| freddy410 | 12.04.2013 13:17 |
Ständiger Festplattenzugriff, Firefox Umleitung, usw. (mit Logs)
Hallo,
ich bin mir ziemlich sicher, mir vor 3, 4 Wochen was eingefangen zu haben.
Symptome:
- Ständiger Festplattenzugriff
- Langesamer Rechner
- Langsamer Aufbau der Webseiten in IE und FF
- Umleitung auf Shop-Seiten mit AffiliateIDs im FF
- Absturz von FF
- Festfahren des gesamten Rechners, bei Nutzung des FF
Anbei der Inhalt der drei Logfiles otl.txt, extras.txt, gmer.txt.
Ich hoffe jemand hat nen Tipp für mich.
Danke und Gruß
Eddy Code:
OTL logfile created on: 12.04.2013 12:06:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free
3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
PRC - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
PRC - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe
PRC - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\st_rsser.exe
PRC - [2012.12.18 16:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2012.11.22 10:59:40 | 000,737,280 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2012.08.28 18:19:26 | 000,334,240 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe
PRC - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
PRC - [2012.07.31 17:31:08 | 000,887,416 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\PccNTMon.exe
PRC - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmListen.exe
PRC - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\NTRtScan.exe
PRC - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) -- C:\WINDOWS\system32\vcsFPService.exe
PRC - [2012.07.03 10:04:54 | 000,252,848 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe
PRC - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe
PRC - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxmgr.exe
PRC - [2012.04.27 17:38:47 | 000,026,624 | ---- | M] (SMSC) -- C:\Programme\SGFX\sgfxagt.exe
PRC - [2012.04.26 17:35:04 | 003,221,888 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
PRC - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
PRC - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) -- C:\Programme\BM\TMBMSRV.exe
PRC - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
PRC - [2012.03.14 15:21:56 | 003,488,640 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
PRC - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) -- c:\Programme\Intel\iCLS Client\HeciServer.exe
PRC - [2012.02.26 14:51:00 | 000,070,936 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
PRC - [2011.11.09 18:42:26 | 001,844,296 | ---- | M] (Elgato Systems) -- C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTvRc.exe
PRC - [2011.10.03 11:21:32 | 002,159,992 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2011.10.03 11:21:32 | 000,636,256 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\TmProxy.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.21 15:03:31 | 001,025,384 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2010.09.21 15:03:30 | 000,841,064 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010.09.02 18:15:36 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Programme\OfficeScan Client\CNTAoSMgr.exe
PRC - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HPCA\ManagementAgent\nvdkit.exe
PRC - [2008.04.14 06:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
MOD - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\system32\unimdnat.exe
MOD - [2013.02.17 17:40:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d7ee03714420b252415b952d40ef59e4\System.ServiceProcess.ni.dll
MOD - [2013.02.17 17:40:03 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll
MOD - [2013.02.17 17:39:39 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll
MOD - [2013.02.17 17:38:21 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013.02.17 17:38:17 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2013.02.17 17:38:12 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2013.02.17 17:38:09 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2013.01.12 21:02:26 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\38d7801308f456f03608b4355bf78961\System.Xml.Linq.ni.dll
MOD - [2013.01.12 21:01:43 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013.01.12 21:01:30 | 009,923,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\f84e3ff559093c5633f9e18f7c2d997e\System.Data.Entity.ni.dll
MOD - [2013.01.10 21:15:16 | 001,917,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Speech\91a81dc769e9148a0b9f3840c87ef083\System.Speech.ni.dll
MOD - [2013.01.10 21:15:09 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\edbf4e4a55e63b9fbf0b0b40cba13063\System.Core.ni.dll
MOD - [2013.01.10 21:15:05 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll
MOD - [2013.01.10 21:15:02 | 000,368,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dbfa6bdbfea6f90f3b604c3efce24047\PresentationFramework.Aero.ni.dll
MOD - [2013.01.10 21:14:41 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 21:14:40 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\04eea38364e5ced71d02bf104cb5892c\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 21:14:39 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\8462c03b4f10c4624feb95790d6d1e30\System.Data.ni.dll
MOD - [2013.01.10 21:14:39 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\ad737988d5bde126a3b7770eacc51e5b\System.Transactions.ni.dll
MOD - [2013.01.10 21:14:26 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll
MOD - [2013.01.10 21:14:04 | 001,593,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll
MOD - [2013.01.10 21:13:59 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll
MOD - [2013.01.10 21:13:46 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll
MOD - [2013.01.10 21:13:38 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013.01.10 21:13:34 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll
MOD - [2013.01.10 21:13:32 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013.01.10 21:13:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2012.12.18 16:28:44 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2012.12.18 16:28:44 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\AcroTray.DEU
MOD - [2012.11.22 10:59:19 | 000,113,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
MOD - [2012.11.22 10:59:19 | 000,092,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
MOD - [2012.11.16 14:21:18 | 000,877,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll
MOD - [2012.11.15 16:43:03 | 000,312,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HPCommon\2.5.0.16__89762bc6acc102f8\HPCommon.dll
MOD - [2012.11.15 16:43:03 | 000,098,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\HardwareAccess\2.5.0.16__89762bc6acc102f8\HardwareAccess.dll
MOD - [2012.11.15 16:43:03 | 000,046,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Graphs\2.5.0.16__89762bc6acc102f8\Graphs.dll
MOD - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SCPwrSetSvr.exe
MOD - [2012.04.30 16:43:38 | 001,538,112 | ---- | M] () -- C:\Programme\SGFX\SgfxConfig.exe
MOD - [2012.03.28 10:18:40 | 001,198,872 | ---- | M] () -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
MOD - [2012.03.14 15:29:34 | 000,892,288 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL
MOD - [2012.01.24 12:59:51 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2012.01.24 12:59:38 | 000,249,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2012.01.24 12:59:25 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2012.01.24 12:59:22 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2012.01.24 12:59:21 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2011.10.03 11:21:40 | 002,860,384 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2011.04.08 10:57:54 | 000,514,570 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Connection Manager\sqlite3.dll
MOD - [2009.04.14 21:23:50 | 000,212,992 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclfile.dll
MOD - [2009.04.07 20:45:31 | 000,061,440 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\tclcom.dll
MOD - [2008.04.14 06:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.11.21 19:29:40 | 000,081,920 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\lib\crt\winnt\nvdcrt.dll
MOD - [2007.03.08 20:33:18 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\wnetutl.dll
MOD - [2005.08.25 19:01:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\Temp\.nvdkit\d93a663d6f93a98a\c8bc4efc7e713529\bin\win32\iphelper.dll
========== Services (SafeList) ==========
SRV - [2013.04.12 09:56:43 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.09 08:46:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.03.21 20:01:19 | 000,068,608 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\unimdnat.exe -- (proxydfg)
SRV - [2013.03.14 22:01:43 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.12 07:48:04 | 000,587,912 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Programme\Spyware Terminator\st_rsser.exe -- (ST2012_Svc)
SRV - [2012.11.22 10:59:41 | 000,303,186 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2012.11.09 13:12:16 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.28 18:17:58 | 000,523,680 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe -- (hpHotkeyMonitor)
SRV - [2012.07.27 12:38:26 | 001,420,184 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2012.07.27 12:29:16 | 001,447,736 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Programme\OfficeScan Client\NTRtScan.exe -- (ntrtscan)
SRV - [2012.07.19 09:29:58 | 002,342,008 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vcsFPService.exe -- (vcsFPService)
SRV - [2012.05.07 16:38:32 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SCPwrSetSvr.exe -- (SCPwrSetSvr)
SRV - [2012.04.27 17:38:54 | 004,247,552 | ---- | M] (SMSC) [Auto | Running] -- C:\Programme\SGFX\sgfxmgr.exe -- (SGFXMgr)
SRV - [2012.04.26 17:34:28 | 001,421,696 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Running] -- C:\Programme\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2012.04.25 17:07:46 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012.03.28 10:38:26 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.03.28 10:38:24 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.03.28 10:38:08 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012.03.19 13:24:32 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2012.03.14 15:23:06 | 000,152,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe -- (HP Power Assistant Service)
SRV - [2012.03.09 12:22:42 | 000,117,552 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2012.03.07 02:55:40 | 000,461,024 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- c:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.04.15 12:20:54 | 000,689,680 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Programme\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010.09.21 15:03:28 | 005,236,072 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2009.12.03 16:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.05.19 12:56:46 | 002,578,284 | ---- | M] () [Auto | Running] -- C:/Programme/Hewlett-Packard/HPCA/ManagementAgent/nvdkit.exe -- (rma)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Adapter | Unavailable | Unknown] -- -- (PnSson)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ArcSoftVCapture.sys -- (ARCVCAM)
DRV - [2012.11.22 10:59:41 | 001,996,931 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2012.11.22 10:59:40 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2012.08.24 14:16:10 | 000,147,768 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2012.08.24 14:16:08 | 000,023,136 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\johci.sys -- (johci)
DRV - [2012.08.15 17:01:30 | 000,027,648 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SzCCID.sys -- (SzCCID)
DRV - [2012.04.16 13:45:56 | 000,152,576 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV - [2012.03.19 13:06:10 | 000,071,440 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012.03.19 13:05:08 | 000,061,200 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012.03.19 13:04:50 | 000,177,424 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012.03.15 21:54:16 | 000,239,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1c5132.sys -- (e1cexpress)
DRV - [2012.03.12 14:57:44 | 010,240,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Netwxn00.sys -- (NETwNx32)
DRV - [2011.11.09 12:52:02 | 000,046,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI)
DRV - [2011.10.04 16:54:54 | 000,934,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2011.10.04 16:54:54 | 000,093,480 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwsecfl.sys -- (btwsecfl)
DRV - [2011.10.04 16:54:54 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2011.07.12 11:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\TmXPFlt.sys -- (TmFilter)
DRV - [2011.07.12 11:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011.07.12 11:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Programme\OfficeScan Client\vsapiNT.sys -- (VSApiNt)
DRV - [2011.07.06 19:11:12 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2011.06.21 11:24:06 | 000,032,768 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.04.03 19:19:46 | 002,468,728 | ---- | M] (Sunplus Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPUVCBv.sys -- (SPUVCbv)
DRV - [2011.01.06 15:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.01.06 15:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010.12.10 14:50:12 | 000,141,440 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010.12.10 14:50:12 | 000,062,336 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2010.11.08 19:05:38 | 000,090,448 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010.10.15 02:29:14 | 000,260,864 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.09.21 15:03:55 | 000,007,040 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2010.09.21 15:03:54 | 000,024,320 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2010.01.26 13:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.11.10 16:56:24 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008.07.23 12:31:38 | 000,044,800 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2008.04.14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2E 4E 12 5F 3C DF CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7Bd57c9ff1-6389-48fc-b770-f78bd89b6e8a%7D:1.45
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.http: "94.126.17.69"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Programme\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013.01.10 20:56:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.04.12 09:56:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.04.12 09:56:35 | 000,000,000 | ---D | M]
[2012.12.15 13:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions
[2013.04.01 19:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions
[2013.02.17 17:33:38 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.05 17:50:10 | 000,150,573 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\upoqy2gt.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}.xpi
[2013.04.12 09:56:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 09:56:44 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.08.14 13:33:22 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\CgpCore.dll
[2009.08.14 13:33:30 | 000,091,480 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\confmgr.dll
[2009.08.14 13:33:26 | 000,020,824 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ctxlogging.dll
[2007.03.16 18:33:48 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcm80.dll
[2007.03.16 18:33:48 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcp80.dll
[2007.03.16 18:33:50 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\mozilla firefox\plugins\msvcr80.dll
[2009.08.14 13:35:40 | 000,427,344 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npicaN.dll
[2009.08.14 13:33:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\TcpPServ.dll
[2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2013.04.12 11:46:28 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\Programme\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [HPConnectionManager] C:\Programme\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Programme\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [NUSB3MON] c:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Programme\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QLBController] C:\Programme\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SgfxConfig] C:\Programme\SGFX\sgfxconfig.exe ()
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Programme\Gemeinsame Dateien\TerraTec\Remote\TTTVRC.exe (Elgato Systems)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352900286078 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352900276890 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:AutorunsDisabled () -
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.20 16:31:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell - "" = AutoRun
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{702ce425-7092-11e2-b039-6067201be550}\Shell\AutoRun\command - "" = F:\LiteAuto.exe
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell - "" = AutoRun
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{77852d8a-52b4-11e2-b00c-6067201be550}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.12 12:05:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Anleitung
[2013.04.12 12:00:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2013.04.12 10:44:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\Autoruns
[2013.04.12 09:56:29 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.04.10 13:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes
[2013.04.10 13:10:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.04.10 13:10:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.04.10 13:10:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.10 13:10:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.04.10 11:38:17 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.04.05 17:46:49 | 003,046,048 | ---- | C] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe
[2013.04.04 17:59:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Desktop\grundstück eiche
[2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2013.04.01 17:50:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator
[2013.04.01 17:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
[2013.04.01 17:49:19 | 000,000,000 | ---D | C] -- C:\Programme\Spyware Terminator
[2013.03.22 18:37:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\downloads
[2013.03.22 09:50:57 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader 2
[2013.03.21 20:08:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2013.03.21 20:08:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2013.03.21 20:01:09 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.04.12 12:05:02 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe
[2013.04.12 12:01:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.04.12 12:00:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe
[2013.04.12 11:59:13 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2013.04.12 11:58:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2013.04.12 11:54:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.04.12 11:54:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.04.12 11:46:28 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.04.10 13:12:26 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.10 11:38:19 | 000,000,702 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.10 10:29:28 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.10 10:26:20 | 000,001,879 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.10 10:11:46 | 000,014,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json
[2013.04.09 12:15:53 | 004,734,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf
[2013.04.09 08:45:19 | 000,549,848 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.09 08:45:19 | 000,504,504 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.09 08:45:19 | 000,111,376 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.09 08:45:19 | 000,087,492 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.05 17:46:51 | 003,046,048 | ---- | M] (TeamViewer) -- C:\Dokumente und Einstellungen\Admin\Desktop\TeamViewer Support Windows.exe
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.04.01 17:50:22 | 000,000,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.03.21 20:18:03 | 000,181,808 | ---- | M] () -- C:\WINDOWS\RegBootClean.exe
[2013.03.21 20:01:19 | 000,068,608 | ---- | M] () -- C:\WINDOWS\System32\unimdnat.exe
[2013.03.21 18:12:56 | 000,000,598 | ---- | M] () -- C:\WINDOWS\wiso.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.04.12 12:05:01 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\gmer_2.1.19163.exe
[2013.04.12 11:59:13 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\defogger_reenable
[2013.04.12 11:58:41 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Defogger.exe
[2013.04.10 13:10:49 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.10 11:38:19 | 000,000,708 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013.04.10 11:38:19 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.04.10 10:11:46 | 000,014,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\bookmarks-2013-04-10.json
[2013.04.09 12:15:47 | 004,734,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\02PlanFnp2001Potsdam.pdf
[2013.04.01 17:50:25 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2013.04.01 17:50:22 | 000,000,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Update.lnk
[2013.03.22 09:51:37 | 000,001,660 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader Deinstallationsprogramm.lnk
[2013.03.22 09:51:37 | 000,001,604 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader 2.lnk
[2013.03.21 20:01:55 | 000,181,808 | ---- | C] () -- C:\WINDOWS\RegBootClean.exe
[2013.03.21 20:01:19 | 000,068,608 | ---- | C] () -- C:\WINDOWS\System32\unimdnat.exe
[2013.03.21 20:01:11 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2013.02.24 13:52:25 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wiso.ini
[2013.01.10 21:25:49 | 000,987,552 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013.01.04 19:06:52 | 000,027,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.01.04 18:52:55 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2012.12.19 17:52:40 | 000,010,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Admin\IntelligentesNetz.html
[2012.11.14 16:06:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.11.14 13:28:38 | 000,732,392 | ---- | C] () -- C:\WINDOWS\System32\igkrng700.bin
[2012.11.14 13:28:38 | 000,561,128 | ---- | C] () -- C:\WINDOWS\System32\igfcg700m.bin
[2012.07.23 12:37:24 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\vcsAPIShared.dll.hpsign
[2012.05.07 16:38:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SCPwrSetSvr.exe
[2012.03.07 02:40:26 | 000,001,536 | ---- | C] () -- C:\WINDOWS\System32\IusEventLog.dll
[2012.01.30 12:43:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2012.01.26 15:43:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012.01.24 14:20:53 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\HPPA.ini
[2012.01.24 13:41:04 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.23 12:58:31 | 000,028,510 | ---- | C] () -- C:\WINDOWS\oeminfo.ini
[2012.01.23 12:46:46 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012.01.20 17:07:27 | 000,019,326 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2012.01.20 16:55:50 | 000,015,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2012.01.20 16:54:37 | 000,094,776 | ---- | C] () -- C:\WINDOWS\un_dext.exe
[2012.01.20 16:54:37 | 000,074,616 | ---- | C] () -- C:\WINDOWS\SPRemove.exe
[2012.01.20 16:54:37 | 000,014,409 | ---- | C] () -- C:\WINDOWS\TWAIN2080.ini
[2012.01.20 16:54:37 | 000,003,926 | ---- | C] () -- C:\WINDOWS\Dext_12.ini
[2012.01.20 16:54:37 | 000,003,892 | ---- | C] () -- C:\WINDOWS\Dext_27.ini
[2012.01.20 16:54:37 | 000,003,884 | ---- | C] () -- C:\WINDOWS\Dext_25.ini
[2012.01.20 16:54:37 | 000,003,882 | ---- | C] () -- C:\WINDOWS\Dext_21.ini
[2012.01.20 16:54:37 | 000,003,820 | ---- | C] () -- C:\WINDOWS\Dext_11.ini
[2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_14.ini
[2012.01.20 16:54:37 | 000,003,802 | ---- | C] () -- C:\WINDOWS\Dext_05.ini
[2012.01.20 16:54:37 | 000,003,704 | ---- | C] () -- C:\WINDOWS\Dext_10.ini
[2012.01.20 16:54:37 | 000,003,700 | ---- | C] () -- C:\WINDOWS\Dext_16.ini
[2012.01.20 16:54:37 | 000,003,682 | ---- | C] () -- C:\WINDOWS\Dext_08.ini
[2012.01.20 16:54:37 | 000,003,672 | ---- | C] () -- C:\WINDOWS\Dext_31.ini
[2012.01.20 16:54:37 | 000,003,648 | ---- | C] () -- C:\WINDOWS\Dext_36.ini
[2012.01.20 16:54:37 | 000,003,624 | ---- | C] () -- C:\WINDOWS\Dext_1046.ini
[2012.01.20 16:54:37 | 000,003,622 | ---- | C] () -- C:\WINDOWS\Dext_20.ini
[2012.01.20 16:54:37 | 000,003,591 | ---- | C] () -- C:\WINDOWS\Remove.ini
[2012.01.20 16:54:37 | 000,003,588 | ---- | C] () -- C:\WINDOWS\Dext_06.ini
[2012.01.20 16:54:37 | 000,003,586 | ---- | C] () -- C:\WINDOWS\Dext_22.ini
[2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_19.ini
[2012.01.20 16:54:37 | 000,003,550 | ---- | C] () -- C:\WINDOWS\Dext_07.ini
[2012.01.20 16:54:37 | 000,003,522 | ---- | C] () -- C:\WINDOWS\Dext_02.ini
[2012.01.20 16:54:37 | 000,003,492 | ---- | C] () -- C:\WINDOWS\Dext_24.ini
[2012.01.20 16:54:37 | 000,003,450 | ---- | C] () -- C:\WINDOWS\Dext_29.ini
[2012.01.20 16:54:37 | 000,003,416 | ---- | C] () -- C:\WINDOWS\Dext_01.ini
[2012.01.20 16:54:37 | 000,003,342 | ---- | C] () -- C:\WINDOWS\Dext_30.ini
[2012.01.20 16:54:37 | 000,003,220 | ---- | C] () -- C:\WINDOWS\Dext_09.ini
[2012.01.20 16:54:37 | 000,003,174 | ---- | C] () -- C:\WINDOWS\Dext_13.ini
[2012.01.20 16:54:37 | 000,002,850 | ---- | C] () -- C:\WINDOWS\Dext_04.ini
[2012.01.20 16:54:37 | 000,002,750 | ---- | C] () -- C:\WINDOWS\Dext_17.ini
[2012.01.20 16:54:37 | 000,002,674 | ---- | C] () -- C:\WINDOWS\Dext_18.ini
[2012.01.20 16:54:37 | 000,002,638 | ---- | C] () -- C:\WINDOWS\Dext_2052.ini
[2012.01.20 16:53:35 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\syndata.bin
[2012.01.20 16:47:50 | 000,197,016 | ---- | C] () -- C:\WINDOWS\System32\igfcg600m.bin
[2012.01.20 16:47:50 | 000,145,804 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng600.bin
[2012.01.20 16:47:50 | 000,004,096 | ---- | C] ( ) -- C:\WINDOWS\System32\IGFXDEVLib.dll
[2012.01.20 16:47:49 | 000,783,644 | ---- | C] () -- C:\WINDOWS\System32\igkrng600.bin
[2012.01.20 16:47:49 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\GfxUI.exe.config
[2012.01.20 16:33:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.20 16:28:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.20 16:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.20 16:16:03 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.10.12 03:02:14 | 000,187,728 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll
[2011.10.12 03:02:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\PassThroughOTP.dll.hpsign
[2011.10.03 11:21:40 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
========== ZeroAccess Check ==========
[2012.01.24 11:54:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2013.02.24 13:58:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Buhl Data Service
[2012.12.17 19:32:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Citrix
[2012.12.20 18:44:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICAClient
[2012.11.15 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\LocalLow
[2012.11.14 15:42:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\SMSC
[2013.04.01 17:50:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Spyware Terminator
[2012.01.23 10:33:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Synaptics
[2013.04.05 17:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TeamViewer
[2013.01.04 18:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\TerraTec
[2013.02.24 13:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH
[2012.11.16 14:23:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Qualcomm Atheros
[2013.01.04 18:33:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2013.04.12 10:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2012.11.14 13:30:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SZCCID
[2013.01.04 18:49:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec
[2012.01.24 15:41:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2012.11.14 16:07:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Validity
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 12.04.2013 12:06:49 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,91 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 66,26% Memory free
3,76 Gb Paging File | 3,04 Gb Available in Paging File | 80,93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 87,89 Gb Total Space | 62,88 Gb Free Space | 71,55% Space Free | Partition Type: NTFS
Drive D: | 87,87 Gb Total Space | 46,37 Gb Free Space | 52,78% Space Free | Partition Type: FAT32
Computer Name: PARA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"12344:TCP" = 12344:TCP:*:Enabled:Trend Micro OfficeScan Listener
"3465:TCP" = 3465:TCP:*:Enabled:HPCA-RAM 7.50.7535 (3465)
"3463:TCP" = 3463:TCP:*:Enabled:HPCA-RMA 7.50.7535 (3463)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Internet Explorer\iexplore.exe" = C:\Programme\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema Basic (Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema Basic -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec Home Cinema Basic (tvtv Setup) -- (TERRATEC Electronic GmbH)
"C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe" = C:\Programme\TerraTec\TerraTec Home Cinema\VersionCheck\VersionCheck.exe:*:Enabled:TerraTec Home Cinema Basic (Auto Update) -- (TERRATEC Electronic GmbH)
"C:\Programme\Spyware Terminator\SpywareTerminator.exe" = C:\Programme\Spyware Terminator\SpywareTerminator.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
"C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Spyware Terminator 2012 -- (Crawler.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{1121A0B7-4CC0-49F5-9310-37E308D388EA}" = HP SoftPaq Download Manager
"{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}" = HP Wallpaper
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{18F4179A-385F-40EE-AE2D-FA0E1BE62753}" = HP Software Framework
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B2E5A81-C31B-40AD-B3C6-C08C85755A14}" = HP Connection Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{446A6333-0247-4E14-BC59-FF3598F65D21}" = HPCA Management Agent
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B18ABC-AD5F-4C3C-B391-04F57B380449}" = HP Client Automation Agent Preload
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{59A443A7-FFBF-41F1-B033-51D7B9A4AF5C}" = Mobile Broadband Generic Drivers
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6553F4A8-B67F-49BA-A882-FF499C83CF4B}" = 32 Bit HP CIO Components Installer
"{682FBA83-2CCA-4CFA-A08A-6767DAB2FC9C}" = HP Power Assistant
"{6EC6CE35-3230-4748-9140-4A68B3DC50FE}" = HP ESU for Microsoft Windows XP
"{70B6AFF1-40D1-486E-B846-26F88AFC78C2}" = Intel® Trusted Connect Service Client
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75BF632E-4761-4CF4-A368-E158B8A1BB1C}" = HP Port Replicator Software Installer
"{76EA55BD-535F-4AB4-AD80-A8CA331F4E6F}" = Windows Messenger 5.1
"{7ADD9AFB-4CF8-46E6-AD6F-88DB7C949533}" = HP USB Docking Video
"{842B692C-3562-4AA2-8A1D-75C1AE770E23}" = ViewSpan
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{3CB0380B-0413-4C44-A63B-DCD6369EAF4E}" = Microsoft Office Visio 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"{BAB5DCE0-2B99-4B28-837F-B5752043A361}" = DisplayLink Core Software
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF164C10-6C85-4C39-AFDC-577E42078564}" = Core Graphics Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1CCF2E9-4851-4783-8076-D9C3F7DDD487}" = Citrix XenApp Plugin für gehostete Anwendungen
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4543880-0A6F-41CC-BB6F-9B27407A7E28}" = HP 3D DriveGuard
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{C97CC14E-4789-4FC5-BC75-79191F7CE009}" = HP Hotkey Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DBBE5C26-72B7-4E01-950D-86BDE35918ED}" = Embedded Security for HP ProtectTools Driver
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F24F876B-7D71-4BD6-88E9-614D3BB84231}" = Alcor Micro Smart Card Reader Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F48BE301-EC78-4686-B580-EE4934558798}" = Broadcom 2070 Bluetooth 3.0
"{F5FB6A99-F6BD-4F13-AD89-A9F0DE5E1F68}" = Cinergy_Stick_DUAL_REV2
"{F83E415D-074E-4DAB-A623-5B3ABF9F3094}" = Validity Fingerprint Sensor Driver
"{FDDDD898-725F-498E-8582-938326066177}" = HP Battery Check
"0630-0716-3135-7887" = JDownloader 2
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Core Graphics Software" = SMSC Core Graphics Software
"GSiteCrawler" = GSiteCrawler
"HP Battery Check" = HP Battery Check
"ie8" = Windows Internet Explorer 8
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{B00F7A58-06CA-409A-BA19-45782B4C0069}" = Cinergy_T_Stick_Dual 32Bit
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKVToolNix" = MKVToolNix 6.1.0
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"OfficeScanNT" = Trend Micro OfficeScan Client
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) Network Connections Drivers
"Sunplus SPUVCb" = HP HD Webcam [Fixed]
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SZCCID" = Alcor Micro Smart Card Reader Driver
"Totalcmd" = Total Commander (Remove or Repair)
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 2.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"IN Customer Control" = IN Customer Control
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3953
Error - 17.02.2013 12:12:20 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3953
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5906
Error - 17.02.2013 12:12:22 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5906
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7922
Error - 17.02.2013 12:12:24 | Computer Name = PARA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7922
Error - 19.02.2013 15:21:15 | Computer Name = PARA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CinergyDvr.exe, Version 6.25.6.985, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ HP Connection Manager Events ]
Error - 12.04.2013 04:06:10 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 10:06:10.109|00001090|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 05:56:51 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:51.859|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.000|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 05:56:53 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 11:56:53.562|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.562|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:18 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:18.593|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
Error - 12.04.2013 06:06:19 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:19.171|00001314|Error |[HP.Mobile]HotSpot::f{void()}|Die
Methode oder der Vorgang sind nicht implementiert.
Error - 12.04.2013 06:06:20 | Computer Name = PARA | Source = hpMobile | ID = 5
Description = 2013.04.12 12:06:20.015|00001314|Error |[HP.Mobile]Notifications::a{bool(HP.Mobile.Presentation.Notifications+a,string,string,string,string,string)}|HP
Software framework Failed from popup: e_INVALID_HP_SIGNATURE
[ HP Power Assistant Events ]
Error - 24.01.2013 10:21:16 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 24.01.2013 10:21:19 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 17.02.2013 11:46:21 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 17.02.2013 11:50:33 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 19.02.2013 17:32:48 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 19.02.2013 17:32:50 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 2
Error - 10.03.2013 09:56:53 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 14.03.2013 16:02:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 16.03.2013 15:53:34 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
Error - 19.03.2013 12:01:24 | Computer Name = PARA | Source = HP PA Service | ID = 1002
Description = An error occurred while using HP CASL. Please restart HP Power Assistant
application. Additional details may be available in the Details section. DETAILS
CASL Error! Event LidSwitch.Changeddidn't return Int32 : System.UInt32obj: 1
[ HP Software Framework Events ]
Error - 16.03.2013 15:30:48 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.16 20:30:48.906|000012B0|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 17.03.2013 06:44:30 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 11:44:30.703|00000FCC|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 17.03.2013 14:10:58 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.17 19:10:58.093|00001750|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 23.03.2013 03:36:13 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 08:36:13.781|00001094|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 23.03.2013 10:43:42 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.03.23 15:43:42.781|000016D4|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 01.04.2013 12:46:40 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 18:46:40.342|00001378|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 01.04.2013 13:46:25 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.01 19:46:25.937|000012C0|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 09.04.2013 09:30:44 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 15:30:44.078|00001094|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 09.04.2013 10:11:47 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.09 16:11:47.000|00001280|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
Error - 10.04.2013 04:02:29 | Computer Name = PARA | Source = CaslSmBios | ID = 5
Description = 2013.04.10 10:02:29.218|000013E8|Error |[CaslWmi]CommandDebug::A{hpCasl.enReturnCode()}|InvalidOperationException
message: Der Dienst hpqWmiEx auf dem Computer . konnte nicht gesteuert werden.
[ System Events ]
Error - 10.04.2013 13:29:17 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 03:27:38 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:52:02 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron OHCI Compliant IEEE 1394 Host Controller" (PCI\VEN_197B&DEV_2380&SUBSYS_1618103C&REV_30\4&3277fbd5&0&00E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD/MMC Host Controller" (PCI\VEN_197B&DEV_2392&SUBSYS_1618103C&REV_30\4&3277fbd5&0&01E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 12.04.2013 05:57:09 | Computer Name = PARA | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMicron PCIe SD Host Controller" (PCI\VEN_197B&DEV_2391&SUBSYS_1618103C&REV_30\4&3277fbd5&0&02E2)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-12 13:58:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS723232A7A364 rev.EC2OA60W 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\pgtorfow.sys
---- System - GMER 2.1 ----
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose [0xA7AC7444]
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0xA7AC6C8A]
SSDT 8A0DBF34 ZwCreateKey
SSDT 8A2B9554 ZwCreateMutant
SSDT 8862816C ZwCreateProcess
SSDT 8A12612C ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0xA7AC8520]
SSDT 8A2BCF34 ZwCreateSymbolicLinkObject
SSDT 8A27DDBC ZwCreateThread
SSDT 88602A6C ZwDebugActiveProcess
SSDT 8A034CB4 ZwDeleteKey
SSDT 87F9308C ZwDeleteValueKey
SSDT 88654864 ZwDuplicateObject
SSDT 8A07DF34 ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0xA7AC6F9C]
SSDT 8A12616C ZwOpenProcess
SSDT 87F75C1C ZwOpenSection
SSDT 885DA694 ZwOpenThread
SSDT 8A44AC7C ZwRenameKey
SSDT 880AA43C ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetInformationFile [0xA7AC70D2]
SSDT 8A249ECC ZwSetSystemInformation
SSDT 8A474804 ZwSetValueKey
SSDT 8A45EF34 ZwTerminateProcess
SSDT 8A07F934 ZwTerminateThread
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0xA7AC72BC]
SSDT 8A458314 ZwWriteVirtualMemory
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys
Device \FileSystem\Cdfs \Cdfs A5E86400
---- EOF - GMER 2.1 ----
|
