| |
| |||||||
Log-Analyse und Auswertung: Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.04.2013, 13:17
| #1 |
 |  Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hallo, ich bin mir ziemlich sicher, mir vor 3, 4 Wochen was eingefangen zu haben. Symptome: - Ständiger Festplattenzugriff - Langesamer Rechner - Langsamer Aufbau der Webseiten in IE und FF - Umleitung auf Shop-Seiten mit AffiliateIDs im FF - Absturz von FF - Festfahren des gesamten Rechners, bei Nutzung des FF Anbei der Inhalt der drei Logfiles otl.txt, extras.txt, gmer.txt. Ich hoffe jemand hat nen Tipp für mich. Danke und Gruß Eddy Code:
ATTFilter OTL logfile created on: 12.04.2013 12:06:49 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free 3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32 Computer Name: PARA | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe PRC - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2012.12.18 16:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2012.11.22 10:59:40 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2012.08.28 18:19:26 | 000,334,240 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe PRC - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe PRC - [2012.07.31 17:31:08 | 000,887,416 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\PccNTMon.exe PRC - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmListen.exe PRC - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\NTRtScan.exe PRC - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe PRC - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe PRC - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxmgr.exe PRC - [2012.04.27 17:38:47 | 000,026,624 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxagt.exe PRC - [2012.04.26 17:35:04 | 003,221,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe PRC - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\BM\TMBMSRV.exe PRC - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe PRC - [2012.03.14 15:21:56 | 003,488,640 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe PRC - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe PRC - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- c:\Programme\Intel\iCLS Client\HeciServer.exe PRC - [2012.02.26 14:51:00 | 000,070,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe PRC - [2011.11.09 18:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe PRC - [2011.10.03 11:21:32 | 002,159,992 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2011.10.03 11:21:32 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmProxy.exe PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.09.21 15:03:31 | 001,025,384 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2010.09.21 15:03:30 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe PRC - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2010.09.02 18:15:36 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\CNTAoSMgr.exe PRC - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HPCA\ManagementAgent\nvdkit.exe PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe MOD - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe MOD - [2013.02.17 17:40:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013.02.17 17:40:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll MOD - [2013.02.17 17:39:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013.02.17 17:38:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013.02.17 17:38:17 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2013.02.17 17:38:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2013.02.17 17:38:09 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2013.01.12 21:02:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll MOD - [2013.01.12 21:01:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll MOD - [2013.01.12 21:01:30 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll MOD - [2013.01.10 21:15:16 | 001,917,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\91a81dc769e9148a0b9f3840c87ef083\System.Speech.ni.dll MOD - [2013.01.10 21:15:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll MOD - [2013.01.10 21:15:05 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll MOD - [2013.01.10 21:15:02 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbfa6bdbfea6f90f3b604c3efce24047\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 21:14:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 21:14:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll MOD - [2013.01.10 21:14:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll MOD - [2013.01.10 21:14:39 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll MOD - [2013.01.10 21:14:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll MOD - [2013.01.10 21:14:04 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.10 21:13:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll MOD - [2013.01.10 21:13:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll MOD - [2013.01.10 21:13:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.10 21:13:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.10 21:13:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.10 21:13:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.12.18 16:28:44 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2012.12.18 16:28:44 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2012.11.22 10:59:19 | 000,113,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2012.11.22 10:59:19 | 000,092,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2012.11.16 14:21:18 | 000,877,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012.11.15 16:43:03 | 000,312,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll MOD - [2012.11.15 16:43:03 | 000,098,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll MOD - [2012.11.15 16:43:03 | 000,046,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll MOD - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe MOD - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe MOD - [2012.03.28 10:18:40 | 001,198,872 | ---- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\ACE.dll MOD - [2012.03.14 15:29:34 | 000,892,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL MOD - [2012.01.24 12:59:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll MOD - [2012.01.24 12:59:38 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2012.01.24 12:59:25 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.01.24 12:59:22 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2012.01.24 12:59:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2011.10.03 11:21:40 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2011.04.08 10:57:54 | 000,514,570 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\sqlite3.dll MOD - [2009.04.14 21:23:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclfile.dll MOD - [2009.04.07 20:45:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclcom.dll MOD - [2008.04.14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.11.21 19:29:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\nvdcrt.dll MOD - [2007.03.08 20:33:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\wnetutl.dll MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\iphelper.dll ========== Services (SafeList) ========== SRV - [2013.04.12 09:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\unimdnat.exe -- (proxydfg) SRV - [2013.03.14 22:01:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2012.11.09 13:12:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService) SRV - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SCPwrSetSvr.exe -- (SCPwrSetSvr) SRV - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) [Auto | Running] -- C:\Programme\SGFX\sgfxmgr.exe -- (SGFXMgr) SRV - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] () [Auto | Running] -- C:/Programme/Hewlett-Packard/HPCA/ManagementAgent/nvdkit.exe -- (rma) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ArcSoftVCapture.sys -- (ARCVCAM) DRV - [2012.11.22 10:59:41 | 001,996,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2012.11.22 10:59:40 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2012.08.24 14:16:10 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2012.08.24 14:16:08 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2012.08.15 17:01:30 | 000,027,648 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SzCCID.sys -- (SzCCID) DRV - [2012.04.16 13:45:56 | 000,152,576 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA) DRV - [2012.03.19 13:06:10 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012.03.19 13:05:08 | 000,061,200 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2012.03.19 13:04:50 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012.03.15 21:54:16 | 000,239,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2012.03.12 14:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32) DRV - [2011.11.09 12:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2011.10.04 16:54:54 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2011.10.04 16:54:54 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl) DRV - [2011.10.04 16:54:54 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2011.07.06 19:11:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.04.03 19:19:46 | 002,468,728 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPUVCBv.sys -- (SPUVCbv) DRV - [2011.01.06 15:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 15:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.10 14:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.10 14:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010.10.15 02:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.21 15:03:55 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter) DRV - [2010.09.21 15:03:54 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror) DRV - [2010.01.26 13:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.11.10 16:56:24 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008.07.23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 4E 12 5F 3C DF CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.http: "94.126.17.69" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 20:56:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 09:56:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.12 09:56:35 | 000,000,000 | ---D | M] [2012.12.15 13:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2013.04.01 19:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions [2013.02.17 17:33:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.05 17:50:10 | 000,150,573 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013.04.12 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 09:56:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.08.14 13:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2009.08.14 13:33:30 | 000,091,480 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2009.08.14 13:33:26 | 000,020,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 18:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2007.03.16 18:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2007.03.16 18:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2009.08.14 13:35:40 | 000,427,344 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2009.08.14 13:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.12 11:46:28 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4 - HKLM..\Run: [NUSB3MON] c:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SgfxConfig] C:\Programme\SGFX\sgfxconfig.exe () O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352900286078 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352900276890 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.20 16:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell - "" = AutoRun O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun\command - "" = F:\LiteAuto.exe O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell - "" = AutoRun O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 12:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Anleitung [2013.04.12 12:00:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2013.04.12 10:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Autoruns [2013.04.12 09:56:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.04.10 13:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2013.04.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.10 13:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.04.10 13:10:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.10 13:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.10 11:38:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.04.05 17:46:49 | 003,046,048 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe [2013.04.04 17:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\grundstück eiche [2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator [2013.04.01 17:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012 [2013.04.01 17:49:19 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2013.03.22 18:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\downloads [2013.03.22 09:50:57 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader 2 [2013.03.21 20:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2013.03.21 20:08:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2013.03.21 20:01:09 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.12 12:05:02 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe [2013.04.12 12:01:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2013.04.12 11:59:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2013.04.12 11:54:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.12 11:54:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.12 11:46:28 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.04.10 13:12:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 11:38:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.04.10 10:29:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.10 10:26:20 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.04.10 10:11:46 | 000,014,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json [2013.04.09 12:15:53 | 004,734,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf [2013.04.09 08:45:19 | 000,549,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.09 08:45:19 | 000,504,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.09 08:45:19 | 000,111,376 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.09 08:45:19 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.05 17:46:51 | 003,046,048 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.01 17:50:22 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2013.03.21 20:18:03 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\unimdnat.exe [2013.03.21 18:12:56 | 000,000,598 | ---- | M] () -- C:\WINDOWS\wiso.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.12 12:05:01 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe [2013.04.12 11:59:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable [2013.04.12 11:58:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2013.04.10 13:10:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 11:38:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.04.10 11:38:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.04.10 10:11:46 | 000,014,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json [2013.04.09 12:15:47 | 004,734,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf [2013.04.01 17:50:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2013.04.01 17:50:22 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk [2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk [2013.03.22 09:51:37 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader 2.lnk [2013.03.21 20:01:55 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2013.03.21 20:01:19 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\unimdnat.exe [2013.03.21 20:01:11 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2013.02.24 13:52:25 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.01.10 21:25:49 | 000,987,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013.01.04 19:06:52 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.04 18:52:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012.12.19 17:52:40 | 000,010,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\IntelligentesNetz.html [2012.11.14 16:06:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.11.14 13:28:38 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin [2012.11.14 13:28:38 | 000,561,128 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin [2012.07.23 12:37:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign [2012.05.07 16:38:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SCPwrSetSvr.exe [2012.03.07 02:40:26 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll [2012.01.30 12:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2012.01.26 15:43:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2012.01.24 14:20:53 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini [2012.01.24 13:41:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.23 12:58:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\oeminfo.ini [2012.01.23 12:46:46 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.01.20 17:07:27 | 000,019,326 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2012.01.20 16:55:50 | 000,015,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll [2012.01.20 16:54:37 | 000,094,776 | ---- | C] () -- C:\WINDOWS\un_dext.exe [2012.01.20 16:54:37 | 000,074,616 | ---- | C] () -- C:\WINDOWS\SPRemove.exe [2012.01.20 16:54:37 | 000,014,409 | ---- | C] () -- C:\WINDOWS\TWAIN2080.ini [2012.01.20 16:54:37 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Dext_12.ini [2012.01.20 16:54:37 | 000,003,892 | ---- | C] () -- C:\WINDOWS\Dext_27.ini [2012.01.20 16:54:37 | 000,003,884 | ---- | C] () -- C:\WINDOWS\Dext_25.ini [2012.01.20 16:54:37 | 000,003,882 | ---- | C] () -- C:\WINDOWS\Dext_21.ini [2012.01.20 16:54:37 | 000,003,820 | ---- | C] () -- C:\WINDOWS\Dext_11.ini [2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_14.ini [2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_05.ini [2012.01.20 16:54:37 | 000,003,704 | ---- | C] () -- C:\WINDOWS\Dext_10.ini [2012.01.20 16:54:37 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Dext_16.ini [2012.01.20 16:54:37 | 000,003,682 | ---- | C] () -- C:\WINDOWS\Dext_08.ini [2012.01.20 16:54:37 | 000,003,672 | ---- | C] () -- C:\WINDOWS\Dext_31.ini [2012.01.20 16:54:37 | 000,003,648 | ---- | C] () -- C:\WINDOWS\Dext_36.ini [2012.01.20 16:54:37 | 000,003,624 | ---- | C] () -- C:\WINDOWS\Dext_1046.ini [2012.01.20 16:54:37 | 000,003,622 | ---- | C] () -- C:\WINDOWS\Dext_20.ini [2012.01.20 16:54:37 | 000,003,591 | ---- | C] () -- C:\WINDOWS\Remove.ini [2012.01.20 16:54:37 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Dext_06.ini [2012.01.20 16:54:37 | 000,003,586 | ---- | C] () -- C:\WINDOWS\Dext_22.ini [2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_19.ini [2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_07.ini [2012.01.20 16:54:37 | 000,003,522 | ---- | C] () -- C:\WINDOWS\Dext_02.ini [2012.01.20 16:54:37 | 000,003,492 | ---- | C] () -- C:\WINDOWS\Dext_24.ini [2012.01.20 16:54:37 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Dext_29.ini [2012.01.20 16:54:37 | 000,003,416 | ---- | C] () -- C:\WINDOWS\Dext_01.ini [2012.01.20 16:54:37 | 000,003,342 | ---- | C] () -- C:\WINDOWS\Dext_30.ini [2012.01.20 16:54:37 | 000,003,220 | ---- | C] () -- C:\WINDOWS\Dext_09.ini [2012.01.20 16:54:37 | 000,003,174 | ---- | C] () -- C:\WINDOWS\Dext_13.ini [2012.01.20 16:54:37 | 000,002,850 | ---- | C] () -- C:\WINDOWS\Dext_04.ini [2012.01.20 16:54:37 | 000,002,750 | ---- | C] () -- C:\WINDOWS\Dext_17.ini [2012.01.20 16:54:37 | 000,002,674 | ---- | C] () -- C:\WINDOWS\Dext_18.ini [2012.01.20 16:54:37 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Dext_2052.ini [2012.01.20 16:53:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin [2012.01.20 16:47:50 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2012.01.20 16:47:50 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2012.01.20 16:47:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2012.01.20 16:47:49 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2012.01.20 16:47:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2012.01.20 16:33:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.20 16:28:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.20 16:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.01.20 16:16:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.12 03:02:14 | 000,187,728 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll [2011.10.12 03:02:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll.hpsign [2011.10.03 11:21:40 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll ========== ZeroAccess Check ========== [2012.01.24 11:54:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.24 13:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service [2012.12.17 19:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Citrix [2012.12.20 18:44:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICAClient [2012.11.15 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LocalLow [2012.11.14 15:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SMSC [2013.04.01 17:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator [2012.01.23 10:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Synaptics [2013.04.05 17:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer [2013.01.04 18:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec [2013.02.24 13:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.11.16 14:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Qualcomm Atheros [2013.01.04 18:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2013.04.12 10:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2012.11.14 13:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SZCCID [2013.01.04 18:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2012.01.24 15:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2012.11.14 16:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Validity ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 12:06:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free
3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12344:TCP" = 12344:TCP:*:Enabled:Trend Micro OfficeScan Listener
"3465:TCP" = 3465:TCP:*:Enabled:HPCA-RAM 7.50.7535 (3465)
"3463:TCP" = 3463:TCP:*:Enabled:HPCA-RMA 7.50.7535 (3463)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\Spyware Terminator\SpywareTerminator.exe" = C:\Programme\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1121A0B7-4CC0-49F5-9310-37E308D388EA}" = HP SoftPaq Download Manager
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B2E5A81-C31B-40AD-B3C6-C08C85755A14}" = HP Connection Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{446A6333-0247-4E14-BC59-FF3598F65D21}" = HPCA Management Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{59A443A7-FFBF-41F1-B033-51D7B9A4AF5C}" = Mobile Broadband Generic Drivers
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}" = HP Power Assistant
"{6EC6CE35-3230-4748-9140-4A68B3DC50FE}" = HP ESU for Microsoft Windows XP
"{70B6AFF1-40D1-486E-B846-26F88AFC78C2}" = Intel® Trusted Connect Service Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75BF632E-4761-4CF4-A368-E158B8A1BB1C}" = HP Port Replicator Software Installer
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7ADD9AFB-4CF8-46E6-AD6F-88DB7C949533}" = HP USB Docking Video
"{842B692C-3562-4AA2-8A1D-75C1AE770E23}" = ViewSpan
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"{BAB5DCE0-2B99-4B28-837F-B5752043A361}" = DisplayLink Core Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF164C10-6C85-4C39-AFDC-577E42078564}" = Core Graphics Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}" = Citrix XenApp Plugin für gehostete Anwendungen
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4543880-0A6F-41CC-BB6F-9B27407A7E28}" = HP 3D DriveGuard
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F24F876B-7D71-4BD6-88E9-614D3BB84231}" = Alcor Micro Smart Card Reader Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F5FB6A99-F6BD-4F13-AD89-A9F0DE5E1F68}" = Cinergy_Stick_DUAL_REV2
"{F83E415D-074E-4DAB-A623-5B3ABF9F3094}" = Validity Fingerprint Sensor Driver
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Core Graphics Software" = SMSC Core Graphics Software
"GSiteCrawler" = GSiteCrawler
"HP Battery Check" = HP Battery Check
"ie8" = Windows Internet Explorer 8
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKVToolNix" = MKVToolNix 6.1.0
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OfficeScanNT" = Trend Micro OfficeScan Client
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SZCCID" = Alcor Micro Smart Card Reader Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IN Customer Control" = IN Customer Control
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5906
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5906
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7922
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7922
Error - 19.02.2013 15:21:15 | Computer Name = PARA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinergyDvr.exe, Version 6.25.6.985, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ HP Connection Manager Events ]
Error - 12.04.2013 04:06:10 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 10:06:10.109|00001090|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 05:56:51 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:51.859|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.000|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.562|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.562|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:20 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:20.015|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
[ HP Power Assistant Events ]
Error - 24.01.2013 10:21:16 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 24.01.2013 10:21:19 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 17.02.2013 11:46:21 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 17.02.2013 11:50:33 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 19.02.2013 17:32:48 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 19.02.2013 17:32:50 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 10.03.2013 09:56:53 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 14.03.2013 16:02:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 16.03.2013 15:53:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 19.03.2013 12:01:24 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
[ HP Software Framework Events ]
Error - 16.03.2013 15:30:48 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.16 20:30:48.906|000012B0|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 17.03.2013 06:44:30 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 11:44:30.703|00000FCC|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 17.03.2013 14:10:58 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 19:10:58.093|00001750|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 23.03.2013 03:36:13 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 08:36:13.781|00001094|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 23.03.2013 10:43:42 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 15:43:42.781|000016D4|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 01.04.2013 12:46:40 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 18:46:40.342|00001378|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 01.04.2013 13:46:25 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 19:46:25.937|000012C0|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 09.04.2013 09:30:44 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 15:30:44.078|00001094|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 09.04.2013 10:11:47 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 16:11:47.000|00001280|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 10.04.2013 04:02:29 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.10 10:02:29.218|000013E8|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
[ System Events ]
Error - 10.04.2013 13:29:17 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 13:58:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723232A7A364 rev.EC2OA60W 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pgtorfow.sys
---- System - GMER 2.1 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA7AC7444]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA7AC6C8A]
SSDT 8A0DBF34 ZwCreateKey
SSDT 8A2B9554 ZwCreateMutant
SSDT 8862816C ZwCreateProcess
SSDT 8A12612C ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA7AC8520]
SSDT 8A2BCF34 ZwCreateSymbolicLinkObject
SSDT 8A27DDBC ZwCreateThread
SSDT 88602A6C ZwDebugActiveProcess
SSDT 8A034CB4 ZwDeleteKey
SSDT 87F9308C ZwDeleteValueKey
SSDT 88654864 ZwDuplicateObject
SSDT 8A07DF34 ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA7AC6F9C]
SSDT 8A12616C ZwOpenProcess
SSDT 87F75C1C ZwOpenSection
SSDT 885DA694 ZwOpenThread
SSDT 8A44AC7C ZwRenameKey
SSDT 880AA43C ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA7AC70D2]
SSDT 8A249ECC ZwSetSystemInformation
SSDT 8A474804 ZwSetValueKey
SSDT 8A45EF34 ZwTerminateProcess
SSDT 8A07F934 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA7AC72BC]
SSDT 8A458314 ZwWriteVirtualMemory
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
Device \FileSystem\Cdfs \Cdfs A5E86400
---- EOF - GMER 2.1 ----
|
|
12.04.2013, 15:39
| #2 | |
| /// TB-Ausbilder   | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hi,
__________________Zitat:
__________________ |
|
12.04.2013, 17:02
| #3 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hi,
__________________sie treten auch im IE auf. Gruß Eddy |
|
12.04.2013, 18:04
| #4 |
| /// TB-Ausbilder | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hallo Eddy, hab den Übeltäter wohl im Auge, aber lass mich noch schnell was nachschauen:
Code:
ATTFilter reg query "HKLM\SYSTEM\CurrentControlSet\Services\proxydfg" /s /c
__________________ cheers, Leo |
|
12.04.2013, 18:19
| #5 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hi, hier der Inhalt der olt.txt: Code:
ATTFilter OTL logfile created on: 12.04.2013 19:17:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,30% Memory free
3,76 Gb Paging File | 3,10 Gb Available in Paging File | 82,33% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,84 Gb Free Space | 71,50% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA_NB_004 | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< reg query "HKLM\SYSTEM\CurrentControlSet\Services\proxydfg" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROXYDFG
Type REG_DWORD 0x10
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x0
ImagePath REG_EXPAND_SZ C:\WINDOWS\system32\unimdnat.exe
DisplayName REG_SZ Universeller ParVdm Audio
ObjectName REG_SZ LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROXYDFG\Security
Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROXYDFG\Enum
0 REG_SZ Root\LEGACY_PROXYDFG\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1
< End of report >
|
|
12.04.2013, 18:36
| #6 |
| /// TB-Ausbilder | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hallo Eddy, mach bitte die folgenden Schritte und kontrolliere danach, ob das Problem weiterhin besteht. Schritt 1
Code:
ATTFilter :OTL
SRV - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\unimdnat.exe -- (proxydfg)
:commands
[emptytemp]
Schritt 2 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) |
|
12.04.2013, 19:47
| #7 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hi, hab alles gemacht. Ergebnis: - Die Umleitungen im IE und im FF sind weg - Die Webseiten werden wieder schnell geladen, so wie es normal ist, denke ich - Aber: Der Rechner brauchte bei den Reboots extrem lange, auch der Start von Anwendungen dauert sehr lange (Firefox ca. 3 Minuten). Das war vor dem Befall nicht so. Es wird weiterhin ununterbrochen auf die Festplatte zugegriffen, ich glaube das bremst den Rechner auch so aus. Evt. hängt das mit den Arbeiten der Tools zusammen. Das teste ich nochmal. Hier die Logs: OTL Fixlog: Code:
ATTFilter All processes killed
========== OTL ==========
Service proxydfg stopped successfully!
Service proxydfg deleted successfully!
C:\WINDOWS\system32\unimdnat.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 200638922 bytes
->Temporary Internet Files folder emptied: 27143047 bytes
->Java cache emptied: 2376236 bytes
->FireFox cache emptied: 83021162 bytes
->Flash cache emptied: 1051 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Support
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352202 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2570523700 bytes
RecycleBin emptied: 26770174 bytes
Total Files Cleaned = 2.778,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04122013_194050
Files\Folders moved on Reboot...
C:\WINDOWS\temp\BtwEventTrace_5_6_0_7400.etl moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1324.dat moved successfully.
File\Folder C:\WINDOWS\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter # AdwCleaner v2.200 - Datei am 12/04/2013 um 20:04:44 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Admin - PARA
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S4].txt - [770 octets] - [12/04/2013 20:04:44]
########## EOF - C:\AdwCleaner[S4].txt - [829 octets] ##########
Code:
ATTFilter OTL logfile created on: 12.04.2013 20:21:39 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,91 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 58,90% Memory free 3,76 Gb Paging File | 2,93 Gb Available in Paging File | 77,83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 87,89 Gb Total Space | 65,52 Gb Free Space | 74,55% Space Free | Partition Type: NTFS Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32 Computer Name: PARA | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2013.04.12 09:56:44 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe PRC - [2012.12.18 16:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe PRC - [2012.11.22 10:59:40 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe PRC - [2012.08.28 18:19:26 | 000,334,240 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe PRC - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe PRC - [2012.07.31 17:31:08 | 000,887,416 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\PccNTMon.exe PRC - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmListen.exe PRC - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\NTRtScan.exe PRC - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe PRC - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe PRC - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxmgr.exe PRC - [2012.04.27 17:38:47 | 000,026,624 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxagt.exe PRC - [2012.04.26 17:35:04 | 003,221,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe PRC - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe PRC - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe PRC - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\BM\TMBMSRV.exe PRC - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe PRC - [2012.03.14 15:21:56 | 003,488,640 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe PRC - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe PRC - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- c:\Programme\Intel\iCLS Client\HeciServer.exe PRC - [2012.02.26 14:51:00 | 000,070,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe PRC - [2011.11.09 18:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe PRC - [2011.10.03 11:21:32 | 002,159,992 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe PRC - [2011.10.03 11:21:32 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmProxy.exe PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.09.21 15:03:31 | 001,025,384 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe PRC - [2010.09.21 15:03:30 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe PRC - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe PRC - [2010.09.02 18:15:36 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\CNTAoSMgr.exe PRC - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HPCA\ManagementAgent\nvdkit.exe PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2013.04.12 09:56:43 | 003,133,336 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.17 17:40:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll MOD - [2013.02.17 17:40:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll MOD - [2013.02.17 17:39:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll MOD - [2013.02.17 17:38:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2013.02.17 17:38:17 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MOD - [2013.02.17 17:38:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2013.02.17 17:38:09 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2013.01.12 21:02:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll MOD - [2013.01.12 21:01:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll MOD - [2013.01.12 21:01:30 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll MOD - [2013.01.10 21:15:16 | 001,917,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\91a81dc769e9148a0b9f3840c87ef083\System.Speech.ni.dll MOD - [2013.01.10 21:15:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll MOD - [2013.01.10 21:15:05 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll MOD - [2013.01.10 21:15:02 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbfa6bdbfea6f90f3b604c3efce24047\PresentationFramework.Aero.ni.dll MOD - [2013.01.10 21:14:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 21:14:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll MOD - [2013.01.10 21:14:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll MOD - [2013.01.10 21:14:39 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll MOD - [2013.01.10 21:14:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll MOD - [2013.01.10 21:14:04 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll MOD - [2013.01.10 21:13:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll MOD - [2013.01.10 21:13:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll MOD - [2013.01.10 21:13:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll MOD - [2013.01.10 21:13:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll MOD - [2013.01.10 21:13:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll MOD - [2013.01.10 21:13:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll MOD - [2012.12.18 16:28:44 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2012.12.18 16:28:44 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU MOD - [2012.11.22 10:59:19 | 000,113,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll MOD - [2012.11.22 10:59:19 | 000,092,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll MOD - [2012.11.16 14:21:18 | 000,877,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll MOD - [2012.11.15 16:43:03 | 000,312,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll MOD - [2012.11.15 16:43:03 | 000,098,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll MOD - [2012.11.15 16:43:03 | 000,046,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll MOD - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe MOD - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe MOD - [2012.03.28 10:18:40 | 001,198,872 | ---- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\ACE.dll MOD - [2012.03.14 15:29:34 | 000,892,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL MOD - [2012.01.24 12:59:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll MOD - [2012.01.24 12:59:38 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2012.01.24 12:59:25 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.01.24 12:59:22 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll MOD - [2012.01.24 12:59:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2011.10.03 11:21:40 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2011.04.08 10:57:54 | 000,514,570 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\sqlite3.dll MOD - [2009.04.14 21:23:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclfile.dll MOD - [2009.04.07 20:45:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclcom.dll MOD - [2008.04.14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.11.21 19:29:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\nvdcrt.dll MOD - [2007.03.08 20:33:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\wnetutl.dll MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\iphelper.dll ========== Services (SafeList) ========== SRV - [2013.04.12 09:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2013.03.14 22:01:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc) SRV - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV) SRV - [2012.11.09 13:12:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor) SRV - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\TmListen.exe -- (tmlisten) SRV - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\NTRtScan.exe -- (ntrtscan) SRV - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService) SRV - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SCPwrSetSvr.exe -- (SCPwrSetSvr) SRV - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) [Auto | Running] -- C:\Programme\SGFX\sgfxmgr.exe -- (SGFXMgr) SRV - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv) SRV - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) SRV - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\BM\TMBMSRV.exe -- (TMBMServer) SRV - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service) SRV - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\OfficeScan Client\TmProxy.exe -- (TmProxy) SRV - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService) SRV - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] () [Auto | Running] -- C:/Programme/Hewlett-Packard/HPCA/ManagementAgent/nvdkit.exe -- (rma) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ArcSoftVCapture.sys -- (ARCVCAM) DRV - [2012.11.22 10:59:41 | 001,996,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2012.11.22 10:59:40 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2012.08.24 14:16:10 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR) DRV - [2012.08.24 14:16:08 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci) DRV - [2012.08.15 17:01:30 | 000,027,648 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SzCCID.sys -- (SzCCID) DRV - [2012.04.16 13:45:56 | 000,152,576 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA) DRV - [2012.03.19 13:06:10 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon) DRV - [2012.03.19 13:05:08 | 000,061,200 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr) DRV - [2012.03.19 13:04:50 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2012.03.15 21:54:16 | 000,239,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress) DRV - [2012.03.12 14:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32) DRV - [2011.11.09 12:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) DRV - [2011.10.04 16:54:54 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2011.10.04 16:54:54 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl) DRV - [2011.10.04 16:54:54 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\TmXPFlt.sys -- (TmFilter) DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\tmpreflt.sys -- (TmPreFilter) DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\vsapiNT.sys -- (VSApiNt) DRV - [2011.07.06 19:11:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2) DRV - [2011.04.03 19:19:46 | 002,468,728 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPUVCBv.sys -- (SPUVCbv) DRV - [2011.01.06 15:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt) DRV - [2011.01.06 15:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2010.12.10 14:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.12.10 14:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2010.11.08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi) DRV - [2010.10.15 02:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.09.21 15:03:55 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter) DRV - [2010.09.21 15:03:54 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror) DRV - [2010.01.26 13:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.11.10 16:56:24 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008.07.23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 4E 12 5F 3C DF CC 01 [binary data] IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..network.proxy.http: "94.126.17.69" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 20:56:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 09:56:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.12 09:56:35 | 000,000,000 | ---D | M] [2012.12.15 13:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2013.04.01 19:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions [2013.02.17 17:33:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.03.05 17:50:10 | 000,150,573 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi [2013.04.12 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.12 09:56:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2009.08.14 13:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll [2009.08.14 13:33:30 | 000,091,480 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll [2009.08.14 13:33:26 | 000,020,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 18:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll [2007.03.16 18:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll [2007.03.16 18:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll [2009.08.14 13:35:40 | 000,427,344 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll [2009.08.14 13:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.12 11:46:28 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.) O4 - HKLM..\Run: [NUSB3MON] c:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\OfficeScan Client\pccntmon.exe (Trend Micro Inc.) O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [SgfxConfig] C:\Programme\SGFX\sgfxconfig.exe () O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\S-1-5-21-240390726-1586162583-2414266492-1004..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-240390726-1586162583-2414266492-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352900286078 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352900276890 (MUWebControl Class) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CCBA1240-FB15-4B97-91B1-6E698092CFEC}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:AutorunsDisabled () - O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.20 16:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell - "" = AutoRun O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun\command - "" = F:\LiteAuto.exe O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell - "" = AutoRun O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 19:40:50 | 000,000,000 | ---D | C] -- C:\_OTL [2013.04.12 16:08:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\TFC.exe [2013.04.12 12:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Anleitung [2013.04.12 12:00:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2013.04.12 10:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Autoruns [2013.04.12 09:56:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.04.10 13:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2013.04.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.04.10 13:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.04.10 13:10:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.10 13:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.04.10 11:38:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service [2013.04.05 17:46:49 | 003,046,048 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe [2013.04.04 17:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\grundstück eiche [2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator [2013.04.01 17:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012 [2013.04.01 17:49:19 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator [2013.03.22 18:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\downloads [2013.03.22 09:50:57 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader 2 [2013.03.21 20:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2013.03.21 20:08:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2013.03.21 20:01:09 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll ========== Files - Modified Within 30 Days ========== [2013.04.12 20:13:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.04.12 20:12:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.04.12 20:03:21 | 000,613,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe [2013.04.12 20:01:16 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.04.12 19:41:02 | 000,504,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.04.12 19:41:01 | 000,549,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.04.12 19:41:01 | 000,111,376 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.04.12 19:41:01 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.04.12 15:41:26 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\TFC.exe [2013.04.12 12:05:02 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2013.04.12 11:46:28 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.04.10 13:12:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 11:38:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.04.10 10:29:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.04.10 10:26:20 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.04.10 10:11:46 | 000,014,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json [2013.04.09 12:15:53 | 004,734,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf [2013.04.05 17:46:51 | 003,046,048 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.04.01 17:50:22 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2013.03.21 20:18:03 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe [2013.03.21 18:12:56 | 000,000,598 | ---- | M] () -- C:\WINDOWS\wiso.ini ========== Files Created - No Company Name ========== [2013.04.12 20:03:17 | 000,613,083 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\adwcleaner.exe [2013.04.12 12:05:01 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe [2013.04.12 11:58:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe [2013.04.10 13:10:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 11:38:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2013.04.10 11:38:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.04.10 10:11:46 | 000,014,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json [2013.04.09 12:15:47 | 004,734,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf [2013.04.01 17:50:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2013.04.01 17:50:22 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk [2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk [2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk [2013.03.22 09:51:37 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader 2.lnk [2013.03.21 20:01:55 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe [2013.03.21 20:01:11 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll [2013.02.24 13:52:25 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wiso.ini [2013.01.10 21:25:49 | 000,987,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2013.01.04 19:06:52 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.04 18:52:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012.12.19 17:52:40 | 000,010,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\IntelligentesNetz.html [2012.11.14 16:06:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.11.14 13:28:38 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin [2012.11.14 13:28:38 | 000,561,128 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin [2012.07.23 12:37:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign [2012.05.07 16:38:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SCPwrSetSvr.exe [2012.03.07 02:40:26 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll [2012.01.30 12:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI [2012.01.26 15:43:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2012.01.24 14:20:53 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini [2012.01.24 13:41:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.23 12:58:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\oeminfo.ini [2012.01.23 12:46:46 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.01.20 17:07:27 | 000,019,326 | ---- | C] () -- C:\WINDOWS\cfgall.ini [2012.01.20 16:55:50 | 000,015,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll [2012.01.20 16:54:37 | 000,094,776 | ---- | C] () -- C:\WINDOWS\un_dext.exe [2012.01.20 16:54:37 | 000,074,616 | ---- | C] () -- C:\WINDOWS\SPRemove.exe [2012.01.20 16:54:37 | 000,014,409 | ---- | C] () -- C:\WINDOWS\TWAIN2080.ini [2012.01.20 16:54:37 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Dext_12.ini [2012.01.20 16:54:37 | 000,003,892 | ---- | C] () -- C:\WINDOWS\Dext_27.ini [2012.01.20 16:54:37 | 000,003,884 | ---- | C] () -- C:\WINDOWS\Dext_25.ini [2012.01.20 16:54:37 | 000,003,882 | ---- | C] () -- C:\WINDOWS\Dext_21.ini [2012.01.20 16:54:37 | 000,003,820 | ---- | C] () -- C:\WINDOWS\Dext_11.ini [2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_14.ini [2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_05.ini [2012.01.20 16:54:37 | 000,003,704 | ---- | C] () -- C:\WINDOWS\Dext_10.ini [2012.01.20 16:54:37 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Dext_16.ini [2012.01.20 16:54:37 | 000,003,682 | ---- | C] () -- C:\WINDOWS\Dext_08.ini [2012.01.20 16:54:37 | 000,003,672 | ---- | C] () -- C:\WINDOWS\Dext_31.ini [2012.01.20 16:54:37 | 000,003,648 | ---- | C] () -- C:\WINDOWS\Dext_36.ini [2012.01.20 16:54:37 | 000,003,624 | ---- | C] () -- C:\WINDOWS\Dext_1046.ini [2012.01.20 16:54:37 | 000,003,622 | ---- | C] () -- C:\WINDOWS\Dext_20.ini [2012.01.20 16:54:37 | 000,003,591 | ---- | C] () -- C:\WINDOWS\Remove.ini [2012.01.20 16:54:37 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Dext_06.ini [2012.01.20 16:54:37 | 000,003,586 | ---- | C] () -- C:\WINDOWS\Dext_22.ini [2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_19.ini [2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_07.ini [2012.01.20 16:54:37 | 000,003,522 | ---- | C] () -- C:\WINDOWS\Dext_02.ini [2012.01.20 16:54:37 | 000,003,492 | ---- | C] () -- C:\WINDOWS\Dext_24.ini [2012.01.20 16:54:37 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Dext_29.ini [2012.01.20 16:54:37 | 000,003,416 | ---- | C] () -- C:\WINDOWS\Dext_01.ini [2012.01.20 16:54:37 | 000,003,342 | ---- | C] () -- C:\WINDOWS\Dext_30.ini [2012.01.20 16:54:37 | 000,003,220 | ---- | C] () -- C:\WINDOWS\Dext_09.ini [2012.01.20 16:54:37 | 000,003,174 | ---- | C] () -- C:\WINDOWS\Dext_13.ini [2012.01.20 16:54:37 | 000,002,850 | ---- | C] () -- C:\WINDOWS\Dext_04.ini [2012.01.20 16:54:37 | 000,002,750 | ---- | C] () -- C:\WINDOWS\Dext_17.ini [2012.01.20 16:54:37 | 000,002,674 | ---- | C] () -- C:\WINDOWS\Dext_18.ini [2012.01.20 16:54:37 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Dext_2052.ini [2012.01.20 16:53:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin [2012.01.20 16:47:50 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin [2012.01.20 16:47:50 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin [2012.01.20 16:47:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll [2012.01.20 16:47:49 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin [2012.01.20 16:47:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config [2012.01.20 16:33:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.20 16:28:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.20 16:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2012.01.20 16:16:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.10.12 03:02:14 | 000,187,728 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll [2011.10.12 03:02:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll.hpsign [2011.10.03 11:21:40 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll ========== ZeroAccess Check ========== [2012.01.24 11:54:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.02.24 13:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service [2012.12.17 19:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Citrix [2012.12.20 18:44:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICAClient [2012.11.15 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LocalLow [2012.11.14 15:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SMSC [2013.04.01 17:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator [2012.01.23 10:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Synaptics [2013.04.05 17:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer [2013.01.04 18:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec [2013.02.24 13:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2012.11.16 14:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Qualcomm Atheros [2013.01.04 18:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2013.04.12 10:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator [2012.11.14 13:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SZCCID [2013.01.04 18:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2012.01.24 15:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall [2012.11.14 16:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Validity [2012.01.30 13:10:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Support\Anwendungsdaten\Synaptics ========== Purity Check ========== < End of report > |
|
12.04.2013, 20:03
| #8 | |
| /// TB-Ausbilder | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Hi, Zitat:
 Zuerst schnell nachschauen:
Code:
ATTFilter reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c
__________________ cheers, Leo |
|
12.04.2013, 20:09
| #9 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) HAbe nur den Rechner nochmal gebootet, um das zu testen. Habe alles so getan, hier das Log: Code:
ATTFilter OTL logfile created on: 12.04.2013 21:07:42 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 66,80% Memory free
3,76 Gb Paging File | 3,12 Gb Available in Paging File | 82,86% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 65,60 Gb Free Space | 74,64% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0
DMAEnabled REG_DWORD 0x0
Driver REG_SZ atapi
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0\Scsi Bus 0
< reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}
Class REG_SZ hdc
<NO NAME> REG_SZ IDE ATA/ATAPI-Controller
Icon REG_SZ -9
Installer32 REG_SZ SysSetup.Dll,HdcClassInstaller
TroubleShooter-0 REG_SZ hcp://help/tshoot/tsdrive.htm
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000
InfPath REG_SZ oem1.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000871C7B50CB01
DriverDate REG_SZ 9-10-2010
DriverVersion REG_SZ 9.2.0.1011
MatchingDeviceId REG_SZ pci\ven_8086&dev_1c09
DriverDesc REG_SZ Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001
InfPath REG_SZ oem1.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000871C7B50CB01
DriverDate REG_SZ 9-10-2010
DriverVersion REG_SZ 9.2.0.1011
MatchingDeviceId REG_SZ pci\ven_8086&dev_1c01
DriverDesc REG_SZ Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x1
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x10
MasterIdDataCheckSum REG_DWORD 0x13d6a
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
MasterDeviceTimingModeAllowed REG_DWORD 0x1f
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x2
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x810
MasterIdDataCheckSum REG_DWORD 0x1bfc8
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0006
InfPath REG_SZ oem71.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000C2238242CC01
DriverDate REG_SZ 7-15-2011
DriverVersion REG_SZ 9.3.0.1008
MatchingDeviceId REG_SZ pci\ven_8086&dev_1e01
DriverDesc REG_SZ Intel(R) 7 Series/C216 Chipset Family 4 port Serial ATA Storage Controller - 1E01
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0007
InfPath REG_SZ oem71.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000C2238242CC01
DriverDate REG_SZ 7-15-2011
DriverVersion REG_SZ 9.3.0.1008
MatchingDeviceId REG_SZ pci\ven_8086&dev_1e09
DriverDesc REG_SZ Intel(R) 7 Series/C216 Chipset Family 2 port Serial ATA Storage Controller - 1E09
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0008
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x2
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x810
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
MasterIdDataCheckSum REG_DWORD 0x26bd8
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0009
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x1
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x810
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
MasterIdDataCheckSum REG_DWORD 0x14394
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0010
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0011
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties
< >
< End of report >
|
|
12.04.2013, 20:20
| #10 |
| /// TB-Ausbilder | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Mal schauen, was das bringt: Schritt 1
Code:
ATTFilter :processes
killallprocesses
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004]
"MasterDeviceTimingMode"=dword:ffffffff
"MasterIdDataCheckSum"=-
"MasterDeviceTimingModeAllowed"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0009]
"MasterDeviceTimingMode"=dword:ffffffff
"MasterIdDataCheckSum"=-
Schritt 2
Code:
ATTFilter reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
12.04.2013, 20:33
| #11 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Der Reboot nach dem Fix war schon wesentlich schneller Hier die Logs: Fixlog: Code:
ATTFilter ========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\"MasterDeviceTimingMode"|dword:ffffffff /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\MasterIdDataCheckSum deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004\\"MasterDeviceTimingModeAllowed"|dword:ffffffff /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0009\\"MasterDeviceTimingMode"|dword:ffffffff /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0009\\MasterIdDataCheckSum deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 04122013_212238
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter OTL logfile created on: 12.04.2013 21:32:26 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 67,02% Memory free
3,76 Gb Paging File | 3,11 Gb Available in Paging File | 82,72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 65,50 Gb Free Space | 74,52% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< reg query "HKLM\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0
DMAEnabled REG_DWORD 0x1
Driver REG_SZ atapi
HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\SCSI\SCSI PORT 0\Scsi Bus 0
< reg query "HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}
Class REG_SZ hdc
<NO NAME> REG_SZ IDE ATA/ATAPI-Controller
Icon REG_SZ -9
Installer32 REG_SZ SysSetup.Dll,HdcClassInstaller
TroubleShooter-0 REG_SZ hcp://help/tshoot/tsdrive.htm
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000
InfPath REG_SZ oem1.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000871C7B50CB01
DriverDate REG_SZ 9-10-2010
DriverVersion REG_SZ 9.2.0.1011
MatchingDeviceId REG_SZ pci\ven_8086&dev_1c09
DriverDesc REG_SZ Intel(R) 6 Series/C200 Series Chipset Family 2 port Serial ATA Storage Controller - 1C09
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0001
InfPath REG_SZ oem1.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000871C7B50CB01
DriverDate REG_SZ 9-10-2010
DriverVersion REG_SZ 9.2.0.1011
MatchingDeviceId REG_SZ pci\ven_8086&dev_1c01
DriverDesc REG_SZ Intel(R) 6 Series/C200 Series Chipset Family 4 port Serial ATA Storage Controller - 1C01
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0002
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0003
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0004
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x1
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x810
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
MasterIdDataCheckSum REG_DWORD 0x13d6a
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0005
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x2
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x810
MasterIdDataCheckSum REG_DWORD 0x1bfc8
SlaveDeviceTimingMode REG_DWORD 0x0
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0006
InfPath REG_SZ oem71.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000C2238242CC01
DriverDate REG_SZ 7-15-2011
DriverVersion REG_SZ 9.3.0.1008
MatchingDeviceId REG_SZ pci\ven_8086&dev_1e01
DriverDesc REG_SZ Intel(R) 7 Series/C216 Chipset Family 4 port Serial ATA Storage Controller - 1E01
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0007
InfPath REG_SZ oem71.inf
InfSection REG_SZ pciide_Inst
ProviderName REG_SZ Intel
DriverDateData REG_BINARY 0000C2238242CC01
DriverDate REG_SZ 7-15-2011
DriverVersion REG_SZ 9.3.0.1008
MatchingDeviceId REG_SZ pci\ven_8086&dev_1e09
DriverDesc REG_SZ Intel(R) 7 Series/C216 Chipset Family 2 port Serial ATA Storage Controller - 1E09
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0008
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x2
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0x810
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
MasterIdDataCheckSum REG_DWORD 0x26bd8
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0009
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x1
SlaveDeviceType REG_DWORD 0x0
SlaveDeviceDetectionTimeout REG_DWORD 0x1
MasterDeviceTimingMode REG_DWORD 0xffffffff
MasterDeviceTimingModeAllowed REG_DWORD 0xffffffff
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0010
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_primary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ primary_ide_channel
DriverDesc REG_SZ Primärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0011
EnumPropPages32 REG_SZ storprop.dll,IdePropPageProvider
InfPath REG_SZ mshdc.inf
InfSection REG_SZ atapi_Inst_secondary
ProviderName REG_SZ Microsoft
DriverDateData REG_BINARY 008062C5C001C101
DriverDate REG_SZ 7-1-2001
DriverVersion REG_SZ 5.1.2600.5512
MatchingDeviceId REG_SZ secondary_ide_channel
DriverDesc REG_SZ Sekundärer IDE-Kanal
MasterDeviceType REG_DWORD 0x0
SlaveDeviceType REG_DWORD 0x0
MasterDeviceTimingMode REG_DWORD 0x0
SlaveDeviceTimingMode REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\CLASS\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties
< >
< End of report >
|
|
12.04.2013, 20:40
| #12 |
| /// TB-Ausbilder | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Prima, ich seh die Veränderung auch im Log. Dann machen wir mal weiter. Schritt 1 HDD-Controller-Treiber zurücksetzen nach Scan mit GMER (LINK, wähle "Ziel speichern unter ..." und speichere es auf deinem Desktop. Schritt 2 Lade bitte folgendermassen Dateien zur Analyse hoch:
Schritt 3
Schritt 4 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 5 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
12.04.2013, 20:48
| #13 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Beim Starten der resetdma.vbs erhalte ich eine Fehlermeldung: Windows Script Host Fehler: Ungültiges Zeichen Code: 800A0408 Quelle: Kompilierungsfehler in Microsoft VBScript Was mache ich falsch? |
|
12.04.2013, 20:51
| #14 | |
| /// TB-Ausbilder | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)Zitat:
Läuft und bootet denn der Rechner wieder normal schnell?
__________________ cheers, Leo |
|
12.04.2013, 20:55
| #15 |
| | Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) Ich glaub das liegt am TrendMicro OfficeScan, der die Ausführung des VBS-Scriptes unterbindet. Ich kann den aber nicht beenden, weil ich dazu ein Passwort benötige, welches ich nicht habe. Ich starte den Rechner jetzt nochmal durch und gebe Bescheid über die Geschwindigkeit. Soll ich Punkt 2-5 trotzdem durchführen? Für Punkt 2 kann ich aber eben den Virenscanner nicht stoppen. Gruß Eddy |
|
| Themen zu Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs) |
| 32 bit, absturz, bho, bonjour, browser, error, excel, failed, festplatte, firefox, flash player, fontcache, home, hotspot, hängen, iexplore.exe, jdownloader, mozilla, office 2007, plug-in, popup, registry, remote control, rundll, scan, security, senden, software, spyware, stick, total commander, usb, windows internet, wiso |
Textbox.
Linear-Darstellung
