| |
| |||||||
Log-Analyse und Auswertung: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.04.2013, 13:17
| #1 |
 |  Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hallo, ich bin mir ziemlich sicher, mir vor 3, 4 Wochen was eingefangen zu haben. Symptome: - Ständiger Festplattenzugriff - Langesamer Rechner - Langsamer Aufbau der Webseiten in IE und FF - Umleitung auf Shop-Seiten mit AffiliateIDs im FF - Absturz von FF - Festfahren des gesamten Rechners, bei Nutzung des FF Anbei der Inhalt der drei Logfiles otl.txt, extras.txt, gmer.txt. Ich hoffe jemand hat nen Tipp für mich. Danke und Gruß Eddy Code:
ATTFilter OTL logfile created on: 12.04.2013 12:06:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free 3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32 Computer Name: PARA | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe PRC - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2012.12.18 16:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2012.11.22 10:59:40 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2012.08.28 18:19:26 | 000,334,240 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe PRC - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe PRC - [2012.07.31 17:31:08 | 000,887,416 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\PccNTMon.exe PRC - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmListen.exe PRC - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\NTRtScan.exe PRC - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe PRC - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe PRC - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxmgr.exe PRC - [2012.04.27 17:38:47 | 000,026,624 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxagt.exe PRC - [2012.04.26 17:35:04 | 003,221,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe PRC - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\BM\TMBMSRV.exe PRC - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe PRC - [2012.03.14 15:21:56 | 003,488,640 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe PRC - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe PRC - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- c:\Programme\Intel\iCLS Client\HeciServer.exe PRC - [2012.02.26 14:51:00 | 000,070,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe PRC - [2011.11.09 18:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe PRC - [2011.10.03 11:21:32 | 002,159,992 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2011.10.03 11:21:32 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmProxy.exe PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.09.21 15:03:31 | 001,025,384 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2010.09.21 15:03:30 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe PRC - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2010.09.02 18:15:36 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\CNTAoSMgr.exe PRC - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HPCA\ManagementAgent\nvdkit.exe PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe MOD - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe MOD - [2013.02.17 17:40:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013.02.17 17:40:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll MOD - [2013.02.17 17:39:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013.02.17 17:38:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013.02.17 17:38:17 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2013.02.17 17:38:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2013.02.17 17:38:09 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2013.01.12 21:02:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll MOD - [2013.01.12 21:01:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll MOD - [2013.01.12 21:01:30 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll MOD - [2013.01.10 21:15:16 | 001,917,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\91a81dc769e9148a0b9f3840c87ef083\System.Speech.ni.dll MOD - [2013.01.10 21:15:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll MOD - [2013.01.10 21:15:05 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll MOD - [2013.01.10 21:15:02 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbfa6bdbfea6f90f3b604c3efce24047\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 21:14:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 21:14:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll MOD - [2013.01.10 21:14:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll MOD - [2013.01.10 21:14:39 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll MOD - [2013.01.10 21:14:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll MOD - [2013.01.10 21:14:04 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.10 21:13:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll MOD - [2013.01.10 21:13:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll MOD - [2013.01.10 21:13:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.10 21:13:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.10 21:13:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.10 21:13:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.12.18 16:28:44 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2012.12.18 16:28:44 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2012.11.22 10:59:19 | 000,113,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2012.11.22 10:59:19 | 000,092,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2012.11.16 14:21:18 | 000,877,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012.11.15 16:43:03 | 000,312,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll MOD - [2012.11.15 16:43:03 | 000,098,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll MOD - [2012.11.15 16:43:03 | 000,046,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll MOD - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe MOD - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe MOD - [2012.03.28 10:18:40 | 001,198,872 | ---- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\ACE.dll MOD - [2012.03.14 15:29:34 | 000,892,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL MOD - [2012.01.24 12:59:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll MOD - [2012.01.24 12:59:38 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2012.01.24 12:59:25 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.01.24 12:59:22 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2012.01.24 12:59:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2011.10.03 11:21:40 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2011.04.08 10:57:54 | 000,514,570 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\sqlite3.dll MOD - [2009.04.14 21:23:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclfile.dll MOD - [2009.04.07 20:45:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclcom.dll MOD - [2008.04.14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.11.21 19:29:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\nvdcrt.dll MOD - [2007.03.08 20:33:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\wnetutl.dll MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\iphelper.dll ========== Services (SafeList) ========== SRV - [2013.04.12 09:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\unimdnat.exe -- (proxydfg) SRV - [2013.03.14 22:01:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2012.11.09 13:12:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService) SRV - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SCPwrSetSvr.exe -- (SCPwrSetSvr) SRV - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) [Auto | Running] -- C:\Programme\SGFX\sgfxmgr.exe -- (SGFXMgr) SRV - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] () [Auto | Running] -- C:/Programme/Hewlett-Packard/HPCA/ManagementAgent/nvdkit.exe -- (rma) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ArcSoftVCapture.sys -- (ARCVCAM) DRV - [2012.11.22 10:59:41 | 001,996,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2012.11.22 10:59:40 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2012.08.24 14:16:10 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2012.08.24 14:16:08 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2012.08.15 17:01:30 | 000,027,648 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SzCCID.sys -- (SzCCID) DRV - [2012.04.16 13:45:56 | 000,152,576 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA) DRV - [2012.03.19 13:06:10 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012.03.19 13:05:08 | 000,061,200 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2012.03.19 13:04:50 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012.03.15 21:54:16 | 000,239,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2012.03.12 14:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32) DRV - [2011.11.09 12:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2011.10.04 16:54:54 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2011.10.04 16:54:54 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl) DRV - [2011.10.04 16:54:54 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2011.07.06 19:11:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.04.03 19:19:46 | 002,468,728 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPUVCBv.sys -- (SPUVCbv) DRV - [2011.01.06 15:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 15:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.10 14:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.10 14:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010.10.15 02:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.21 15:03:55 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter) DRV - [2010.09.21 15:03:54 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror) DRV - [2010.01.26 13:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.11.10 16:56:24 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008.07.23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 4E 12 5F 3C DF CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.http: "94.126.17.69" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 20:56:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 09:56:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.12 09:56:35 | 000,000,000 | ---D | M] [2012.12.15 13:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2013.04.01 19:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions [2013.02.17 17:33:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.05 17:50:10 | 000,150,573 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013.04.12 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 09:56:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.08.14 13:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2009.08.14 13:33:30 | 000,091,480 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2009.08.14 13:33:26 | 000,020,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 18:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2007.03.16 18:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2007.03.16 18:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2009.08.14 13:35:40 | 000,427,344 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2009.08.14 13:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.12 11:46:28 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4 - HKLM..\Run: [NUSB3MON] c:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SgfxConfig] C:\Programme\SGFX\sgfxconfig.exe () O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352900286078 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352900276890 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.20 16:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell - "" = AutoRun O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun\command - "" = F:\LiteAuto.exe O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell - "" = AutoRun O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 12:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Anleitung [2013.04.12 12:00:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2013.04.12 10:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Autoruns [2013.04.12 09:56:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.04.10 13:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2013.04.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.10 13:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.04.10 13:10:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.10 13:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.10 11:38:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.04.05 17:46:49 | 003,046,048 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe [2013.04.04 17:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\grundstück eiche [2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator [2013.04.01 17:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012 [2013.04.01 17:49:19 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2013.03.22 18:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\downloads [2013.03.22 09:50:57 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader 2 [2013.03.21 20:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2013.03.21 20:08:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2013.03.21 20:01:09 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 12:05:02 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe [2013.04.12 12:01:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2013.04.12 11:59:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2013.04.12 11:54:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.12 11:54:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.12 11:46:28 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.04.10 13:12:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 11:38:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.04.10 10:29:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.10 10:26:20 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.04.10 10:11:46 | 000,014,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json [2013.04.09 12:15:53 | 004,734,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf [2013.04.09 08:45:19 | 000,549,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.09 08:45:19 | 000,504,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.09 08:45:19 | 000,111,376 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.09 08:45:19 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.05 17:46:51 | 003,046,048 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.01 17:50:22 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2013.03.21 20:18:03 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\unimdnat.exe [2013.03.21 18:12:56 | 000,000,598 | ---- | M] () -- C:\WINDOWS\wiso.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 12:05:01 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe [2013.04.12 11:59:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2013.04.12 11:58:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2013.04.10 13:10:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 11:38:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.04.10 11:38:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.04.10 10:11:46 | 000,014,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json [2013.04.09 12:15:47 | 004,734,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf [2013.04.01 17:50:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2013.04.01 17:50:22 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk [2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk [2013.03.22 09:51:37 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader 2.lnk [2013.03.21 20:01:55 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2013.03.21 20:01:19 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\unimdnat.exe [2013.03.21 20:01:11 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2013.02.24 13:52:25 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.01.10 21:25:49 | 000,987,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013.01.04 19:06:52 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.04 18:52:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012.12.19 17:52:40 | 000,010,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\IntelligentesNetz.html [2012.11.14 16:06:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.11.14 13:28:38 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin [2012.11.14 13:28:38 | 000,561,128 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin [2012.07.23 12:37:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign [2012.05.07 16:38:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SCPwrSetSvr.exe [2012.03.07 02:40:26 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll [2012.01.30 12:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2012.01.26 15:43:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2012.01.24 14:20:53 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini [2012.01.24 13:41:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.23 12:58:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\oeminfo.ini [2012.01.23 12:46:46 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.01.20 17:07:27 | 000,019,326 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2012.01.20 16:55:50 | 000,015,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll [2012.01.20 16:54:37 | 000,094,776 | ---- | C] () -- C:\WINDOWS\un_dext.exe [2012.01.20 16:54:37 | 000,074,616 | ---- | C] () -- C:\WINDOWS\SPRemove.exe [2012.01.20 16:54:37 | 000,014,409 | ---- | C] () -- C:\WINDOWS\TWAIN2080.ini [2012.01.20 16:54:37 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Dext_12.ini [2012.01.20 16:54:37 | 000,003,892 | ---- | C] () -- C:\WINDOWS\Dext_27.ini [2012.01.20 16:54:37 | 000,003,884 | ---- | C] () -- C:\WINDOWS\Dext_25.ini [2012.01.20 16:54:37 | 000,003,882 | ---- | C] () -- C:\WINDOWS\Dext_21.ini [2012.01.20 16:54:37 | 000,003,820 | ---- | C] () -- C:\WINDOWS\Dext_11.ini [2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_14.ini [2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_05.ini [2012.01.20 16:54:37 | 000,003,704 | ---- | C] () -- C:\WINDOWS\Dext_10.ini [2012.01.20 16:54:37 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Dext_16.ini [2012.01.20 16:54:37 | 000,003,682 | ---- | C] () -- C:\WINDOWS\Dext_08.ini [2012.01.20 16:54:37 | 000,003,672 | ---- | C] () -- C:\WINDOWS\Dext_31.ini [2012.01.20 16:54:37 | 000,003,648 | ---- | C] () -- C:\WINDOWS\Dext_36.ini [2012.01.20 16:54:37 | 000,003,624 | ---- | C] () -- C:\WINDOWS\Dext_1046.ini [2012.01.20 16:54:37 | 000,003,622 | ---- | C] () -- C:\WINDOWS\Dext_20.ini [2012.01.20 16:54:37 | 000,003,591 | ---- | C] () -- C:\WINDOWS\Remove.ini [2012.01.20 16:54:37 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Dext_06.ini [2012.01.20 16:54:37 | 000,003,586 | ---- | C] () -- C:\WINDOWS\Dext_22.ini [2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_19.ini [2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_07.ini [2012.01.20 16:54:37 | 000,003,522 | ---- | C] () -- C:\WINDOWS\Dext_02.ini [2012.01.20 16:54:37 | 000,003,492 | ---- | C] () -- C:\WINDOWS\Dext_24.ini [2012.01.20 16:54:37 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Dext_29.ini [2012.01.20 16:54:37 | 000,003,416 | ---- | C] () -- C:\WINDOWS\Dext_01.ini [2012.01.20 16:54:37 | 000,003,342 | ---- | C] () -- C:\WINDOWS\Dext_30.ini [2012.01.20 16:54:37 | 000,003,220 | ---- | C] () -- C:\WINDOWS\Dext_09.ini [2012.01.20 16:54:37 | 000,003,174 | ---- | C] () -- C:\WINDOWS\Dext_13.ini [2012.01.20 16:54:37 | 000,002,850 | ---- | C] () -- C:\WINDOWS\Dext_04.ini [2012.01.20 16:54:37 | 000,002,750 | ---- | C] () -- C:\WINDOWS\Dext_17.ini [2012.01.20 16:54:37 | 000,002,674 | ---- | C] () -- C:\WINDOWS\Dext_18.ini [2012.01.20 16:54:37 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Dext_2052.ini [2012.01.20 16:53:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin [2012.01.20 16:47:50 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2012.01.20 16:47:50 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2012.01.20 16:47:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2012.01.20 16:47:49 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2012.01.20 16:47:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2012.01.20 16:33:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.20 16:28:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.20 16:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.01.20 16:16:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.12 03:02:14 | 000,187,728 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll [2011.10.12 03:02:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll.hpsign [2011.10.03 11:21:40 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll ========== ZeroAccess Check ========== [2012.01.24 11:54:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.24 13:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service [2012.12.17 19:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Citrix [2012.12.20 18:44:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICAClient [2012.11.15 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LocalLow [2012.11.14 15:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SMSC [2013.04.01 17:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator [2012.01.23 10:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Synaptics [2013.04.05 17:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer [2013.01.04 18:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec [2013.02.24 13:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.11.16 14:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Qualcomm Atheros [2013.01.04 18:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2013.04.12 10:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2012.11.14 13:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SZCCID [2013.01.04 18:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2012.01.24 15:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2012.11.14 16:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Validity ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 12:06:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free
3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12344:TCP" = 12344:TCP:*:Enabled:Trend Micro OfficeScan Listener
"3465:TCP" = 3465:TCP:*:Enabled:HPCA-RAM 7.50.7535 (3465)
"3463:TCP" = 3463:TCP:*:Enabled:HPCA-RMA 7.50.7535 (3463)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\Spyware Terminator\SpywareTerminator.exe" = C:\Programme\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1121A0B7-4CC0-49F5-9310-37E308D388EA}" = HP SoftPaq Download Manager
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B2E5A81-C31B-40AD-B3C6-C08C85755A14}" = HP Connection Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{446A6333-0247-4E14-BC59-FF3598F65D21}" = HPCA Management Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{59A443A7-FFBF-41F1-B033-51D7B9A4AF5C}" = Mobile Broadband Generic Drivers
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}" = HP Power Assistant
"{6EC6CE35-3230-4748-9140-4A68B3DC50FE}" = HP ESU for Microsoft Windows XP
"{70B6AFF1-40D1-486E-B846-26F88AFC78C2}" = Intel® Trusted Connect Service Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75BF632E-4761-4CF4-A368-E158B8A1BB1C}" = HP Port Replicator Software Installer
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7ADD9AFB-4CF8-46E6-AD6F-88DB7C949533}" = HP USB Docking Video
"{842B692C-3562-4AA2-8A1D-75C1AE770E23}" = ViewSpan
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"{BAB5DCE0-2B99-4B28-837F-B5752043A361}" = DisplayLink Core Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF164C10-6C85-4C39-AFDC-577E42078564}" = Core Graphics Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}" = Citrix XenApp Plugin für gehostete Anwendungen
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4543880-0A6F-41CC-BB6F-9B27407A7E28}" = HP 3D DriveGuard
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F24F876B-7D71-4BD6-88E9-614D3BB84231}" = Alcor Micro Smart Card Reader Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F5FB6A99-F6BD-4F13-AD89-A9F0DE5E1F68}" = Cinergy_Stick_DUAL_REV2
"{F83E415D-074E-4DAB-A623-5B3ABF9F3094}" = Validity Fingerprint Sensor Driver
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Core Graphics Software" = SMSC Core Graphics Software
"GSiteCrawler" = GSiteCrawler
"HP Battery Check" = HP Battery Check
"ie8" = Windows Internet Explorer 8
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKVToolNix" = MKVToolNix 6.1.0
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OfficeScanNT" = Trend Micro OfficeScan Client
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SZCCID" = Alcor Micro Smart Card Reader Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IN Customer Control" = IN Customer Control
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5906
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5906
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7922
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7922
Error - 19.02.2013 15:21:15 | Computer Name = PARA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinergyDvr.exe, Version 6.25.6.985, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ HP Connection Manager Events ]
Error - 12.04.2013 04:06:10 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 10:06:10.109|00001090|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 05:56:51 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:51.859|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.000|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.562|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.562|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:20 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:20.015|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
[ HP Power Assistant Events ]
Error - 24.01.2013 10:21:16 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 24.01.2013 10:21:19 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 17.02.2013 11:46:21 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 17.02.2013 11:50:33 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 19.02.2013 17:32:48 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 19.02.2013 17:32:50 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 10.03.2013 09:56:53 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 14.03.2013 16:02:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 16.03.2013 15:53:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 19.03.2013 12:01:24 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
[ HP Software Framework Events ]
Error - 16.03.2013 15:30:48 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.16 20:30:48.906|000012B0|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 17.03.2013 06:44:30 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 11:44:30.703|00000FCC|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 17.03.2013 14:10:58 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 19:10:58.093|00001750|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 23.03.2013 03:36:13 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 08:36:13.781|00001094|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 23.03.2013 10:43:42 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 15:43:42.781|000016D4|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 01.04.2013 12:46:40 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 18:46:40.342|00001378|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 01.04.2013 13:46:25 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 19:46:25.937|000012C0|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 09.04.2013 09:30:44 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 15:30:44.078|00001094|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 09.04.2013 10:11:47 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 16:11:47.000|00001280|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 10.04.2013 04:02:29 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.10 10:02:29.218|000013E8|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
[ System Events ]
Error - 10.04.2013 13:29:17 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 13:58:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723232A7A364 rev.EC2OA60W 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pgtorfow.sys
---- System - GMER 2.1 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA7AC7444]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA7AC6C8A]
SSDT 8A0DBF34 ZwCreateKey
SSDT 8A2B9554 ZwCreateMutant
SSDT 8862816C ZwCreateProcess
SSDT 8A12612C ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA7AC8520]
SSDT 8A2BCF34 ZwCreateSymbolicLinkObject
SSDT 8A27DDBC ZwCreateThread
SSDT 88602A6C ZwDebugActiveProcess
SSDT 8A034CB4 ZwDeleteKey
SSDT 87F9308C ZwDeleteValueKey
SSDT 88654864 ZwDuplicateObject
SSDT 8A07DF34 ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA7AC6F9C]
SSDT 8A12616C ZwOpenProcess
SSDT 87F75C1C ZwOpenSection
SSDT 885DA694 ZwOpenThread
SSDT 8A44AC7C ZwRenameKey
SSDT 880AA43C ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA7AC70D2]
SSDT 8A249ECC ZwSetSystemInformation
SSDT 8A474804 ZwSetValueKey
SSDT 8A45EF34 ZwTerminateProcess
SSDT 8A07F934 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA7AC72BC]
SSDT 8A458314 ZwWriteVirtualMemory
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
Device \FileSystem\Cdfs \Cdfs A5E86400
---- EOF - GMER 2.1 ----
|
| Themen zu Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) |
| 32 bit, absturz, bho, bonjour, browser, error, excel, failed, festplatte, firefox, flash player, fontcache, home, hotspot, hängen, iexplore.exe, jdownloader, mozilla, office 2007, plug-in, popup, registry, remote control, rundll, scan, security, senden, software, spyware, stick, total commander, usb, windows internet, wiso |
Baum-Darstellung