray.exe Komponente nicht gefunden Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.02.2013, 20:27
| #15 |
| | SDTray.exe Komponente nicht gefundenCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.26.08 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Tanker :: TANKERBELL [Administrator] Schutz: Aktiviert 26.02.2013 17:38:57 mbam-log-2013-02-26 (17-38-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197113 Laufzeit: 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=22a7659b26bd354d80f49f6f1c3a4c58
# engine=13247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-26 07:19:44
# local_time=2013-02-26 08:19:44 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775165 100 93 83061 98439605 82778 0
# scanned=39458
# found=0
# cleaned=0
# scan_time=6918
|
|
| Themen zu SDTray.exe Komponente nicht gefunden |
| administrator, anti-malware, anwendung, aufsetzen, autostart, dateien, erfolgreich, explorer, gelöscht, gen, gestartet, google, minute, neu aufsetzen, problem, quarantäne, registrierung, scan, seite, service, service pack 3, speicher, system, system neu, system32, test, version |
Textbox. 
Linear-Darstellung
