| Computerix | 15.06.2013 18:15 |
Computer wurde ausspioniert - Spionagesoftware noch aktiv?
Hallo, ich hoffe, jemand von euch kann helfen herauszufinden, ob dieser Rechner clean ist. Der Rechner, den ich hier habe, wurde definitiv über Internet ausspioniert. Dafür hat der Besitzer sichere Beweise (führt hier jetzt zu weit). Bei Scans mit verschiedenen Virenscannern (Combofix, Kaspersky, Malwarebytes, Spybot) wurden ein paar Java-Schädlinge (installiert war Java 1.4.2) gefunden (C:\dokumente und einstellungen\*+*+*\anwendungsdaten\ibm\java\deployment\cache\javapi\v1.0\
- qdgtsqclqasthwyuj.jar-329c6daa-3ba48768
- cbygba.jar-751a94b1-61f660bd
- bhkcajgdspvnr.jar-73fdc967-3ad3c7ac
- cpjpeudryskrdmb.jar-164deb9c-73031ae2
- ehjwvkfwe.jar-3551ca68-6ab2075f
- g43kb6j34kblq6jh34kb6j3kl4.jar-43253035-4e7d148c
- syugsu.jar-10b9dea6-2ee8813c
), sonst nichts. Ich glaube daher nicht, dass ich den "Übeltäter" schon erwischt habe, oder er wurde bereits entfernt, um Spuren zu verwischen.
Danke für eure Bemühungen!
Hier sind die Logs: Code:
OTL logfile created on: 15.06.2013 16:20:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*+*+*\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 51,42% Memory free
3,78 Gb Paging File | 3,09 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,07 Gb Total Space | 105,18 Gb Free Space | 72,50% Space Free | Partition Type: NTFS
Computer Name: NB-*+*+* | User Name: *+*+* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.13 16:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\OTL.exe
PRC - [2013.05.25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe
PRC - [2013.04.15 10:40:28 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- c:\Programme\Lenovo\System Update\SUService.exe
PRC - [2013.01.17 16:22:50 | 000,335,232 | ---- | M] (Puran Software) -- C:\Programme\Puran Defrag\PuranADT.exe
PRC - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.08.17 21:43:06 | 000,019,064 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\wmi32.exe
PRC - [2011.11.04 15:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2011.10.20 10:58:46 | 000,101,440 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe
PRC - [2011.07.12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2011.07.12 17:17:04 | 000,138,680 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe
PRC - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2009.09.11 13:34:22 | 002,403,840 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
PRC - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2009.03.12 17:37:12 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.04 10:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe
PRC - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007.09.13 18:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2005.05.24 23:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2005.04.27 12:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
PRC - [2005.04.27 10:53:08 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
PRC - [2005.04.13 10:01:28 | 000,040,554 | ---- | M] (UPEK Inc.) -- C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe
PRC - [2005.03.18 04:07:00 | 000,077,824 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE
PRC - [2004.11.08 12:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004.10.14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2003.07.11 19:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2013.05.18 15:31:09 | 000,686,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\fbc39dffa3eea3a552e956db59d1d7fd\System.Security.ni.dll
MOD - [2013.05.18 15:31:01 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll
MOD - [2013.05.18 15:25:20 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll
MOD - [2013.05.18 14:58:28 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013.05.18 14:57:14 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013.05.18 14:56:51 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013.03.13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\libcef.dll
MOD - [2013.02.13 21:31:03 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013.01.10 18:14:45 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
MOD - [2013.01.10 18:14:19 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013.01.10 14:42:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.10 14:41:42 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.10 14:40:59 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013.01.10 14:33:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.10 14:32:35 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.12.14 13:45:44 | 001,310,136 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
MOD - [2012.11.14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2010.11.11 02:02:34 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.11 02:02:21 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.11 02:02:09 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2008.03.25 06:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007.11.19 14:37:04 | 000,245,760 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.04.27 12:09:46 | 000,385,024 | ---- | M] () -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
MOD - [2005.04.14 02:01:00 | 000,073,728 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWRMGRIF.DLL
MOD - [2005.04.14 02:01:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\PWRMGRRT.DLL
MOD - [2005.04.05 16:02:26 | 000,081,920 | ---- | M] () -- C:\Programme\ThinkPad\TpShocks\MUI\0407\TpShocks.dll
MOD - [2005.03.23 03:11:00 | 000,036,864 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\GR\EZMAPRES.DLL
MOD - [2005.03.04 12:47:18 | 000,155,648 | ---- | M] () -- C:\Programme\FRITZ!DSL\SSLEAY32.DLL
MOD - [2005.03.04 12:46:44 | 000,790,528 | ---- | M] () -- C:\Programme\FRITZ!DSL\LIBEAY32.DLL
MOD - [2003.07.11 19:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
========== Services (SafeList) ==========
SRV - [2013.06.13 18:52:23 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.12 00:26:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.15 10:40:28 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Programme\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2012.12.14 13:45:40 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.07.12 16:53:48 | 000,131,432 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2011.07.12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2011.07.12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2010.03.31 12:02:16 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.11 13:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.07.18 15:05:40 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.03.04 10:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007.09.26 17:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2005.05.24 23:36:46 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.04.27 12:09:46 | 000,385,024 | ---- | M] () [Auto | Running] -- C:\Programme\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
SRV - [2005.04.13 10:01:28 | 000,040,554 | ---- | M] (UPEK Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Virtual Token\vtserver.exe -- (vtserver)
SRV - [2005.03.18 04:07:00 | 000,077,824 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2005.03.04 12:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005.03.04 12:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003.07.11 19:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.06.11 03:53:37 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2013.06.11 03:53:37 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kneps.sys -- (kneps)
DRV - [2013.06.11 03:53:37 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kltdi.sys -- (kltdi)
DRV - [2012.12.14 13:45:34 | 000,024,920 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2012.12.14 13:45:34 | 000,024,408 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klkbdflt.sys -- (klkbdflt)
DRV - [2012.06.27 14:09:08 | 000,035,672 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2012.06.19 17:28:12 | 000,136,024 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2010.09.07 14:09:06 | 000,013,680 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smiif32.sys -- (lenovo.smi)
DRV - [2009.08.18 14:06:56 | 000,114,688 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.08.18 14:06:56 | 000,105,088 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.06.30 19:46:24 | 000,009,728 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.06.29 19:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 19:00:50 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 14:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.10.09 14:50:08 | 000,022,528 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2008.10.09 14:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2007.11.20 16:39:56 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007.07.25 16:44:28 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2007.05.02 11:34:32 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2006.07.10 06:28:38 | 000,006,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MOUSEWD.SYS -- (MOUSEWDFilter)
DRV - [2005.05.24 23:59:46 | 000,017,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.05.24 23:58:20 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.05.24 23:57:36 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.05.24 23:57:20 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.05.24 23:23:40 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.05.17 03:34:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005.04.27 11:27:34 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005.04.21 17:44:54 | 000,014,336 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nsctpm11.sys -- (TPM11)
DRV - [2005.04.14 02:01:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005.04.13 09:58:20 | 000,003,328 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Programme\IBM fingerprint software\smihlp.sys -- (SmiHlp)
DRV - [2005.03.18 04:07:00 | 000,012,288 | ---- | M] (IBM Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qcndisif.sys -- (QCNDISIF)
DRV - [2005.03.18 04:07:00 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005.03.18 04:07:00 | 000,002,432 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK)
DRV - [2005.02.01 18:00:42 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2005.01.21 02:40:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005.01.21 02:40:00 | 000,009,340 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2004.12.02 17:14:44 | 000,014,208 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)
DRV - [2004.12.02 16:54:12 | 000,006,016 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)
DRV - [2004.11.10 17:47:30 | 000,200,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004.11.10 17:46:24 | 000,685,184 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004.11.10 17:45:50 | 001,041,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004.05.24 15:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\avmport.sys -- (AVMPORT)
DRV - [2003.05.07 16:54:38 | 000,008,960 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbbc2.sys -- (PLUsbbc2)
DRV - [2003.02.27 02:00:00 | 000,523,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fxpcbase.sys -- (FXPCBASE)
DRV - [2003.02.27 02:00:00 | 000,038,608 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)
DRV - [2002.12.17 05:41:10 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SENTINEL.SYS -- (Sentinel)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 AB CD A6 BE 85 CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {943BBB00-8E37-48B2-9949-ED55B3AD798B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7AD48B50-0338-428D-830F-BAFF2292DDC0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=MNC&o=15092&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=MF&apn_dtid=YYYYYYYYDE&apn_uid=9aaea3d2-3fb9-426e-87ec-a671dd46068d&apn_sauid=E2E8E175-0B5D-4EE6-B3BD-1BB1E61C0A11
IE - HKCU\..\SearchScopes\{943BBB00-8E37-48B2-9949-ED55B3AD798B}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.1.4307
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.12.16 13:29:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.06.11 03:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.06.11 03:53:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.06.11 03:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.06.11 03:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.06.11 03:53:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2009.06.08 09:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Extensions
[2013.06.11 10:44:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\extensions
[2013.05.13 19:11:58 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.05.04 15:40:46 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Mozilla\Firefox\Profiles\xgd47kos.default\searchplugins\askcom.xml
[2013.06.11 10:40:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.11 10:40:48 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.06.11 03:53:48 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAMME\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
O1 HOSTS File: ([2013.06.11 02:34:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter] C:\Programme\IBM fingerprint software\ctlcntr.exe (UPEK Inc.)
O4 - HKLM..\Run: [IBMPRC] C:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
O4 - HKLM..\Run: [LenovoAutoScrollUtility] C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [PuranADT] C:\Programme\Puran Defrag\PuranADT.exe (Puran Software)
O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (IBM Corp.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Programme\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [UpdateManager] C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - Startup: C:\Dokumente und Einstellungen\*+*+*\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ThinkPad-Software - Aktualisierung - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Programme\Lenovo\PkgMgr\\PkgMgr.exe ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135511583123 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242637022875 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{731559F7-3989-4F1A-B4D3-4EAF8786BB78}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\psfus: DllName - (C:\Programme\IBM fingerprint software\psfus.dll) - C:\Programme\IBM fingerprint software\psfus.dll (UPEK Inc.)
O20 - Winlogon\Notify\QConGina: DllName - (QConGina.dll) - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.25 18:05:52 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck PuranDefragBT -AD)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.06.15 15:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intel
[2013.06.15 15:02:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\(null)
[2013.06.15 15:02:25 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Lenovo
[2013.06.13 16:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\OTL.exe
[2013.06.13 15:17:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013.06.12 09:15:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\*+*+*\Recent
[2013.06.12 08:54:37 | 004,170,624 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\TeamViewerQS_de.exe
[2013.06.12 08:51:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.12 08:24:58 | 000,302,592 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\unin0407.exe
[2013.06.11 13:34:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Malwarebytes
[2013.06.11 13:33:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.06.11 13:33:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.06.11 13:33:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.06.11 13:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.06.11 10:48:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Virenfunde
[2013.06.11 10:40:54 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.06.11 10:40:45 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.06.11 03:28:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Internet Security 2013
[2013.06.11 03:26:03 | 000,000,000 | ---D | C] -- C:\Programme\Kaspersky Lab
[2013.06.11 03:26:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2013.06.11 03:25:31 | 000,591,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013.06.11 03:25:31 | 000,074,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013.06.11 02:46:11 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2013.06.11 02:02:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.06.11 02:00:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.06.11 00:32:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Puran Defrag
[2013.06.11 00:32:50 | 000,000,000 | ---D | C] -- C:\Programme\Puran Defrag
[2013.06.04 11:31:37 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.06.15 16:29:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7DE5ADB8-9F39-4266-BBED-037979944AD7}.job
[2013.06.15 16:18:24 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\defogger_reenable
[2013.06.15 16:18:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.15 16:08:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.15 16:08:25 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.15 16:07:49 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2013.06.15 16:07:35 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2013.06.15 16:07:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.15 16:07:11 | 1600,638,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.15 15:52:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.15 15:28:21 | 000,013,984 | ---- | M] () -- C:\WINDOWS\AegisP.inf
[2013.06.15 15:28:21 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
[2013.06.13 16:20:50 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\gmer_2.1.19163.exe
[2013.06.13 16:19:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\OTL.exe
[2013.06.13 16:18:58 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Defogger.exe
[2013.06.12 09:26:30 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.12 08:54:43 | 004,170,624 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\*+*+*\Desktop\TeamViewerQS_de.exe
[2013.06.12 08:32:40 | 000,000,182 | ---- | M] () -- C:\WINDOWS\DOTEXCRD.INI
[2013.06.12 08:32:39 | 000,000,773 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2013.06.12 08:23:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.06.12 00:32:46 | 000,000,310 | RHS- | M] () -- C:\BOOT.INI
[2013.06.11 13:33:57 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.11 13:25:05 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013.06.11 10:40:59 | 000,000,706 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.06.11 03:53:37 | 000,591,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klif.sys
[2013.06.11 03:53:37 | 000,145,040 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kneps.sys
[2013.06.11 03:53:37 | 000,074,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\klflt.sys
[2013.06.11 03:53:37 | 000,044,432 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\kltdi.sys
[2013.06.11 03:31:04 | 000,001,955 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.06.11 03:27:44 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013.06.11 02:46:22 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.06.11 02:34:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.06.11 00:23:47 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.06.04 11:32:47 | 000,001,052 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.18 18:43:03 | 000,084,324 | ---- | M] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\MW_Bundesverkehrswegeplan_2015_04_pdf[1].pdf
[2013.05.18 15:00:28 | 000,482,480 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.18 15:00:28 | 000,459,736 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.18 15:00:28 | 000,095,106 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.18 15:00:28 | 000,079,186 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.06.15 16:18:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\defogger_reenable
[2013.06.15 15:28:21 | 000,013,984 | ---- | C] () -- C:\WINDOWS\AegisP.inf
[2013.06.15 15:28:21 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat
[2013.06.13 16:20:50 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\gmer_2.1.19163.exe
[2013.06.13 16:18:53 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Defogger.exe
[2013.06.12 09:26:30 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.06.12 08:25:47 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2013.06.11 13:33:57 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.11 10:48:13 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.11 10:40:59 | 000,000,712 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013.06.11 10:40:59 | 000,000,706 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.06.11 03:31:04 | 000,001,955 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\Sicherer Zahlungsverkehr.lnk
[2013.06.11 03:28:12 | 000,000,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Internet Security 2013.lnk
[2013.06.11 02:46:22 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.06.11 02:46:22 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.06.11 02:02:55 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2013.06.11 02:02:50 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.06.04 11:32:47 | 000,001,052 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Startmenü\Programme\Autostart\Dropbox.lnk
[2013.05.18 18:43:03 | 000,084,324 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Desktop\MW_Bundesverkehrswegeplan_2015_04_pdf[1].pdf
[2012.02.15 08:43:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2007.11.30 16:24:37 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\RefEdit.exd
[2005.12.26 12:38:25 | 000,031,232 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005.12.25 18:05:41 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\*+*+*\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2005.10.26 23:36:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2009.06.08 08:46:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2005.10.26 23:56:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm
[2010.03.31 12:06:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.03.31 12:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.12.16 13:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2012.12.23 18:08:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\YesVideo
[2006.03.16 12:23:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\AVG7
[2010.12.16 13:31:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Bytemobile
[2011.09.11 18:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Canon
[2013.06.15 16:09:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox
[2010.01.06 12:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\FRITZ!
[2005.12.25 18:09:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\IBM
[2008.10.27 14:18:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\InfraRecorder
[2005.12.26 12:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\InterVideo
[2006.03.16 15:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\NewSoft
[2007.02.26 16:59:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\ScanSoft
[2009.06.18 08:45:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\TeamViewer
[2009.05.15 09:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\TuneUp Software
[2010.11.09 14:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Vodafone
[2010.11.13 11:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Vodafone Mobile Connect
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 15.06.2013 16:20:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\*+*+*\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,77 Gb Available Physical Memory | 51,42% Memory free
3,78 Gb Paging File | 3,09 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,07 Gb Total Space | 105,18 Gb Free Space | 72,50% Space Free | Partition Type: NTFS
Computer Name: NB-*+*+* | User Name: *+*+* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\*+*+*\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = IBM SATA Power Management Driver
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = IBM ThinkVantage Technologies Welcome Message
"{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = Dienstprogramm 'IBM ThinkPad EasyEject'
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility
"{30DB11CB-5A5C-471C-B777-3CC12D7BE2C3}" = StarMoney
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{72806716-7088-41B2-8FA6-717A2A164DAB}" = IBM System für aktiven Festplattenschutz
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = ThinkPad Integrated Bluetooth IV Software
"{91110407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95381165-5D16-4CD4-9162-57799A3F3AB5}" = PCLinq2 Hi-Speed USB Bridge Cable
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = IBM ThinkPad Energie-Manager
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7476A5B-5709-42B1-843C-CE750332F77B}" = StarMoney 6.0 S-Edition
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{C0271B80-4B2F-480D-BBFC-1217EDAA3BF6}" = 12024SC Mouse Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9A8539A-5758-4639-B533-E91934A92B6D}" = Routenplaner 2003 professional
"{DFEBA70E-F169-4016-AB27-7230BCCDBD42}" = IBM Fingerprint Software 4.5.5
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = IBM ThinkPad-Konfiguration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"AVMFBox" = FRITZ!Box
"Canon MX850 series Benutzerregistrierung" = Canon MX850 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.1.0
"CrystalReports7" = Seagate Crystal Reports for ESRI
"DeInst_dotexcrd1.0" = TOP 50 (Version 1.0)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Free Registry Defrag_is1" = Free Registry Defrag
"FRITZ!DSL" = AVM FRITZ!DSL
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{8F55B163-7B42-42A3-9307-C7FCB9655225}" = PC-Doctor for Windows
"InstallShield_{C0271B80-4B2F-480D-BBFC-1217EDAA3BF6}" = 12024SC Mouse Driver
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"LENOVO.SMIIF" = Lenovo System Interface Driver
"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Webclient für Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = Anzeige am Bildschirm
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"ProInst" = Intel(R) PROSet/Wireless Software
"Puran Defrag_is1" = Puran Defrag 7.6
"Rainbow Sentinel Driver" = Sentinel System Driver
"ST6UNST #1" = WinforstPro V1.5
"ST6UNST #10" = WinforstPro32 V4.0 SP08 (2010-01-18)
"ST6UNST #2" = WFP_ADMIN
"ST6UNST #3" = WinforstPro V1.5 (C:\Programme\WinforstPro\)
"ST6UNST #4" = WinforstPro V1.5 SP2 2004_03_22
"ST6UNST #5" = WinforstPro V2.0 2004_07_23
"ST6UNST #6" = WinforstPro V2.0 SP2 2005_02_15
"ST6UNST #7" = WinforstPro V2.0 SP19 2005_11_30
"ST6UNST #8" = WinforstPro V3.0 2006_08_01
"ST6UNST #9" = WinforstPro32 V4.0 SP01 (2009-04-20)
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Software Installer
"WaldKat 2000" = WaldKat 2000
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ab707fdcbd31fcd7" = Zeiterfassung
"ArcView GIS 3.2a" = ArcView GIS 3.2a
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.06.2013 09:06:17 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 09:06:21 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.06.2013 09:24:24 | Computer Name = NB-*+*+* | Source = MsiInstaller | ID = 11905
Description = Product: mMHouse -- Error 1905.Module C:\Programme\Intel\Wireless\Bin\D8021Xps.DLL
failed to unregister. HRESULT . Contact your support personnel.
Error - 15.06.2013 09:27:14 | Computer Name = NB-*+*+* | Source = MsiInstaller | ID = 11931
Description = Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service
cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file
is protected by Windows. You may need to update your operating system for this
program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0
Error - 15.06.2013 09:34:11 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 09:34:23 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.06.2013 09:51:55 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 09:51:57 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 15.06.2013 10:08:03 | Computer Name = NB-*+*+* | Source = MSSQLSERVER | ID = 17055
Description = 19012 : SuperSocket-Information: Fehler beim Binden bei TCP-Anschluss
1433.
Error - 15.06.2013 10:08:09 | Computer Name = NB-*+*+* | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 15.06.2013 09:34:50 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 09:34:50 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 09:51:59 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 09:51:59 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 09:52:35 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 09:52:35 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 10:08:10 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 10:08:10 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
Error - 15.06.2013 10:08:49 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Universeller Plug & Play-Gerätehost" ist vom Dienst "SSDP-Suchdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 15.06.2013 10:08:50 | Computer Name = NB-*+*+* | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1068
< End of report >
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-15 18:04:42
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVE-00A0HT0 rev.11.01A11 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\*+*+*\LOKALE~1\Temp\pfdyqkog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xA84699E4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwClose [0xA8405410]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xA841C588]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xA8405988]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xA840586E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xA841C8AE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcess [0xA846B95E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateProcessEx [0xA846BB7A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xA846CA3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xA8405AA8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xA846C03E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xA841C97C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xA846B804]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteKey [0xA841660E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeleteValueKey [0xA8417DF6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xA8405454]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xA8469B26]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateKey [0xA8417602]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwEnumerateValueKey [0xA8417F96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xA846978E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey [0xA8417146]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey2 [0xA841739E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xA846C836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xA841AD4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xA8405A1E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xA84058FE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xA846B3AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xA846CCEA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xA8405B3E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xA846BD9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryKey [0xA8416442]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryMultipleValueKey [0xA8417C04]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryObject [0xA841AF58]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryValueKey [0xA84179F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xA846C6EA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRenameKey [0xA8416722]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplaceKey [0xA8416D94]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xA841CBBC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xA841CA4A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePortEx [0xA841CB00]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xA841CC2C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRestoreKey [0xA8416F9A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xA846C414]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKey [0xA84168C6]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKeyEx [0xA8416A5C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveMergedKeys [0xA8416BF8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xA841C716]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xA846C572]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xA8405BC8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xA8469898]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetValueKey [0xA84177C2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xA846B54C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xA846C2BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xA8405BDA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xA846B6AC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xA846BF3A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xA846CE52]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xA846CB7C]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 24DC 80501D38 12 Bytes [AE, C8, 41, A8, 5E, B9, 46, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 25A8 80501E04 12 Bytes [8E, 97, 46, A8, 46, 71, 41, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2618 80501E74 8 Bytes [EA, CC, 46, A8, 3E, 5B, 40, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 26F4 80501F50 4 Bytes JMP D4A846C6
.text ntkrnlpa.exe!ZwCallbackReturn + 2724 80501F80 20 Bytes [22, 67, 41, A8, 94, 6D, 41, ...]
.text ...
---- User code sections - GMER 2.1 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[592] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX}
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 6CD01A54 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\ushata.dll
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe[1116] USER32.dll!AlignRects 7E362A78 4 Bytes [53, 2A, D0, 6C] {PUSH EBX; SUB DL, AL; INS BYTE [ES:EDI], DX}
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip kltdi.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 TPInput.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 klmouflt.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 TPInput.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp kltdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp kltdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp kltdi.sys
Device \FileSystem\Fastfat \Fat A637ED20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
AdwCleaner auf deinen Desktop.
SecurityCheck und:
