Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)

Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)


Log-Analyse und Auswertung: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 12.04.2013, 19:47   #7
freddy410
 
Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) - Standard

Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)


Hi,

hab alles gemacht. Ergebnis:
- Die Umleitungen im IE und im FF sind weg
- Die Webseiten werden wieder schnell geladen, so wie es normal ist, denke ich
- Aber: Der Rechner brauchte bei den Reboots extrem lange, auch der Start von Anwendungen dauert sehr lange (Firefox ca. 3 Minuten). Das war vor dem Befall nicht so.
Es wird weiterhin ununterbrochen auf die Festplatte zugegriffen, ich glaube das bremst den Rechner auch so aus.
Evt. hängt das mit den Arbeiten der Tools zusammen. Das teste ich nochmal.

Hier die Logs:

OTL Fixlog:
Code:
ATTFilter
All processes killed
========== OTL ==========
Service proxydfg stopped successfully!
Service proxydfg deleted successfully!
C:\WINDOWS\system32\unimdnat.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 200638922 bytes
->Temporary Internet Files folder emptied: 27143047 bytes
->Java cache emptied: 2376236 bytes
->FireFox cache emptied: 83021162 bytes
->Flash cache emptied: 1051 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Support
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: User
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2570523700 bytes
RecycleBin emptied: 26770174 bytes
 
Total Files Cleaned = 2.778,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04122013_194050

Files\Folders moved on Reboot...
C:\WINDOWS\temp\BtwEventTrace_5_6_0_7400.etl moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1324.dat moved successfully.
File\Folder C:\WINDOWS\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.200 - Datei am 12/04/2013 um 20:04:44 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Admin - PARA
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S4].txt - [770 octets] - [12/04/2013 20:04:44]

########## EOF - C:\AdwCleaner[S4].txt - [829 octets] ##########
OTL:
Code:
ATTFilter
OTL logfile created on: 12.04.2013 20:21:39 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,91 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 58,90% Memory free
3,76 Gb Paging File | 2,93 Gb Available in Paging File | 77,83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 65,52 Gb Free Space | 74,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
 
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
PRC - [2013.04.12 09:56:44 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.12.18 16:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2012.11.22 10:59:40 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2012.08.28 18:19:26 | 000,334,240 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe
PRC - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012.07.31 17:31:08 | 000,887,416 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\PccNTMon.exe
PRC - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmListen.exe
PRC - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\NTRtScan.exe
PRC - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe
PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe
PRC - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe
PRC - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxmgr.exe
PRC - [2012.04.27 17:38:47 | 000,026,624 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxagt.exe
PRC - [2012.04.26 17:35:04 | 003,221,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\BM\TMBMSRV.exe
PRC - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2012.03.14 15:21:56 | 003,488,640 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- c:\Programme\Intel\iCLS Client\HeciServer.exe
PRC - [2012.02.26 14:51:00 | 000,070,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
PRC - [2011.11.09 18:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe
PRC - [2011.10.03 11:21:32 | 002,159,992 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2011.10.03 11:21:32 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmProxy.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.21 15:03:31 | 001,025,384 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010.09.21 15:03:30 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010.09.02 18:15:36 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HPCA\ManagementAgent\nvdkit.exe
PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.12 09:56:43 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2013.02.17 17:40:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013.02.17 17:40:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013.02.17 17:39:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013.02.17 17:38:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013.02.17 17:38:17 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013.02.17 17:38:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013.02.17 17:38:09 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013.01.12 21:02:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll
MOD - [2013.01.12 21:01:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013.01.12 21:01:30 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll
MOD - [2013.01.10 21:15:16 | 001,917,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\91a81dc769e9148a0b9f3840c87ef083\System.Speech.ni.dll
MOD - [2013.01.10 21:15:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013.01.10 21:15:05 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll
MOD - [2013.01.10 21:15:02 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbfa6bdbfea6f90f3b604c3efce24047\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 21:14:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 21:14:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 21:14:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013.01.10 21:14:39 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
MOD - [2013.01.10 21:14:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll
MOD - [2013.01.10 21:14:04 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.10 21:13:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
MOD - [2013.01.10 21:13:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
MOD - [2013.01.10 21:13:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.10 21:13:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.10 21:13:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.10 21:13:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.12.18 16:28:44 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2012.12.18 16:28:44 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2012.11.22 10:59:19 | 000,113,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012.11.22 10:59:19 | 000,092,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012.11.16 14:21:18 | 000,877,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012.11.15 16:43:03 | 000,312,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll
MOD - [2012.11.15 16:43:03 | 000,098,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll
MOD - [2012.11.15 16:43:03 | 000,046,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll
MOD - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe
MOD - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe
MOD - [2012.03.28 10:18:40 | 001,198,872 | ---- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
MOD - [2012.03.14 15:29:34 | 000,892,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2012.01.24 12:59:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2012.01.24 12:59:38 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.01.24 12:59:25 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.01.24 12:59:22 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2012.01.24 12:59:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2011.10.03 11:21:40 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2011.04.08 10:57:54 | 000,514,570 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\sqlite3.dll
MOD - [2009.04.14 21:23:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclfile.dll
MOD - [2009.04.07 20:45:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclcom.dll
MOD - [2008.04.14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.21 19:29:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\nvdcrt.dll
MOD - [2007.03.08 20:33:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\wnetutl.dll
MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\iphelper.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 09:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.03.14 22:01:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012.11.09 13:12:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SCPwrSetSvr.exe -- (SCPwrSetSvr)
SRV - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) [Auto | Running] -- C:\Programme\SGFX\sgfxmgr.exe -- (SGFXMgr)
SRV - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] () [Auto | Running] -- C:/Programme/Hewlett-Packard/HPCA/ManagementAgent/nvdkit.exe -- (rma)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Adapter | Unavailable | Unknown] --  -- (PnSson)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2012.11.22 10:59:41 | 001,996,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2012.11.22 10:59:40 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2012.08.24 14:16:10 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.08.24 14:16:08 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2012.08.15 17:01:30 | 000,027,648 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SzCCID.sys -- (SzCCID)
DRV - [2012.04.16 13:45:56 | 000,152,576 | ---- | M] (ITE                      ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV - [2012.03.19 13:06:10 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012.03.19 13:05:08 | 000,061,200 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012.03.19 13:04:50 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012.03.15 21:54:16 | 000,239,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2012.03.12 14:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2011.11.09 12:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2011.10.04 16:54:54 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011.10.04 16:54:54 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl)
DRV - [2011.10.04 16:54:54 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2011.07.06 19:11:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.04.03 19:19:46 | 002,468,728 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPUVCBv.sys -- (SPUVCbv)
DRV - [2011.01.06 15:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 15:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.10 14:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.12.10 14:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010.10.15 02:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.21 15:03:55 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2010.09.21 15:03:54 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2010.01.26 13:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.11.10 16:56:24 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008.07.23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 4E 12 5F 3C DF CC 01  [binary data]
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "94.126.17.69"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 20:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 09:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.12 09:56:35 | 000,000,000 | ---D | M]
 
[2012.12.15 13:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2013.04.01 19:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions
[2013.02.17 17:33:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.05 17:50:10 | 000,150,573 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2013.04.12 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 09:56:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.08.14 13:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll
[2009.08.14 13:33:30 | 000,091,480 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll
[2009.08.14 13:33:26 | 000,020,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll
[2007.03.16 18:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll
[2007.03.16 18:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll
[2007.03.16 18:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll
[2009.08.14 13:35:40 | 000,427,344 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll
[2009.08.14 13:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.12 11:46:28 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [NUSB3MON] c:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SgfxConfig] C:\Programme\SGFX\sgfxconfig.exe ()
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-240390726-1586162583-2414266492-1004..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352900286078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352900276890 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCBA1240-FB15-4B97-91B1-6E698092CFEC}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () - 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.20 16:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell - "" = AutoRun
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell - "" = AutoRun
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.12 19:40:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.12 16:08:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\TFC.exe
[2013.04.12 12:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Anleitung
[2013.04.12 12:00:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2013.04.12 10:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Autoruns
[2013.04.12 09:56:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.04.10 13:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2013.04.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.04.10 13:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.10 13:10:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.10 13:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.10 11:38:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.04.05 17:46:49 | 003,046,048 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe
[2013.04.04 17:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\grundstück eiche
[2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator
[2013.04.01 17:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
[2013.04.01 17:49:19 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2013.03.22 18:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\downloads
[2013.03.22 09:50:57 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader 2
[2013.03.21 20:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.03.21 20:08:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2013.03.21 20:01:09 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.12 20:13:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.12 20:12:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.12 20:03:21 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
[2013.04.12 20:01:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.12 19:41:02 | 000,504,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.12 19:41:01 | 000,549,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.12 19:41:01 | 000,111,376 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.12 19:41:01 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.12 15:41:26 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\TFC.exe
[2013.04.12 12:05:02 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe
[2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2013.04.12 11:46:28 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.10 13:12:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 11:38:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.10 10:29:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.10 10:26:20 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 10:11:46 | 000,014,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json
[2013.04.09 12:15:53 | 004,734,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf
[2013.04.05 17:46:51 | 003,046,048 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.01 17:50:22 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.03.21 20:18:03 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2013.03.21 18:12:56 | 000,000,598 | ---- | M] () -- C:\WINDOWS\wiso.ini
 
========== Files Created - No Company Name ==========
 
[2013.04.12 20:03:17 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
[2013.04.12 12:05:01 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe
[2013.04.12 11:58:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2013.04.10 13:10:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.10 11:38:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013.04.10 11:38:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.10 10:11:46 | 000,014,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json
[2013.04.09 12:15:47 | 004,734,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf
[2013.04.01 17:50:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2013.04.01 17:50:22 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk
[2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk
[2013.03.22 09:51:37 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader 2.lnk
[2013.03.21 20:01:55 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2013.03.21 20:01:11 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2013.02.24 13:52:25 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2013.01.10 21:25:49 | 000,987,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013.01.04 19:06:52 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.04 18:52:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012.12.19 17:52:40 | 000,010,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\IntelligentesNetz.html
[2012.11.14 16:06:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.11.14 13:28:38 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin
[2012.11.14 13:28:38 | 000,561,128 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin
[2012.07.23 12:37:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign
[2012.05.07 16:38:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SCPwrSetSvr.exe
[2012.03.07 02:40:26 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll
[2012.01.30 12:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2012.01.26 15:43:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012.01.24 14:20:53 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini
[2012.01.24 13:41:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 12:58:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\oeminfo.ini
[2012.01.23 12:46:46 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.01.20 17:07:27 | 000,019,326 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012.01.20 16:55:50 | 000,015,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2012.01.20 16:54:37 | 000,094,776 | ---- | C] () -- C:\WINDOWS\un_dext.exe
[2012.01.20 16:54:37 | 000,074,616 | ---- | C] () -- C:\WINDOWS\SPRemove.exe
[2012.01.20 16:54:37 | 000,014,409 | ---- | C] () -- C:\WINDOWS\TWAIN2080.ini
[2012.01.20 16:54:37 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Dext_12.ini
[2012.01.20 16:54:37 | 000,003,892 | ---- | C] () -- C:\WINDOWS\Dext_27.ini
[2012.01.20 16:54:37 | 000,003,884 | ---- | C] () -- C:\WINDOWS\Dext_25.ini
[2012.01.20 16:54:37 | 000,003,882 | ---- | C] () -- C:\WINDOWS\Dext_21.ini
[2012.01.20 16:54:37 | 000,003,820 | ---- | C] () -- C:\WINDOWS\Dext_11.ini
[2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_14.ini
[2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_05.ini
[2012.01.20 16:54:37 | 000,003,704 | ---- | C] () -- C:\WINDOWS\Dext_10.ini
[2012.01.20 16:54:37 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Dext_16.ini
[2012.01.20 16:54:37 | 000,003,682 | ---- | C] () -- C:\WINDOWS\Dext_08.ini
[2012.01.20 16:54:37 | 000,003,672 | ---- | C] () -- C:\WINDOWS\Dext_31.ini
[2012.01.20 16:54:37 | 000,003,648 | ---- | C] () -- C:\WINDOWS\Dext_36.ini
[2012.01.20 16:54:37 | 000,003,624 | ---- | C] () -- C:\WINDOWS\Dext_1046.ini
[2012.01.20 16:54:37 | 000,003,622 | ---- | C] () -- C:\WINDOWS\Dext_20.ini
[2012.01.20 16:54:37 | 000,003,591 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2012.01.20 16:54:37 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Dext_06.ini
[2012.01.20 16:54:37 | 000,003,586 | ---- | C] () -- C:\WINDOWS\Dext_22.ini
[2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_19.ini
[2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_07.ini
[2012.01.20 16:54:37 | 000,003,522 | ---- | C] () -- C:\WINDOWS\Dext_02.ini
[2012.01.20 16:54:37 | 000,003,492 | ---- | C] () -- C:\WINDOWS\Dext_24.ini
[2012.01.20 16:54:37 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Dext_29.ini
[2012.01.20 16:54:37 | 000,003,416 | ---- | C] () -- C:\WINDOWS\Dext_01.ini
[2012.01.20 16:54:37 | 000,003,342 | ---- | C] () -- C:\WINDOWS\Dext_30.ini
[2012.01.20 16:54:37 | 000,003,220 | ---- | C] () -- C:\WINDOWS\Dext_09.ini
[2012.01.20 16:54:37 | 000,003,174 | ---- | C] () -- C:\WINDOWS\Dext_13.ini
[2012.01.20 16:54:37 | 000,002,850 | ---- | C] () -- C:\WINDOWS\Dext_04.ini
[2012.01.20 16:54:37 | 000,002,750 | ---- | C] () -- C:\WINDOWS\Dext_17.ini
[2012.01.20 16:54:37 | 000,002,674 | ---- | C] () -- C:\WINDOWS\Dext_18.ini
[2012.01.20 16:54:37 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Dext_2052.ini
[2012.01.20 16:53:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.01.20 16:47:50 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2012.01.20 16:47:50 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2012.01.20 16:47:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012.01.20 16:47:49 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2012.01.20 16:47:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012.01.20 16:33:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.20 16:28:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.20 16:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.20 16:16:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.12 03:02:14 | 000,187,728 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll
[2011.10.12 03:02:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll.hpsign
[2011.10.03 11:21:40 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
 
========== ZeroAccess Check ==========
 
[2012.01.24 11:54:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.02.24 13:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service
[2012.12.17 19:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Citrix
[2012.12.20 18:44:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICAClient
[2012.11.15 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LocalLow
[2012.11.14 15:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SMSC
[2013.04.01 17:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator
[2012.01.23 10:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Synaptics
[2013.04.05 17:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer
[2013.01.04 18:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec
[2013.02.24 13:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.11.16 14:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Qualcomm Atheros
[2013.01.04 18:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2013.04.12 10:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2012.11.14 13:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SZCCID
[2013.01.04 18:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2012.01.24 15:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2012.11.14 16:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Validity
[2012.01.30 13:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Support\Anwendungsdaten\Synaptics
 
========== Purity Check ==========
 
 

< End of report >

 

Themen zu Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)
32 bit, absturz, bho, bonjour, browser, error, excel, failed, festplatte, firefox, flash player, fontcache, home, hotspot, hängen, iexplore.exe, jdownloader, mozilla, office 2007, plug-in, popup, registry, remote control, rundll, scan, security, senden, software, spyware, stick, total commander, usb, windows internet, wiso


« GVU/BKA-Trojaner 2013 - Logfile | Mail-Anhang geöffnet seitdem Schadsoftware o.ä. auf dem Laptop »


Ähnliche Themen: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)


  1. Win Xp Umleitung auf Werbeseiten in Firefox
    Log-Analyse und Auswertung - 25.05.2015 (7)
  2. Windows 7 / Firefox: Umleitung auf ads.fly und Funktionseinschränkung auf Websites
    Log-Analyse und Auswertung - 06.02.2014 (17)
  3. W7: Umleitung bei gefundenen Links bei Googlesuche in Firefox
    Log-Analyse und Auswertung - 27.11.2013 (5)
  4. Firefox Google Newsbuster/Ihavenet Umleitung
    Log-Analyse und Auswertung - 29.07.2013 (13)
  5. Ebay/Pricerunner Umleitung im Firefox
    Log-Analyse und Auswertung - 15.04.2013 (9)
  6. Firefox - Umleitung bei Googlesuchergebnissen zu bestimmten Stichworten
    Plagegeister aller Art und deren Bekämpfung - 08.04.2013 (11)
  7. Ständiger Firefox Absturz und Bluescreen - Mögliche Malware?
    Log-Analyse und Auswertung - 02.04.2013 (25)
  8. Problem mit ihavenet google-Umleitung im Firefox
    Log-Analyse und Auswertung - 24.12.2012 (12)
  9. Ebay Umleitung, Logs ergaben u.a. Exploit.Drop.COD und andere
    Log-Analyse und Auswertung - 29.07.2012 (6)
  10. Ständiger Absturz von Firefox / Trojaner-Problem?
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (25)
  11. Umleitung auf ask, gomeo etc bei Firefox und andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 12.04.2011 (23)
  12. Firefox langsam, friert ein, Umleitung zu unerwünschten Seiten
    Plagegeister aller Art und deren Bekämpfung - 18.03.2011 (46)
  13. umleitung im firefox! -->Virus?
    Plagegeister aller Art und deren Bekämpfung - 23.01.2011 (12)
  14. Ständiger Festplattenzugriff und Ping Peaks, Online Gaming nicht möglich
    Log-Analyse und Auswertung - 25.12.2010 (25)
  15. Umleitung von Firefox auf Mybookface
    Plagegeister aller Art und deren Bekämpfung - 11.04.2010 (5)
  16. Ständiger Festplattenzugriff Virus?
    Log-Analyse und Auswertung - 20.08.2009 (4)
  17. Vista Sp1 ständiger Festplattenzugriff
    Log-Analyse und Auswertung - 22.06.2008 (12)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) - Hi, hab alles gemacht. Ergebnis: - Die Umleitungen im IE und im FF sind weg - Die Webseiten werden wieder schnell geladen, so wie es normal ist, denke ich - - Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)...
Archiv
Du betrachtest: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27