elefandino | 05.05.2012 10:42 | Hallo,
leider hat es ziemlich gedauert, aber hier sind die Logs:
1. OTL Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
File C:\Programme\mozilla firefox\searchplugins\bing.xml not found.
File C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File G:\autorun.inf not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{833f6520-48ea-11dd-a2d1-806d6172696f}\ not found.
File E:\setup.exe not found.
========== FILES ========== < ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Auflösungscache wurde geleert.
C:\Dokumente und Einstellungen\**** ****\Desktop\cmd.bat deleted successfully.
C:\Dokumente und Einstellungen\**** ****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: **** ****
->Temp folder emptied: 755597 bytes
->Temporary Internet Files folder emptied: 328299 bytes
->FireFox cache emptied: 56782019 bytes
->Flash cache emptied: 611 bytes
User: user
->Temp folder emptied: 1143299 bytes
->Temporary Internet Files folder emptied: 2490598 bytes
->FireFox cache emptied: 210506877 bytes
->Flash cache emptied: 2523 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101217 bytes
RecycleBin emptied: 746883 bytes
Total Files Cleaned = 260,00 mb
OTL by OldTimer - Version 3.2.42.2 log created on 05052012_082026
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\PNG1hVefc.png scheduled to be moved on reboot.
Registry entries deleted on Reboot... 2. OTL.txt Code:
OTL logfile created on: 05.05.2012 09:06:57 - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,88 Mb Total Physical Memory | 370,57 Mb Available Physical Memory | 36,55% Memory free
2,39 Gb Paging File | 1,67 Gb Available in Paging File | 69,80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,91 Gb Total Space | 30,25 Gb Free Space | 29,11% Space Free | Partition Type: NTFS
Drive D: | 30,38 Gb Total Space | 29,43 Gb Free Space | 96,87% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1633,07 Gb Free Space | 87,66% Space Free | Partition Type: NTFS
Computer Name: ****-NETBOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.05.05 08:16:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
PRC - [2012.05.05 08:08:45 | 003,905,920 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2012.03.15 18:43:34 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.30 10:30:10 | 000,060,688 | ---- | M] (ZTE) -- C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe
PRC - [2011.08.30 10:30:08 | 000,220,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe
PRC - [2011.08.30 10:30:06 | 000,036,624 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe
PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe
PRC - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.07.26 13:20:08 | 000,018,272 | ---- | M] (SFR) -- C:\Programme\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe
PRC - [2009.08.11 20:45:40 | 000,323,584 | ---- | M] () -- C:\Programme\Lenovo\VeriFaceIII\PManage.exe
PRC - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) -- C:\QSTART.SYS\config\DVMExportService.exe
PRC - [2009.01.16 17:56:42 | 001,456,768 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2009.01.16 17:56:42 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2009.01.16 17:56:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2009.01.04 12:57:28 | 004,462,464 | ---- | M] (Lenovo(Beijing)Limited) -- C:\Program Files\Lenovo\Energy Management\utility.exe
PRC - [2008.12.26 10:05:46 | 001,277,952 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Program Files\Lenovo\Energy Management\Energy Management.exe
PRC - [2008.09.27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.14 14:00:00 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe
PRC - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.05 09:03:39 | 000,065,024 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2012.05.05 09:03:39 | 000,052,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2012.04.12 20:11:11 | 000,117,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2012.04.12 20:11:11 | 000,052,224 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2012.04.12 17:32:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\56e433394df8d44e43690a855e403555\System.ServiceProcess.ni.dll
MOD - [2012.04.12 17:32:14 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\db1d2470de43ffcb6f562277208d56e5\System.Web.ni.dll
MOD - [2012.03.15 18:43:32 | 001,969,080 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.02.16 20:33:21 | 000,256,000 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
MOD - [2012.02.16 20:33:02 | 017,403,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
MOD - [2012.02.16 20:31:47 | 002,345,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
MOD - [2012.02.16 20:10:35 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012.02.16 20:10:15 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012.02.16 20:08:59 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2011.10.13 21:30:40 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.10.11 14:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011.08.30 10:30:08 | 000,220,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-daemon.exe
MOD - [2011.08.30 10:30:06 | 000,036,624 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\db_daemon.exe
MOD - [2011.08.30 10:16:06 | 000,098,816 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\itapi.dll
MOD - [2011.08.30 10:15:58 | 000,043,008 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\audio.dll
MOD - [2011.08.30 10:15:50 | 000,055,296 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\coder.dll
MOD - [2011.08.30 10:15:50 | 000,035,840 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libConfig.dll
MOD - [2011.08.30 10:15:46 | 000,027,136 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\log.dll
MOD - [2011.08.30 10:14:30 | 000,020,992 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libctlsvr.dll
MOD - [2011.05.06 05:03:32 | 000,594,944 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\dbus-1.dll
MOD - [2011.05.06 05:02:40 | 000,341,504 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\sqlite3.dll
MOD - [2010.10.14 11:37:52 | 000,971,776 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libxml2.dll
MOD - [2010.10.14 11:37:52 | 000,080,688 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\zlib1.dll
MOD - [2009.11.03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2009.08.11 20:45:44 | 009,338,880 | ---- | M] () -- C:\WINDOWS\system32\Facev.dll
MOD - [2009.08.11 20:45:43 | 000,241,752 | ---- | M] () -- C:\WINDOWS\system32\IcnOvrly.dll
MOD - [2009.08.11 20:45:43 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\FunFrm.dll
MOD - [2009.08.11 20:45:42 | 009,502,720 | ---- | M] () -- C:\WINDOWS\system32\FaceVerify.dll
MOD - [2009.08.11 20:45:42 | 001,564,672 | ---- | M] () -- C:\WINDOWS\system32\MainOp.dll
MOD - [2009.08.11 20:45:42 | 000,221,184 | ---- | M] () -- C:\WINDOWS\system32\SetDev.dll
MOD - [2009.08.11 20:45:42 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\VideoOp.dll
MOD - [2009.08.11 20:45:41 | 001,167,360 | ---- | M] () -- C:\WINDOWS\system32\PicNotify.dll
MOD - [2009.08.11 20:45:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\Momo.dll
MOD - [2009.08.11 20:45:40 | 000,974,848 | ---- | M] () -- C:\WINDOWS\system32\Apblend.dll
MOD - [2009.08.11 20:45:40 | 000,323,584 | ---- | M] () -- C:\Programme\Lenovo\VeriFaceIII\PManage.exe
MOD - [2009.08.11 20:45:39 | 000,208,896 | ---- | M] () -- C:\WINDOWS\system32\image.dll
MOD - [2009.08.11 20:45:37 | 000,241,664 | ---- | M] () -- C:\WINDOWS\system32\3DImageRenderer.dll
MOD - [2009.05.14 12:40:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\370prop.ax
MOD - [2009.01.16 17:55:38 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2009.01.16 17:53:32 | 000,069,697 | ---- | M] () -- C:\Programme\Lenovo\Bluetooth Software\BTKeyInd.dll
MOD - [2008.05.21 17:33:22 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\KbdHook.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008.01.03 19:23:06 | 000,167,936 | ---- | M] () -- C:\Program Files\Lenovo\OneKey App\System Repair\LenovoAPI.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Programme\congstar\Internet-Manager\Bin\libexpat.dll
MOD - [2005.06.24 03:05:02 | 000,045,056 | ---- | M] () -- C:\Program Files\Lenovo\Energy Management\HookLib.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.04 21:47:10 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.05.25 14:06:20 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.07.26 13:20:08 | 000,018,272 | ---- | M] (SFR) [Auto | Running] -- C:\Programme\SFR\Gestionnaire de Connexion\SFR.DashBoard.Service.exe -- (SFR.DashBoard.Service)
SRV - [2009.03.26 10:20:40 | 000,315,392 | -H-- | M] (DeviceVM) [Auto | Running] -- C:\QSTART.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.01.16 17:56:42 | 000,346,720 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.09.27 11:00:24 | 000,430,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\OneKey App\System Repair\UpdateMonitor.exe -- (System_Repair_UpdateMonitor)
SRV - [2008.01.16 09:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\ewfiltertdidriver.sys -- (filtertdidriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\cmnsusbser.sys -- (cmnsusbser)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.02.15 19:19:38 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV - [2011.08.19 12:25:26 | 000,106,880 | ---- | M] (HSPADataCard Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV - [2011.08.19 12:25:26 | 000,010,240 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.15 04:46:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009.12.15 04:46:18 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009.11.17 15:20:40 | 000,021,504 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Ndisprot.sys -- (Ndisprot)
DRV - [2009.05.26 21:07:52 | 000,166,144 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMIksdrv.sys -- (usbsmi)
DRV - [2009.03.27 08:33:42 | 000,130,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.03.24 13:35:00 | 005,056,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.01.08 00:18:58 | 000,991,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.10.30 22:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.10.15 16:03:00 | 000,104,960 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbvoice.sys -- (ZTEusbvoice)
DRV - [2008.10.13 13:49:14 | 000,110,080 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2008.09.10 19:14:48 | 001,386,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.28 18:39:08 | 000,048,192 | ---- | M] (Lenovo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtumon.sys -- (tvtumon)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.24 10:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 04:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.02.04 10:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.01.11 14:58:42 | 000,009,472 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2008.01.10 10:59:08 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WSVD.sys -- (WSVD)
DRV - [2007.05.23 10:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007.05.02 16:32:34 | 000,135,680 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsa.sys -- (nmwcdsa)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacm.sys -- (nmwcdsacm)
DRV - [2007.05.02 16:31:54 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsacj.sys -- (nmwcdsacj)
DRV - [2007.05.02 16:31:54 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdsac.sys -- (nmwcdsac)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\congstar\Internet-Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.15 18:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 16:19:57 | 000,000,000 | ---D | M]
[2009.12.30 16:38:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2012.05.05 08:14:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\hgnmrexf.default\extensions
[2011.05.06 17:53:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.15 18:43:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.01.11 08:39:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.11 08:39:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.11 08:39:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.11 08:39:16 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Energy Management] C:\Program Files\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Program Files\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [VeriFaceManager] C:\Programme\Lenovo\VeriFaceIII\PManage.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\MCtlSvc.lnk = C:\Programme\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: LENOVO - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - hxxp://www.lenovo.com File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://212.204.101.30/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8614316A-D149-4515-B7D7-5957D1C9E16C}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\PicNotify: DllName - (PicNotify.dll) - C:\WINDOWS\System32\PicNotify.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\WALLPAPER\LENOVO1.BMP
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.03 10:42:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012.04.13 16:28:59 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012.04.13 16:29:00 | 000,000,000 | ---D | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.08.16 03:19:41 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2012.04.13 16:29:00 | 000,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.04.17 21:35:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012.04.17 21:35:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2012.04.15 17:18:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\AV
[2012.04.15 08:33:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\WinZip
[2012.04.14 20:44:45 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.04.14 20:44:24 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\****\Desktop\esetsmartinstaller_enu.exe
[2012.04.13 16:28:59 | 000,000,000 | ---D | C] -- C:\autorun.inf
[2012.04.12 20:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.12 20:09:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com
[2012.04.12 20:09:39 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2012.04.12 20:07:43 | 015,879,888 | ---- | C] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\****\Desktop\SUPERAntiSpyware.exe
[2012.04.12 19:38:13 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent
[2012.04.12 17:55:05 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.04.12 17:50:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.04.12 17:50:07 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2012.04.12 17:49:38 | 003,645,656 | ---- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\****\Desktop\ccsetup317.exe
[2012.04.12 17:21:34 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2012.04.12 17:14:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\history
[2012.04.12 17:12:42 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\****\Desktop\HiJackThis204.exe
[2012.04.09 23:49:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2012.04.09 23:48:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.04.09 23:48:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Avira
[2012.04.09 23:46:16 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2012.04.09 23:46:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Powertoys for Windows XP
[2012.04.09 23:46:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Eigene Dateien\Downloads
[2012.04.09 23:43:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Apple Computer
[2012.04.09 23:42:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PC Suite
[2012.04.09 06:20:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012.04.09 06:20:02 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012.04.09 00:27:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2012.04.08 09:10:35 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
========== Files - Modified Within 30 Days ==========
[2012.05.05 09:04:22 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.05.05 08:47:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.05.05 08:24:18 | 000,000,066 | -HS- | M] () -- C:\_PartitionInfo
[2012.05.05 08:24:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.05 08:24:09 | 1063,202,816 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.05 08:16:44 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2012.05.04 21:47:09 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.05.04 21:47:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.04.29 16:17:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.04.15 17:56:46 | 000,510,602 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.04.15 17:56:46 | 000,483,380 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.04.15 17:56:46 | 000,105,920 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.04.15 17:56:46 | 000,087,090 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.04.15 08:35:09 | 000,020,623 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Logfiles.zip
[2012.04.14 20:44:24 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\****\Desktop\esetsmartinstaller_enu.exe
[2012.04.13 16:18:34 | 000,132,597 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Flash_Disinfector.exe
[2012.04.12 20:09:46 | 000,001,642 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.12 20:08:06 | 015,879,888 | ---- | M] (SUPERAntiSpyware.com) -- C:\Dokumente und Einstellungen\****\Desktop\SUPERAntiSpyware.exe
[2012.04.12 19:43:11 | 000,043,554 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\cc_20120412_194258.reg
[2012.04.12 17:49:41 | 003,645,656 | ---- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\****\Desktop\ccsetup317.exe
[2012.04.12 17:12:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\****\Desktop\HiJackThis204.exe
[2012.04.08 09:04:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
========== Files Created - No Company Name ==========
[2012.04.15 08:35:09 | 000,020,623 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Logfiles.zip
[2012.04.13 16:18:33 | 000,132,597 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Flash_Disinfector.exe
[2012.04.12 20:09:46 | 000,001,642 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.04.12 19:43:02 | 000,043,554 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\cc_20120412_194258.reg
[2012.04.09 23:46:16 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2012.04.08 09:10:37 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.02.16 18:50:12 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
========== LOP Check ==========
[2012.01.29 10:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2010.09.03 23:08:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.09.03 23:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010.02.21 22:03:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PDF Writer
[2010.03.24 07:17:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VeriFace
[2009.12.31 03:44:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009.07.03 11:36:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010.04.07 20:57:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.01.01 20:24:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.04.09 23:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PC Suite
========== Purity Check ==========
< End of report > Extras.txt Code:
OTL Extras logfile created on: 05.05.2012 09:06:57 - Run 4
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,88 Mb Total Physical Memory | 370,57 Mb Available Physical Memory | 36,55% Memory free
2,39 Gb Paging File | 1,67 Gb Available in Paging File | 69,80% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 103,91 Gb Total Space | 30,25 Gb Free Space | 29,11% Space Free | Partition Type: NTFS
Drive D: | 30,38 Gb Total Space | 29,43 Gb Free Space | 96,87% Space Free | Partition Type: NTFS
Drive G: | 1863,01 Gb Total Space | 1633,07 Gb Free Space | 87,66% Space Free | Partition Type: NTFS
Computer Name: ****-NETBOOK | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{27D28586-BEF1-4E06-8787-3B1FC3A41489}" = congstar Internet-Manager
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357B11ED-5417-4CF3-8EB2-386299BC30E0}" = Lenovo Quick Start
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{717E0AD5-91EB-459F-AB8B-1B5219BAF7CE}" = Lenovo System Repair - Windows Update Monitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{84AE3F05-F600-4C40-BFC8-0B53E45B9B12}" = **** Library 2011 - Français
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8991E763-21F5-4DEA-A938-5D9D77DCB488}" = Broadcom WLAN
"{8BE514E8-4486-4730-8B68-FA15EEDC942E}" = **** Library 2011 - Deutsch
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOK_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOK_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOK_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOK_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB6F6C80-1C35-4672-BDEF-F26FF214C409}" = Samsung PC Studio 7
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D8CE69B0-9274-4b8c-BA49-0FF6A20A3C65}" = SAMSUNG SYMBIAN USB Download Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{FC48747D-095F-4CF6-B54E-37D4F4738A15}_is1" = Gestionnaire de Connexion SFR 3.1
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Lenovo EasyCamera
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1140
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.70
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"Lenovo EasyCamera" = Lenovo EasyCamera
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OUTLOOK" = Microsoft Office Outlook 2007
"PROHYBRIDR" = 2007 Microsoft Office system
"Samsung PC Studio 7" = Samsung PC Studio 7
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"VeriFace III" = VeriFace III
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.03.2012 13:38:44 | Computer Name = ****-NETBOOK | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 21.03.2012 13:38:44 | Computer Name = ****-NETBOOK | Source = SQLBrowser | ID = 5111816
Description = Der SQLBrowser-Dienst konnte eine Clientanforderung nicht verarbeiten.
Error - 12.04.2012 11:28:48 | Computer Name = ****-NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.04.2012 11:29:04 | Computer Name = ****-NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.04.2012 12:24:55 | Computer Name = ****-NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.04.2012 12:25:03 | Computer Name = ****-NETBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL.exe, Version 3.2.39.2, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 12.04.2012 14:08:18 | Computer Name = ****-NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 12.04.2012 14:08:18 | Computer Name = ****-NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 12.04.2012 14:08:19 | Computer Name = ****-NETBOOK | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 15.04.2012 11:23:24 | Computer Name = ****-NETBOOK | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
[ OSession Events ]
Error - 10.06.2010 19:33:13 | Computer Name = ****-NETBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 273304
seconds with 3000 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 05.05.2012 02:20:28 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "SAS Core Service" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 05.05.2012 02:20:28 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 05.05.2012 02:20:28 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server-Startdienst für Business Contact Manager" wurde
unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error - 05.05.2012 02:20:29 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 05.05.2012 02:20:29 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "DeviceVM Meta Data Export Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 05.05.2012 02:20:29 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "SFR.DashBoard.Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 05.05.2012 02:20:29 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "System Repair Windows Update Monitor" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 500 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 05.05.2012 02:20:30 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 05.05.2012 02:20:30 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 05.05.2012 02:20:31 | Computer Name = ****-NETBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
< End of report > 3. GMER Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-05-05 11:30:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.11.0
Running: 8o21npil.exe; Driver: C:\DOKUME~1\****~1\LOKALE~1\Temp\kxlyypoc.sys
---- System - GMER 1.0.15 ----
SSDT 9EB684F4 ZwClose
SSDT 9EB684AE ZwCreateKey
SSDT 9EB684FE ZwCreateSection
SSDT 9EB684A4 ZwCreateThread
SSDT 9EB684B3 ZwDeleteKey
SSDT 9EB684BD ZwDeleteValueKey
SSDT 9EB684EF ZwDuplicateObject
SSDT 9EB684C2 ZwLoadKey
SSDT 9EB68490 ZwOpenProcess
SSDT 9EB68495 ZwOpenThread
SSDT 9EB68517 ZwQueryValueKey
SSDT 9EB684CC ZwReplaceKey
SSDT 9EB68508 ZwRequestWaitReplyPort
SSDT 9EB684C7 ZwRestoreKey
SSDT 9EB68503 ZwSetContextThread
SSDT 9EB6850D ZwSetSecurityObject
SSDT 9EB684B8 ZwSetValueKey
SSDT 9EB68512 ZwSystemDebugControl
SSDT \??\C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9E0EC640]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\intelppm.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\CmBatt.sys[NTOSKRNL.EXE!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\wdf01000.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\msgpc.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\swenum.sys[NTOSKRNL.EXE!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ks.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\update.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\i2omgmt.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Fs_Rec.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Msfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [F7B415FE] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7B41D56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7B41D56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\winlogon.exe[936] @ C:\WINDOWS\system32\winlogon.exe [USER32.dll!DialogBoxParamW] [0145695B] C:\WINDOWS\system32\PicNotify.dll
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \FileSystem\Ntfs \Ntfs tvtumon.sys (Windows Update Monitor Driver/Lenovo)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
---- EOF - GMER 1.0.15 ---- 4. MBR -t Code:
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.11.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
C:\WINDOWS\system32\drivers\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x86369030]
3 CLASSPNP[0xF769DFD7] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006e[0x8638C320]
5 ACPI[0xF75F3620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IAAStorageDevice-0[0x8638A028]
kernel: MBR read successfully
user & kernel MBR OK
error: Read Die Anforderung konnte wegen eines E/A-Gerätefehlers nicht ausgeführt werden. |