Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 12.04.2013, 13:17   #1
freddy410
 
Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) - Beitrag

Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)



Hallo,

ich bin mir ziemlich sicher, mir vor 3, 4 Wochen was eingefangen zu haben.

Symptome:
- Ständiger Festplattenzugriff
- Langesamer Rechner
- Langsamer Aufbau der Webseiten in IE und FF
- Umleitung auf Shop-Seiten mit AffiliateIDs im FF
- Absturz von FF
- Festfahren des gesamten Rechners, bei Nutzung des FF


Anbei der Inhalt der drei Logfiles otl.txt, extras.txt, gmer.txt.

Ich hoffe jemand hat nen Tipp für mich.

Danke und Gruß

Eddy


Code:
ATTFilter
OTL logfile created on: 12.04.2013 12:06:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free
3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
 
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
PRC - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
PRC - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe
PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.12.18 16:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2012.11.22 10:59:40 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2012.08.28 18:19:26 | 000,334,240 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe
PRC - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012.07.31 17:31:08 | 000,887,416 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\PccNTMon.exe
PRC - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmListen.exe
PRC - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\NTRtScan.exe
PRC - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe
PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe
PRC - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe
PRC - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxmgr.exe
PRC - [2012.04.27 17:38:47 | 000,026,624 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxagt.exe
PRC - [2012.04.26 17:35:04 | 003,221,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\BM\TMBMSRV.exe
PRC - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2012.03.14 15:21:56 | 003,488,640 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- c:\Programme\Intel\iCLS Client\HeciServer.exe
PRC - [2012.02.26 14:51:00 | 000,070,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
PRC - [2011.11.09 18:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe
PRC - [2011.10.03 11:21:32 | 002,159,992 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2011.10.03 11:21:32 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmProxy.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.21 15:03:31 | 001,025,384 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010.09.21 15:03:30 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010.09.02 18:15:36 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HPCA\ManagementAgent\nvdkit.exe
PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
MOD - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe
MOD - [2013.02.17 17:40:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013.02.17 17:40:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013.02.17 17:39:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013.02.17 17:38:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013.02.17 17:38:17 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013.02.17 17:38:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013.02.17 17:38:09 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013.01.12 21:02:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll
MOD - [2013.01.12 21:01:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013.01.12 21:01:30 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll
MOD - [2013.01.10 21:15:16 | 001,917,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\91a81dc769e9148a0b9f3840c87ef083\System.Speech.ni.dll
MOD - [2013.01.10 21:15:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013.01.10 21:15:05 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll
MOD - [2013.01.10 21:15:02 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbfa6bdbfea6f90f3b604c3efce24047\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 21:14:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 21:14:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 21:14:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013.01.10 21:14:39 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
MOD - [2013.01.10 21:14:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll
MOD - [2013.01.10 21:14:04 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.10 21:13:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
MOD - [2013.01.10 21:13:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
MOD - [2013.01.10 21:13:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.10 21:13:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.10 21:13:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.10 21:13:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.12.18 16:28:44 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2012.12.18 16:28:44 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2012.11.22 10:59:19 | 000,113,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012.11.22 10:59:19 | 000,092,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012.11.16 14:21:18 | 000,877,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012.11.15 16:43:03 | 000,312,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll
MOD - [2012.11.15 16:43:03 | 000,098,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll
MOD - [2012.11.15 16:43:03 | 000,046,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll
MOD - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe
MOD - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe
MOD - [2012.03.28 10:18:40 | 001,198,872 | ---- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
MOD - [2012.03.14 15:29:34 | 000,892,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2012.01.24 12:59:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2012.01.24 12:59:38 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.01.24 12:59:25 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.01.24 12:59:22 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2012.01.24 12:59:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2011.10.03 11:21:40 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2011.04.08 10:57:54 | 000,514,570 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\sqlite3.dll
MOD - [2009.04.14 21:23:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclfile.dll
MOD - [2009.04.07 20:45:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclcom.dll
MOD - [2008.04.14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.21 19:29:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\nvdcrt.dll
MOD - [2007.03.08 20:33:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\wnetutl.dll
MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\iphelper.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 09:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\unimdnat.exe -- (proxydfg)
SRV - [2013.03.14 22:01:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012.11.09 13:12:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SCPwrSetSvr.exe -- (SCPwrSetSvr)
SRV - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) [Auto | Running] -- C:\Programme\SGFX\sgfxmgr.exe -- (SGFXMgr)
SRV - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] () [Auto | Running] -- C:/Programme/Hewlett-Packard/HPCA/ManagementAgent/nvdkit.exe -- (rma)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Adapter | Unavailable | Unknown] --  -- (PnSson)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2012.11.22 10:59:41 | 001,996,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2012.11.22 10:59:40 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2012.08.24 14:16:10 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.08.24 14:16:08 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2012.08.15 17:01:30 | 000,027,648 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SzCCID.sys -- (SzCCID)
DRV - [2012.04.16 13:45:56 | 000,152,576 | ---- | M] (ITE                      ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV - [2012.03.19 13:06:10 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012.03.19 13:05:08 | 000,061,200 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012.03.19 13:04:50 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012.03.15 21:54:16 | 000,239,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2012.03.12 14:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2011.11.09 12:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2011.10.04 16:54:54 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011.10.04 16:54:54 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl)
DRV - [2011.10.04 16:54:54 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2011.07.06 19:11:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.04.03 19:19:46 | 002,468,728 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPUVCBv.sys -- (SPUVCbv)
DRV - [2011.01.06 15:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 15:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.10 14:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.12.10 14:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010.10.15 02:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.21 15:03:55 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2010.09.21 15:03:54 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2010.01.26 13:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.11.10 16:56:24 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008.07.23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 4E 12 5F 3C DF CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "94.126.17.69"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 20:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 09:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.12 09:56:35 | 000,000,000 | ---D | M]
 
[2012.12.15 13:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2013.04.01 19:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions
[2013.02.17 17:33:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.05 17:50:10 | 000,150,573 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2013.04.12 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 09:56:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.08.14 13:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll
[2009.08.14 13:33:30 | 000,091,480 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll
[2009.08.14 13:33:26 | 000,020,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll
[2007.03.16 18:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll
[2007.03.16 18:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll
[2007.03.16 18:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll
[2009.08.14 13:35:40 | 000,427,344 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll
[2009.08.14 13:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.12 11:46:28 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [NUSB3MON] c:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SgfxConfig] C:\Programme\SGFX\sgfxconfig.exe ()
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352900286078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352900276890 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () - 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.20 16:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell - "" = AutoRun
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell - "" = AutoRun
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 12:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Anleitung
[2013.04.12 12:00:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2013.04.12 10:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Autoruns
[2013.04.12 09:56:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.04.10 13:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2013.04.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.04.10 13:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.10 13:10:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.10 13:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.10 11:38:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.04.05 17:46:49 | 003,046,048 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe
[2013.04.04 17:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\grundstück eiche
[2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator
[2013.04.01 17:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
[2013.04.01 17:49:19 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2013.03.22 18:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\downloads
[2013.03.22 09:50:57 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader 2
[2013.03.21 20:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.03.21 20:08:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2013.03.21 20:01:09 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 12:05:02 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe
[2013.04.12 12:01:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2013.04.12 11:59:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2013.04.12 11:54:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.12 11:54:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.12 11:46:28 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.10 13:12:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 11:38:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.10 10:29:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.10 10:26:20 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 10:11:46 | 000,014,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json
[2013.04.09 12:15:53 | 004,734,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf
[2013.04.09 08:45:19 | 000,549,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.09 08:45:19 | 000,504,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.09 08:45:19 | 000,111,376 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.09 08:45:19 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.05 17:46:51 | 003,046,048 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.01 17:50:22 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.03.21 20:18:03 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\unimdnat.exe
[2013.03.21 18:12:56 | 000,000,598 | ---- | M] () -- C:\WINDOWS\wiso.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.12 12:05:01 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe
[2013.04.12 11:59:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2013.04.12 11:58:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2013.04.10 13:10:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 11:38:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013.04.10 11:38:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.10 10:11:46 | 000,014,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json
[2013.04.09 12:15:47 | 004,734,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf
[2013.04.01 17:50:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2013.04.01 17:50:22 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk
[2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk
[2013.03.22 09:51:37 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader 2.lnk
[2013.03.21 20:01:55 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2013.03.21 20:01:19 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\unimdnat.exe
[2013.03.21 20:01:11 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2013.02.24 13:52:25 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2013.01.10 21:25:49 | 000,987,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013.01.04 19:06:52 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.04 18:52:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012.12.19 17:52:40 | 000,010,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\IntelligentesNetz.html
[2012.11.14 16:06:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.11.14 13:28:38 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin
[2012.11.14 13:28:38 | 000,561,128 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin
[2012.07.23 12:37:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign
[2012.05.07 16:38:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SCPwrSetSvr.exe
[2012.03.07 02:40:26 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll
[2012.01.30 12:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2012.01.26 15:43:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012.01.24 14:20:53 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini
[2012.01.24 13:41:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 12:58:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\oeminfo.ini
[2012.01.23 12:46:46 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.01.20 17:07:27 | 000,019,326 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012.01.20 16:55:50 | 000,015,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2012.01.20 16:54:37 | 000,094,776 | ---- | C] () -- C:\WINDOWS\un_dext.exe
[2012.01.20 16:54:37 | 000,074,616 | ---- | C] () -- C:\WINDOWS\SPRemove.exe
[2012.01.20 16:54:37 | 000,014,409 | ---- | C] () -- C:\WINDOWS\TWAIN2080.ini
[2012.01.20 16:54:37 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Dext_12.ini
[2012.01.20 16:54:37 | 000,003,892 | ---- | C] () -- C:\WINDOWS\Dext_27.ini
[2012.01.20 16:54:37 | 000,003,884 | ---- | C] () -- C:\WINDOWS\Dext_25.ini
[2012.01.20 16:54:37 | 000,003,882 | ---- | C] () -- C:\WINDOWS\Dext_21.ini
[2012.01.20 16:54:37 | 000,003,820 | ---- | C] () -- C:\WINDOWS\Dext_11.ini
[2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_14.ini
[2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_05.ini
[2012.01.20 16:54:37 | 000,003,704 | ---- | C] () -- C:\WINDOWS\Dext_10.ini
[2012.01.20 16:54:37 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Dext_16.ini
[2012.01.20 16:54:37 | 000,003,682 | ---- | C] () -- C:\WINDOWS\Dext_08.ini
[2012.01.20 16:54:37 | 000,003,672 | ---- | C] () -- C:\WINDOWS\Dext_31.ini
[2012.01.20 16:54:37 | 000,003,648 | ---- | C] () -- C:\WINDOWS\Dext_36.ini
[2012.01.20 16:54:37 | 000,003,624 | ---- | C] () -- C:\WINDOWS\Dext_1046.ini
[2012.01.20 16:54:37 | 000,003,622 | ---- | C] () -- C:\WINDOWS\Dext_20.ini
[2012.01.20 16:54:37 | 000,003,591 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2012.01.20 16:54:37 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Dext_06.ini
[2012.01.20 16:54:37 | 000,003,586 | ---- | C] () -- C:\WINDOWS\Dext_22.ini
[2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_19.ini
[2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_07.ini
[2012.01.20 16:54:37 | 000,003,522 | ---- | C] () -- C:\WINDOWS\Dext_02.ini
[2012.01.20 16:54:37 | 000,003,492 | ---- | C] () -- C:\WINDOWS\Dext_24.ini
[2012.01.20 16:54:37 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Dext_29.ini
[2012.01.20 16:54:37 | 000,003,416 | ---- | C] () -- C:\WINDOWS\Dext_01.ini
[2012.01.20 16:54:37 | 000,003,342 | ---- | C] () -- C:\WINDOWS\Dext_30.ini
[2012.01.20 16:54:37 | 000,003,220 | ---- | C] () -- C:\WINDOWS\Dext_09.ini
[2012.01.20 16:54:37 | 000,003,174 | ---- | C] () -- C:\WINDOWS\Dext_13.ini
[2012.01.20 16:54:37 | 000,002,850 | ---- | C] () -- C:\WINDOWS\Dext_04.ini
[2012.01.20 16:54:37 | 000,002,750 | ---- | C] () -- C:\WINDOWS\Dext_17.ini
[2012.01.20 16:54:37 | 000,002,674 | ---- | C] () -- C:\WINDOWS\Dext_18.ini
[2012.01.20 16:54:37 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Dext_2052.ini
[2012.01.20 16:53:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.01.20 16:47:50 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2012.01.20 16:47:50 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2012.01.20 16:47:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012.01.20 16:47:49 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2012.01.20 16:47:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012.01.20 16:33:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.20 16:28:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.20 16:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.20 16:16:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.12 03:02:14 | 000,187,728 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll
[2011.10.12 03:02:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll.hpsign
[2011.10.03 11:21:40 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
 
========== ZeroAccess Check ==========
 
[2012.01.24 11:54:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.24 13:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service
[2012.12.17 19:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Citrix
[2012.12.20 18:44:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICAClient
[2012.11.15 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LocalLow
[2012.11.14 15:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SMSC
[2013.04.01 17:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator
[2012.01.23 10:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Synaptics
[2013.04.05 17:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer
[2013.01.04 18:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec
[2013.02.24 13:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.11.16 14:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Qualcomm Atheros
[2013.01.04 18:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2013.04.12 10:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2012.11.14 13:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SZCCID
[2013.01.04 18:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2012.01.24 15:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2012.11.14 16:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Validity
 
========== Purity Check ==========
 
< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12.04.2013 12:06:49 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free
3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
 
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12344:TCP" = 12344:TCP:*:Enabled:Trend Micro OfficeScan Listener
"3465:TCP" = 3465:TCP:*:Enabled:HPCA-RAM 7.50.7535 (3465)
"3463:TCP" = 3463:TCP:*:Enabled:HPCA-RMA 7.50.7535 (3463)
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\Spyware Terminator\SpywareTerminator.exe" = C:\Programme\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1121A0B7-4CC0-49F5-9310-37E308D388EA}" = HP SoftPaq Download Manager
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B2E5A81-C31B-40AD-B3C6-C08C85755A14}" = HP Connection Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{446A6333-0247-4E14-BC59-FF3598F65D21}" = HPCA Management Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload 
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{59A443A7-FFBF-41F1-B033-51D7B9A4AF5C}" = Mobile Broadband Generic Drivers
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}" = HP Power Assistant
"{6EC6CE35-3230-4748-9140-4A68B3DC50FE}" = HP ESU for Microsoft Windows XP
"{70B6AFF1-40D1-486E-B846-26F88AFC78C2}" = Intel® Trusted Connect Service Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75BF632E-4761-4CF4-A368-E158B8A1BB1C}" = HP Port Replicator Software Installer
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7ADD9AFB-4CF8-46E6-AD6F-88DB7C949533}" = HP USB Docking Video
"{842B692C-3562-4AA2-8A1D-75C1AE770E23}" = ViewSpan
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"{BAB5DCE0-2B99-4B28-837F-B5752043A361}" = DisplayLink Core Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF164C10-6C85-4C39-AFDC-577E42078564}" = Core Graphics Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}" = Citrix XenApp Plugin für gehostete Anwendungen
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4543880-0A6F-41CC-BB6F-9B27407A7E28}" = HP 3D DriveGuard
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F24F876B-7D71-4BD6-88E9-614D3BB84231}" = Alcor Micro Smart Card Reader Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F5FB6A99-F6BD-4F13-AD89-A9F0DE5E1F68}" = Cinergy_Stick_DUAL_REV2
"{F83E415D-074E-4DAB-A623-5B3ABF9F3094}" = Validity Fingerprint Sensor Driver
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Core Graphics Software" = SMSC Core Graphics Software
"GSiteCrawler" = GSiteCrawler
"HP Battery Check" = HP Battery Check
"ie8" = Windows Internet Explorer 8
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKVToolNix" = MKVToolNix 6.1.0
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OfficeScanNT" = Trend Micro OfficeScan Client
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SZCCID" = Alcor Micro Smart Card Reader Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IN Customer Control" = IN Customer Control
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953
 
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953
 
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5906
 
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5906
 
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7922
 
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7922
 
Error - 19.02.2013 15:21:15 | Computer Name = PARA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinergyDvr.exe, Version 6.25.6.985, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ HP Connection Manager Events ]
Error - 12.04.2013 04:06:10 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 10:06:10.109|00001090|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 12.04.2013 05:56:51 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:51.859|00001314|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.000|00001314|Error      |[HP.Mobile]HotSpot::f{void()}|Die
 Methode oder der Vorgang sind nicht implementiert.
 
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.562|00001314|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.562|00001314|Error      |[HP.Mobile]HotSpot::f{void()}|Die
 Methode oder der Vorgang sind nicht implementiert.
 
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error      |[HP.Mobile]HotSpot::f{void()}|Die
 Methode oder der Vorgang sind nicht implementiert.
 
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error      |[HP.Mobile]HotSpot::f{void()}|Die
 Methode oder der Vorgang sind nicht implementiert.
 
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error      |[HP.Mobile]HotSpot::f{void()}|Die
 Methode oder der Vorgang sind nicht implementiert.
 
Error - 12.04.2013 06:06:20 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:20.015|00001314|Error      |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
 Software framework Failed from popup: e_INVALID_HP_SIGNATURE
 
[ HP Power Assistant Events ]
Error - 24.01.2013 10:21:16 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
Error - 24.01.2013 10:21:19 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
 
Error - 17.02.2013 11:46:21 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
Error - 17.02.2013 11:50:33 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
 
Error - 19.02.2013 17:32:48 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
Error - 19.02.2013 17:32:50 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
 
Error - 10.03.2013 09:56:53 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
Error - 14.03.2013 16:02:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
Error - 16.03.2013 15:53:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
Error - 19.03.2013 12:01:24 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
 application. Additional details may be available in the Details section.    DETAILS   
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
 
[ HP Software Framework Events ]
Error - 16.03.2013 15:30:48 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.16 20:30:48.906|000012B0|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 17.03.2013 06:44:30 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 11:44:30.703|00000FCC|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 17.03.2013 14:10:58 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 19:10:58.093|00001750|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 23.03.2013 03:36:13 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 08:36:13.781|00001094|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 23.03.2013 10:43:42 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 15:43:42.781|000016D4|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 01.04.2013 12:46:40 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 18:46:40.342|00001378|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 01.04.2013 13:46:25 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 19:46:25.937|000012C0|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 09.04.2013 09:30:44 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 15:30:44.078|00001094|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 09.04.2013 10:11:47 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 16:11:47.000|00001280|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
Error - 10.04.2013 04:02:29 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.10 10:02:29.218|000013E8|Error      |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
 message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
 
[ System Events ]
Error - 10.04.2013 13:29:17 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
 wurde ohne vorbereitende Maßnahmen vom System entfernt.
 
 
< End of report >
         

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 13:58:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723232A7A364 rev.EC2OA60W 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pgtorfow.sys


---- System - GMER 2.1 ----

SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys  ZwClose [0xA7AC7444]
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys  ZwCreateFile [0xA7AC6C8A]
SSDT            8A0DBF34                                       ZwCreateKey
SSDT            8A2B9554                                       ZwCreateMutant
SSDT            8862816C                                       ZwCreateProcess
SSDT            8A12612C                                       ZwCreateProcessEx
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys  ZwCreateSection [0xA7AC8520]
SSDT            8A2BCF34                                       ZwCreateSymbolicLinkObject
SSDT            8A27DDBC                                       ZwCreateThread
SSDT            88602A6C                                       ZwDebugActiveProcess
SSDT            8A034CB4                                       ZwDeleteKey
SSDT            87F9308C                                       ZwDeleteValueKey
SSDT            88654864                                       ZwDuplicateObject
SSDT            8A07DF34                                       ZwLoadDriver
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys  ZwOpenFile [0xA7AC6F9C]
SSDT            8A12616C                                       ZwOpenProcess
SSDT            87F75C1C                                       ZwOpenSection
SSDT            885DA694                                       ZwOpenThread
SSDT            8A44AC7C                                       ZwRenameKey
SSDT            880AA43C                                       ZwRestoreKey
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys  ZwSetInformationFile [0xA7AC70D2]
SSDT            8A249ECC                                       ZwSetSystemInformation
SSDT            8A474804                                       ZwSetValueKey
SSDT            8A45EF34                                       ZwTerminateProcess
SSDT            8A07F934                                       ZwTerminateThread
SSDT            \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys  ZwWriteFile [0xA7AC72BC]
SSDT            8A458314                                       ZwWriteVirtualMemory

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                       tmtdi.sys
AttachedDevice  \Driver\Tcpip \Device\Tcp                      tmtdi.sys
AttachedDevice  \Driver\Tcpip \Device\Udp                      tmtdi.sys
AttachedDevice  \Driver\Tcpip \Device\RawIp                    tmtdi.sys
AttachedDevice  \FileSystem\Fastfat \Fat                       fltMgr.sys

Device          \FileSystem\Cdfs \Cdfs                         A5E86400

---- EOF - GMER 2.1 ----
         

 

Themen zu Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)
32 bit, absturz, bho, bonjour, browser, error, excel, failed, festplatte, firefox, flash player, fontcache, home, hotspot, hängen, iexplore.exe, jdownloader, mozilla, office 2007, plug-in, popup, registry, remote control, rundll, scan, security, senden, software, spyware, stick, total commander, usb, windows internet, wiso




Ähnliche Themen: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)


  1. Win Xp Umleitung auf Werbeseiten in Firefox
    Log-Analyse und Auswertung - 25.05.2015 (7)
  2. Windows 7 / Firefox: Umleitung auf ads.fly und Funktionseinschränkung auf Websites
    Log-Analyse und Auswertung - 06.02.2014 (17)
  3. W7: Umleitung bei gefundenen Links bei Googlesuche in Firefox
    Log-Analyse und Auswertung - 27.11.2013 (5)
  4. Firefox Google Newsbuster/Ihavenet Umleitung
    Log-Analyse und Auswertung - 29.07.2013 (13)
  5. Ebay/Pricerunner Umleitung im Firefox
    Log-Analyse und Auswertung - 15.04.2013 (9)
  6. Firefox - Umleitung bei Googlesuchergebnissen zu bestimmten Stichworten
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (11)
  7. Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?
    Log-Analyse und Auswertung - 02.04.2013 (25)
  8. Problem mit ihavenet google-Umleitung im Firefox
    Log-Analyse und Auswertung - 24.12.2012 (12)
  9. Ebay Umleitung, Logs ergaben u.a. Exploit.Drop.COD und andere
    Log-Analyse und Auswertung - 29.07.2012 (6)
  10. Ständiger Absturz von Firefox / Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (25)
  11. Umleitung auf ask, gomeo etc bei Firefox und andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 12.04.2011 (23)
  12. Firefox langsam, friert ein, Umleitung zu unerwünschten Seiten
    Plagegeister aller Art und deren Bekämpfung - 18.03.2011 (46)
  13. umleitung im firefox! -->Virus?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2011 (12)
  14. Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich
    Log-Analyse und Auswertung - 25.12.2010 (25)
  15. Umleitung von Firefox auf Mybookface
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (5)
  16. Ständiger Festplattenzugriff Virus?
    Log-Analyse und Auswertung - 20.08.2009 (4)
  17. Vista Sp1 ständiger Festplattenzugriff
    Log-Analyse und Auswertung - 22.06.2008 (12)

Zum Thema Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) - Hallo, ich bin mir ziemlich sicher, mir vor 3, 4 Wochen was eingefangen zu haben. Symptome: - Ständiger Festplattenzugriff - Langesamer Rechner - Langsamer Aufbau der Webseiten in IE und - Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)...
Archiv
Du betrachtest: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.