Virus Schweizer Eidgenossenschaft

Kunti · 20.11.2012, 01:58

hallo
habe mir oben gelisteten virus eingefangen. könnt ihr mir helfen?

habe Malwarebytes Anti-Malware mal drüber laufen lassen. hoffe hab damit nicht schon was vertan.

hier die OTL files:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.11.2012 01:42:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.73% Memory free
11.81 Gb Paging File | 9.55 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349.00 Gb Total Space | 297.20 Gb Free Space | 85.16% Space Free | Partition Type: NTFS
Drive D: | 23.76 Gb Total Space | 2.49 Gb Free Space | 10.47% Space Free | Partition Type: NTFS
 
Computer Name: HP-M6 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00788512-8D3B-4E21-A227-F755896EDE68}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{012EBFE7-2CFC-47C3-A7E9-CF09BB1691A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{05C05B88-12B9-45E8-9995-000BD4F233DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07E84A59-4ADD-492C-BF03-D78255C8E52A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0BDF70C5-12A2-4D0B-8418-1520298593B1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{18FFCC10-F7B2-44A4-9D16-68275E7AB371}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{351E9E07-628A-4C9A-BCDC-BF92EEE1BD4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43DEF0B1-E504-4DE2-8008-EC0F81D4436B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4478168F-7203-4811-ACB3-34BB1DB3085A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{45E4BCE4-F78B-42A4-9E4B-8ED38B4E85DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5232BA82-4F51-4D1A-AB3D-17A9A94C9B64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5E783639-994C-489A-8992-C18791A7CEEC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{69822409-A9EA-4084-951F-C17C1A590149}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6C20296C-1CA4-4918-ADA4-98C2DDCF732C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8F5F93CA-7138-40BF-81A4-D329CE28B88A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{976E369F-9C80-43C3-A5F2-A1582FC5ADF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A483F1F1-9FF4-4447-A13C-9E6EBCEDD468}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A9955051-F204-48B9-ACEA-1FEAFC4844E9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{ABFFEB43-5067-4E42-90EE-96378AF4230D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{B0C69A17-1CF0-418A-913F-FCAAF9E1EF2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{B9F0A9D4-3D3A-41E9-81EF-E3FDD0C6A50B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C0EF270F-0624-4007-A7D6-CE4447295B9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C103D0D9-4CB1-4102-9CEB-F99A6532F703}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E276D037-E9CA-4D90-8313-145E29591049}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E765C7D3-7314-4342-A379-070B05923AE9}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FF3F8F0A-DFF3-4FED-932E-CB70B9CF6530}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031AC3DA-929F-4159-B452-301493CE846F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{08862B9B-4BBD-48A3-BF99-26FA94480197}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0DF8D7B7-314C-475E-B2A1-FBDD32513AA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1808B067-542F-43DD-A18B-EDF14938CFCA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1A393AA7-4108-4F6C-914E-46D491980A89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2B7F77E6-A6AA-408D-961F-E39D7A6A6D9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2CAEB94F-187E-43FB-9B31-2342E76FB3E4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{380A7CBD-C6E4-4593-B715-544C3D8E2E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3B6EFFC8-F2B5-4A52-BD0F-C2717618B9F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{42A8793C-5ACC-4C12-8436-B2D6B6D9D54D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{494E8017-5E0F-4736-8B3E-499FD7550AF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C5AF61C-A870-4EA6-B3AA-DF3E182BEC85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{553EFA73-645A-4DA2-BDE2-5A4A96A686E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{595EC533-7A69-4EC5-A77D-AF6B86929DAC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{5CA068AA-F07D-45D4-ADB4-5D77197829AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63A9F76F-7163-46D4-9743-F000E0CFB82B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{63AD03F7-83A9-4F23-A7CC-5E2A86EE141B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{6ACB28C9-9599-4630-90CB-871964338DA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6AF827A5-086C-45BE-9579-90D281FCC7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{839AB95D-5CC7-4328-BD86-08BB60499C5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D963CAD-2158-4BFA-8C0A-40E2721CA940}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9BC1B5E9-3ECF-45D4-9C3C-BAFDDAEF5D27}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A34D081A-887C-46C1-8D26-0649ACF1D22B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A82B8C84-79A3-4E68-83C4-6FB1EF4B5530}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BE17B8EA-AF0A-40DB-B3B5-47EBDD79BAE5}" = protocol=6 | dir=out | app=system | 
"{C6FF8614-2A3A-40C5-B1C6-8B7766ECF7CE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CA13E579-3BF7-4CE4-8C29-4052AFD4CAD3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E4822EF1-D3FC-4EBC-8D65-C0C5919906B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F279C17B-E095-4BC6-B310-2610D22466A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FFE84314-8E6E-4044-BB6B-4357D210378E}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1A3545C2-0AFD-C105-C435-54A15B8A6EEA}" = ccc-utility64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{42719DC3-4982-47DD-B025-B21C4BDD504D}" = HP Security Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B94134E-A125-4D06-ACBE-50747148E406}" = HP 3D DriveGuard
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D8360C56-B89D-47AA-91A5-8D27A20844FB}" = Validity WBF DDK
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02502AFC-DF30-06EC-23CC-7051137D7010}" = CCC Help English
"{04A73D68-AADD-483E-2694-3AA23A654667}" = CCC Help Chinese Standard
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D83FCDE-8CAF-45E6-907D-6AF8E2A5EE01}" = HP Documentation
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12BBA7A6-D57A-F84E-5DF7-4255C1B22F18}" = Catalyst Control Center Profiles Mobile
"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D148CE-7130-D361-1EE9-D035CFCA162F}" = CCC Help Polish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29814F2A-883F-EDC9-9E36-BE76B2C98784}" = CCC Help Chinese Traditional
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E6AC0F7-E57C-F084-B4AE-E32BD567B8B1}" = CCC Help Spanish
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{47DD3266-1ECB-05AF-9EB7-8E4972680EA1}" = CCC Help Korean
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{498D1F5C-1FE7-9350-60EF-45AFE1A3B34E}" = Catalyst Control Center Graphics Previews Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BD76D2B-7E5C-3AA6-819F-303AAEEABA12}" = CCC Help Greek
"{4F34A145-8CF3-400C-B5DB-2B1BF604304D}" = ESU for Microsoft Windows 7 SP1
"{520CD906-0723-CCA8-D082-36952E477B88}" = CCC Help French
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B816501-5CE5-D141-620E-3F4C0F080A23}" = CCC Help Turkish
"{607474AD-0BA0-3400-78AE-53679AD42D04}" = CCC Help Dutch
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B9C61A0-4E98-716E-9E54-298D782D00B3}" = CCC Help Japanese
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{6F971572-2C12-0C09-D468-D9B87963D4A1}" = CCC Help German
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{768A2F4E-B14E-C8F1-5E87-E3479B585E7E}" = CCC Help Danish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{85425296-5669-83E6-2079-322EC1C2FB3C}" = CCC Help Swedish
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8719F1D9-5556-4057-B12A-8789C975BCD9}" = Catalyst Control Center - Branding
"{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{89FEFB54-198C-6ABC-2786-EFB4C292C3D8}" = CCC Help Russian
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFF7990-ECFA-6EDD-5925-1CCB7120AE19}" = CCC Help Finnish
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9852739C-C172-839B-4A97-D19C9EF0B1DA}" = CCC Help Czech
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D070A8D-054F-4012-DCFC-F211D54B6020}" = CCC Help Italian
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A26012C1-F09D-56D8-284A-7CE11879E989}" = CCC Help Norwegian
"{A37BFF91-1A64-10FA-E360-68D2585F3056}" = PX Profile Update
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2DBBB1B-1F86-A56F-873D-7B10E74FDACD}" = CCC Help Portuguese
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEF712BF-07DB-67A8-BA7D-D59A6C22A609}" = Catalyst Control Center Localization All
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D75F189B-E302-55C9-DFEF-D81DA01D1C00}" = CCC Help Thai
"{D8C2078B-520D-C552-D63F-0CEE323B70B2}" = CCC Help Hungarian
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50B774B-D531-F85A-1DE5-652346F75E90}" = Catalyst Control Center
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Ravensburger tiptoi" = Ravensburger tiptoi
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-01379085-82e4-41f2-b8d1-165a16c296d1" = Jewel Quest Solitaire 2
"WTA-0bdd3010-5e32-4da3-83d7-9060caffb496" = Polar Bowler
"WTA-14919343-c2a8-4ad1-b067-b83f03d8e173" = Farm Frenzy
"WTA-3f5a9bef-4f8d-4a6e-8af8-19a7aa813950" = Cradle of Rome 2
"WTA-4c9f5111-3a52-403f-a09c-def330269579" = Virtual Villagers 4 - The Tree of Life
"WTA-58fbb02e-9488-4fe5-a20f-0d4f963b0c58" = Cake Mania
"WTA-5ac2f729-a5ca-4674-9f37-8deeb41ed873" = Fishdom (TM) 2
"WTA-5c1cd086-3987-44bf-be41-10eb77fb2435" = Plants vs. Zombies - Game of the Year
"WTA-68e0afa2-4be7-49fd-a61e-06db3bc42dbf" = Zuma's Revenge
"WTA-69c5d967-9e47-483e-b66c-851647b9d752" = Mystery of Mortlake Mansion
"WTA-7b65e33a-5f7d-4188-ab75-2ad7d60267d7" = Jewel Quest II
"WTA-83e5036d-555a-46fa-9689-5e857822c0b3" = Jewel Match 3
"WTA-8503ca17-80a4-4efb-a420-38aa490c1864" = Bejeweled 3
"WTA-8f151818-67c6-4aeb-9657-65483f5d5dbf" = Farmscapes
"WTA-940bccbf-6b75-4aee-a6c7-eeeb72e6a29e" = Chuzzle Deluxe
"WTA-a3ad8e56-1b15-4f76-8c79-e35ae9281dfe" = Insaniquarium Deluxe
"WTA-a517b578-876b-413c-b8fc-9d541afe3e33" = Mahjongg Artifacts
"WTA-b0da96ea-6bf7-48a1-9660-c5f6b228182c" = Final Drive Fury
"WTA-b384d1ac-91bb-4e15-ac6a-959658b65cab" = Torchlight
"WTA-c611e4b9-9580-45d9-a525-01fae5246ff8" = Wedding Dash
"WTA-cd26d234-99d9-47a6-97f4-179edc846564" = Virtual Families
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.10.2012 15:37:31 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 999
 
Error - 09.10.2012 15:37:31 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999
 
Error - 09.10.2012 15:37:32 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.10.2012 15:37:32 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2059
 
Error - 09.10.2012 15:37:32 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2059
 
Error - 09.10.2012 15:37:33 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 09.10.2012 15:37:33 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3089
 
Error - 09.10.2012 15:37:33 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3089
 
Error - 14.10.2012 08:40:13 | Computer Name = HP-M6 | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 14.10.2012 08:40:53 | Computer Name = HP-M6 | Source = Application Error | ID = 1000
Description = Faulting application name: avguard.exe, version: 13.4.0.184, time 
stamp: 0x50616a94  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time 
stamp: 0x4ec49b8f  Exception code: 0xc0000374  Fault offset: 0x000ce6c3  Faulting process
 id: 0xec8  Faulting application start time: 0x01cd9d6f65278ea6  Faulting application
 path: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe  Faulting module path:
 C:\Windows\SysWOW64\ntdll.dll  Report Id: 6399ffd8-15fc-11e2-8fc1-08edb98ece4b
 
[ Hewlett-Packard Events ]
Error - 18.10.2012 13:37:14 | Computer Name = HP-M6 | Source = HPSF.exe | ID = 4000
Description = 
 
Error - 18.10.2012 13:37:23 | Computer Name = HP-M6 | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: Failed to perform update.  StackTrace:   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
 category)     at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager  InnerException.Message:
 Object '/ef128df6_3804_4a3d_ba01_f0f4f3d78a04/x5nwyvzpuv4dc7i_tj1wv5zg_5.rem' has
 been disconnected or does not exist at the server.    Name: hpsa_service.exe  Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 6046  Ram Utilization: 30  TargetSite: Void UpdateDetail(System.String)  
 
Error - 19.11.2012 14:44:28 | Computer Name = HP-M6 | Source = HPSFMsgr.exe | ID = 4000
Description = HP Error ID: -2147221164   at System.RuntimeTypeHandle.CreateInstance(RuntimeType
 type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle&
 ctor, Boolean& bNeedSecurityCheck)     at System.RuntimeType.CreateInstanceSlow(Boolean
 publicOnly, Boolean fillCache)     at System.RuntimeType.CreateInstanceImpl(Boolean
 publicOnly, Boolean skipVisibilityChecks, Boolean fillCache)     at System.Activator.CreateInstance(Type
 type, Boolean nonPublic)     at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()
StackTrace:
   at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly,
 Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck)

   at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache)

   at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks,
 Boolean fillCache)     at System.Activator.CreateInstance(Type type, Boolean nonPublic)

   at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed()  Source: mscorlib

Name:
 HPSFMsgr.exe  Version: 01.00.00.00  Path: C:\Program Files (x86)\Hewlett-Packard\HP
 Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe  Format: en-US  RAM: 6046  Ram
 Utilization: 20  TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean,
 Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef)  
 
[ System Events ]
Error - 24.09.2012 11:54:21 | Computer Name = HP-M6 | Source = DCOM | ID = 10010
Description = 
 
Error - 14.10.2012 08:41:04 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 14.10.2012 08:41:04 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
 error:   %%5
 
Error - 14.10.2012 08:41:04 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7031
Description = The Avira Real-Time Protection service terminated unexpectedly.  It
 has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds:
 Restart the service.
 
Error - 14.10.2012 08:41:42 | Computer Name = HP-M6 | Source = DCOM | ID = 10010
Description = 
 
Error - 16.10.2012 18:21:54 | Computer Name = HP-M6 | Source = DCOM | ID = 10010
Description = 
 
Error - 20.10.2012 10:59:54 | Computer Name = HP-M6 | Source = DCOM | ID = 10010
Description = 
 
Error - 21.10.2012 03:17:50 | Computer Name = HP-M6 | Source = DCOM | ID = 10010
Description = 
 
Error - 28.10.2012 10:37:48 | Computer Name = HP-M6 | Source = DCOM | ID = 10010
Description = 
 
Error - 28.10.2012 10:39:23 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the HPWMISVC service.
 
 
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.11.2012 01:42:46 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
5.90 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.73% Memory free
11.81 Gb Paging File | 9.55 Gb Available in Paging File | 80.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 349.00 Gb Total Space | 297.20 Gb Free Space | 85.16% Space Free | Partition Type: NTFS
Drive D: | 23.76 Gb Total Space | 2.49 Gb Free Space | 10.47% Space Free | Partition Type: NTFS
 
Computer Name: HP-M6 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.)
PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8bb44e1dd221cada48308ce5f5d20561\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0461c2bf4c5b235c0ca1d923c10d6849\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.)
SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvIntel) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDF
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{FEB229F0-15F1-47A4-8A62-E2C37C0B6550}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDF
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms}
IE - HKLM\..\SearchScopes\{FEB229F0-15F1-47A4-8A62-E2C37C0B6550}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF
IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\..\SearchScopes,DefaultScope = {0863FD76-9D47-40BC-8C12-FA2DEA25765E}
IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\..\SearchScopes\{0863FD76-9D47-40BC-8C12-FA2DEA25765E}: "URL" = https://www.google.ch/search?q={searchTerms}
IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 22:10:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.14 23:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 22:10:23 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.14 23:23:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012.08.29 17:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2012.10.23 07:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvxmqjm5.default\extensions
[2012.10.26 22:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.26 22:10:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.07 14:40:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.22 10:39:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP)
O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP)
O3 - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4677FE60-156F-4A2A-8A06-97FBD415447F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.20 01:35:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.20 01:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.11.20 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.11.20 01:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.20 01:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.20 01:00:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.20 01:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.20 00:37:30 | 010,524,080 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.65.0.1400.exe
[2012.11.20 00:29:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2012.11.19 19:58:59 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.11.19 19:58:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2012.11.19 19:54:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.11.19 19:54:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.11.19 19:54:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.11.19 19:54:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.11.19 19:54:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.11.19 19:54:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.11.19 19:54:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.11.19 19:54:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.11.19 19:54:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.11.19 19:54:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.11.19 19:54:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.11.19 19:54:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012.11.19 19:54:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.11.19 19:54:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.11.19 19:54:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012.11.19 19:52:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2012.11.19 19:52:51 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2012.11.19 19:52:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2012.11.19 19:52:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2012.11.19 19:51:55 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2012.11.19 19:51:55 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2012.11.19 19:51:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2012.11.19 19:51:55 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2012.11.19 19:51:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2012.11.19 19:51:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2012.11.19 19:51:53 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2012.11.19 19:51:53 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2012.11.19 19:51:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2012.11.19 19:50:38 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll
[2012.11.19 19:50:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll
[2012.11.14 23:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.04 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LibreOffice
[2012.11.04 08:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6
[2012.11.04 08:07:30 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2012.11.04 08:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.6
[2012.10.26 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.23 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.23 19:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.23 19:30:34 | 000,000,000 | ---D | C] -- C:\AMD
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.20 01:36:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.20 01:01:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.20 00:57:09 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 00:57:09 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.20 00:54:15 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.20 00:54:15 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.20 00:54:15 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.20 00:47:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.20 00:46:55 | 460,042,239 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.20 00:37:48 | 010,524,080 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\***\Desktop\mbam-setup-1.65.0.1400.exe
[2012.11.20 00:29:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe
[2012.11.19 20:06:23 | 000,311,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.19 20:04:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.19 07:18:20 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job
[2012.11.19 07:12:37 | 000,002,110 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.11.15 19:41:16 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.11.15 19:41:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.11.08 19:47:12 | 000,019,451 | ---- | M] () -- C:\Users\***\Desktop\Aktuelle-Tiefdrucklage-k246nnte-den-ersehnten-R1.jpg
[2012.11.08 19:46:15 | 000,096,397 | ---- | M] () -- C:\Users\***\Desktop\Blitz_(iStock)_466x317.jpg
[2012.11.08 19:44:41 | 000,052,315 | ---- | M] () -- C:\Users\***\Desktop\schnee.jpg
[2012.11.08 19:41:33 | 000,044,063 | ---- | M] () -- C:\Users\***\Desktop\orkan_lothar_-_10.Par.0002.Image.jpg
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.20 01:00:45 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.19 19:59:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.11.19 19:52:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.11.19 19:40:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.08 19:47:10 | 000,019,451 | ---- | C] () -- C:\Users\***\Desktop\Aktuelle-Tiefdrucklage-k246nnte-den-ersehnten-R1.jpg
[2012.11.08 19:46:15 | 000,096,397 | ---- | C] () -- C:\Users\***\Desktop\Blitz_(iStock)_466x317.jpg
[2012.11.08 19:44:41 | 000,052,315 | ---- | C] () -- C:\Users\***\Desktop\schnee.jpg
[2012.11.08 19:41:32 | 000,044,063 | ---- | C] () -- C:\Users\***\Desktop\orkan_lothar_-_10.Par.0002.Image.jpg
[2012.08.29 20:02:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.08.29 14:25:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2012.07.04 23:19:58 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2012.07.04 23:18:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.04 23:16:45 | 003,312,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.04 23:08:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.03.01 14:26:16 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.01 14:26:16 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.28 10:58:18 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.02.28 10:58:18 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.28 10:52:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.02.28 10:15:26 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.13 03:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.08.29 16:53:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDT
[2012.11.04 08:09:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice
[2012.09.02 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi
[2012.11.19 07:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2012.08.29 14:33:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics
[2012.08.29 17:51:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2012.08.29 20:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2012.08.31 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent
[2012.08.29 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

t'john · 20.11.2012, 05:55

Bitte das Malwarebytes Logfile posten!
(Reiter Logberichte)

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [] File not found 
[2012.11.19 20:04:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad 
:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***\*.tmp
C:\Users\***\AppData\Local\{*}
C:\Users\***\AppData\Local\Temp\*.exe
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

danach:

3. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Kunti · 20.11.2012, 20:30

here you go...

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
C:\ProgramData\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} folder moved successfully.
C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
File\Folder C:\Users\***\*.tmp not found.
File\Folder C:\Users\***\AppData\Local\{*} not found.
File\Folder C:\Users\***\AppData\Local\Temp\*.exe not found.
File\Folder C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache not found.
File/Folder C:\Users\Monika & Mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Monika & Mischa\Desktop\cmd.bat deleted successfully.
C:\Users\Monika & Mischa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Monika & Mischa
->Temp folder emptied: 573455 bytes
->Temporary Internet Files folder emptied: 229908 bytes
->Java cache emptied: 1008723 bytes
->FireFox cache emptied: 119954042 bytes
->Flash cache emptied: 902 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41669861 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 156.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11202012_202624

Files\Folders moved on Reboot...
C:\Users\Monika & Mischa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

hallo john

leider kann ich den mbar scan nicht starten. wenn ich auf scan clicke bekomme ich immer einen bluescreen mit einer BAD_POOL_HEADER meldung...

hast du einen rat?

hier der mbam log:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Monika & Mischa :: HP-M6 [Administrator]

Schutz: Aktiviert

20.11.2012 01:13:22
mbam-log-2012-11-20 (01-13-22).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201825
Laufzeit: 2 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

soll ich den adwcleaner trotzdem laufen lassen?

...ach, das war ja nach dem mbam-fixen.

log von davor kommt noch...

so, hier also der mbam log mit dem fix:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Monika & Mischa :: HP-M6 [Administrator]

Schutz: Aktiviert

20.11.2012 01:02:39
mbam-log-2012-11-20 (01-02-39).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201819
Laufzeit: 4 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

t'john · 21.11.2012, 03:38

Weiter mit Schritt 3!

danach:

TDSSKiller von Kaspersky

- Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
- Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
- deaktiviere vorübergehend dein AntiVirus-Programm
- Starte die TDSSKiller.exe durch Doppelklick.
- Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
- Bestätige das ggfs. mit Y(es).
- Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
- Poste den Inhalt von C:\TDSSKiller.txt hier in den Thread.

Hier findest Du eine ausführlichere TDSSKiller Anleitung.

Kunti · 21.11.2012, 07:01

erst mal adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.008 - Logfile created 11/21/2012 at 06:57:34
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Monika & Mischa - HP-M6
# Boot Mode : Normal
# Running from : C:\Users\Monika & Mischa\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0 (en-US)

Profile name : default 
File : C:\Users\Monika & Mischa\AppData\Roaming\Mozilla\Firefox\Profiles\xvxmqjm5.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1335 octets] - [20/11/2012 22:31:58]
AdwCleaner[S1].txt - [1122 octets] - [21/11/2012 06:57:34]

########## EOF - C:\AdwCleaner[S1].txt - [1182 octets] ##########

hi john

der tdsskiller hat nichts gefunden und auch keinen log produziert. oder habe ich was falsch gemacht?

wie weiter?

hmm...vielleicht ist das fehlende log beim adsskiller drauf zurückzuführen dass ich adsskiller.exe noch im ordner auf dem desktop hatte.

werde das heute abend nochmals wiederholen...

thanks!
Kunti

t'john · 21.11.2012, 17:18

Schau auf c:\

Da muss es ein Log geben.

Kunti · 21.11.2012, 20:22

ok habs gefunden:

Code:

ATTFilter

20:19:32.0516 1876  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:19:32.0641 1876  ============================================================
20:19:32.0641 1876  Current date / time: 2012/11/21 20:19:32.0641
20:19:32.0641 1876  SystemInfo:
20:19:32.0641 1876  
20:19:32.0641 1876  OS Version: 6.1.7601 ServicePack: 1.0
20:19:32.0641 1876  Product type: Workstation
20:19:32.0641 1876  ComputerName: HP-M6
20:19:32.0641 1876  UserName: Monika & Mischa
20:19:32.0641 1876  Windows directory: C:\Windows
20:19:32.0641 1876  System windows directory: C:\Windows
20:19:32.0641 1876  Running under WOW64
20:19:32.0641 1876  Processor architecture: Intel x64
20:19:32.0641 1876  Number of processors: 4
20:19:32.0641 1876  Page size: 0x1000
20:19:32.0641 1876  Boot type: Normal boot
20:19:32.0641 1876  ============================================================
20:19:33.0062 1876  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:19:33.0078 1876  ============================================================
20:19:33.0078 1876  \Device\Harddisk0\DR0:
20:19:33.0078 1876  MBR partitions:
20:19:33.0078 1876  Initialize success
20:19:33.0078 1876  ============================================================
20:19:42.0641 4844  ============================================================
20:19:42.0641 4844  Scan started
20:19:42.0641 4844  Mode: Manual; SigCheck; TDLFS; 
20:19:42.0641 4844  ============================================================
20:19:42.0828 4844  ================ Scan system memory ========================
20:19:42.0828 4844  System memory - ok
20:19:42.0828 4844  ================ Scan services =============================
20:19:42.0890 4844  1394ohci - ok
20:19:42.0906 4844  Accelerometer - ok
20:19:42.0906 4844  ACPI - ok
20:19:42.0921 4844  AcpiPmi - ok
20:19:42.0937 4844  AdobeARMservice - ok
20:19:42.0953 4844  adp94xx - ok
20:19:42.0953 4844  adpahci - ok
20:19:42.0953 4844  adpu320 - ok
20:19:42.0968 4844  AeLookupSvc - ok
20:19:42.0999 4844  AFD - ok
20:19:42.0999 4844  agp440 - ok
20:19:42.0999 4844  ALG - ok
20:19:43.0015 4844  aliide - ok
20:19:43.0031 4844  AMD External Events Utility - ok
20:19:43.0031 4844  amdide - ok
20:19:43.0062 4844  AmdK8 - ok
20:19:43.0077 4844  amdkmdag - ok
20:19:43.0124 4844  amdkmdap - ok
20:19:43.0124 4844  amdkmpfd - ok
20:19:43.0124 4844  AmdPPM - ok
20:19:43.0140 4844  amdsata - ok
20:19:43.0140 4844  amdsbs - ok
20:19:43.0155 4844  amdxata - ok
20:19:43.0171 4844  AntiVirSchedulerService - ok
20:19:43.0187 4844  AntiVirService - ok
20:19:43.0202 4844  AppID - ok
20:19:43.0218 4844  AppIDSvc - ok
20:19:43.0218 4844  Appinfo - ok
20:19:43.0249 4844  Apple Mobile Device - ok
20:19:43.0249 4844  arc - ok
20:19:43.0265 4844  arcsas - ok
20:19:43.0280 4844  aspnet_state - ok
20:19:43.0280 4844  AsyncMac - ok
20:19:43.0296 4844  atapi - ok
20:19:43.0311 4844  AudioEndpointBuilder - ok
20:19:43.0311 4844  AudioSrv - ok
20:19:43.0327 4844  avgntflt - ok
20:19:43.0343 4844  avipbb - ok
20:19:43.0358 4844  avkmgr - ok
20:19:43.0374 4844  AxInstSV - ok
20:19:43.0374 4844  b06bdrv - ok
20:19:43.0389 4844  b57nd60a - ok
20:19:43.0405 4844  bcbtums - ok
20:19:43.0421 4844  BCM43XX - ok
20:19:43.0436 4844  BDESVC - ok
20:19:43.0436 4844  Beep - ok
20:19:43.0452 4844  BFE - ok
20:19:43.0467 4844  BITS - ok
20:19:43.0483 4844  blbdrive - ok
20:19:43.0499 4844  Bonjour Service - ok
20:19:43.0499 4844  bowser - ok
20:19:43.0499 4844  BrFiltLo - ok
20:19:43.0514 4844  BrFiltUp - ok
20:19:43.0514 4844  Browser - ok
20:19:43.0530 4844  Brserid - ok
20:19:43.0530 4844  BrSerWdm - ok
20:19:43.0530 4844  BrUsbMdm - ok
20:19:43.0545 4844  BrUsbSer - ok
20:19:43.0561 4844  BthEnum - ok
20:19:43.0561 4844  BTHMODEM - ok
20:19:43.0561 4844  BthPan - ok
20:19:43.0577 4844  BTHPORT - ok
20:19:43.0577 4844  bthserv - ok
20:19:43.0577 4844  BTHUSB - ok
20:19:43.0592 4844  btwampfl - ok
20:19:43.0592 4844  btwaudio - ok
20:19:43.0608 4844  btwavdt - ok
20:19:43.0608 4844  btwdins - ok
20:19:43.0608 4844  BTWDPAN - ok
20:19:43.0623 4844  btwl2cap - ok
20:19:43.0623 4844  btwrchid - ok
20:19:43.0623 4844  cdfs - ok
20:19:43.0639 4844  cdrom - ok
20:19:43.0655 4844  CertPropSvc - ok
20:19:43.0670 4844  circlass - ok
20:19:43.0670 4844  CLFS - ok
20:19:43.0670 4844  clr_optimization_v2.0.50727_32 - ok
20:19:43.0686 4844  clr_optimization_v2.0.50727_64 - ok
20:19:43.0686 4844  clr_optimization_v4.0.30319_32 - ok
20:19:43.0686 4844  clr_optimization_v4.0.30319_64 - ok
20:19:43.0701 4844  clwvd - ok
20:19:43.0717 4844  CmBatt - ok
20:19:43.0733 4844  cmdide - ok
20:19:43.0733 4844  CNG - ok
20:19:43.0748 4844  Compbatt - ok
20:19:43.0748 4844  CompositeBus - ok
20:19:43.0764 4844  COMSysApp - ok
20:19:43.0779 4844  cphs - ok
20:19:43.0779 4844  crcdisk - ok
20:19:43.0779 4844  CryptSvc - ok
20:19:43.0811 4844  cvhsvc - ok
20:19:43.0842 4844  DcomLaunch - ok
20:19:43.0857 4844  defragsvc - ok
20:19:43.0857 4844  DfsC - ok
20:19:43.0857 4844  Dhcp - ok
20:19:43.0873 4844  discache - ok
20:19:43.0889 4844  Disk - ok
20:19:43.0904 4844  Dnscache - ok
20:19:43.0904 4844  dot3svc - ok
20:19:43.0904 4844  DPS - ok
20:19:43.0920 4844  drmkaud - ok
20:19:43.0920 4844  DXGKrnl - ok
20:19:43.0935 4844  EapHost - ok
20:19:43.0935 4844  ebdrv - ok
20:19:43.0935 4844  EFS - ok
20:19:43.0951 4844  ehRecvr - ok
20:19:43.0967 4844  ehSched - ok
20:19:43.0967 4844  elxstor - ok
20:19:43.0967 4844  ErrDev - ok
20:19:43.0982 4844  EventSystem - ok
20:19:43.0982 4844  exfat - ok
20:19:43.0998 4844  ezSharedSvc - ok
20:19:44.0013 4844  fastfat - ok
20:19:44.0013 4844  Fax - ok
20:19:44.0029 4844  fdc - ok
20:19:44.0029 4844  fdPHost - ok
20:19:44.0045 4844  FDResPub - ok
20:19:44.0045 4844  FileInfo - ok
20:19:44.0060 4844  Filetrace - ok
20:19:44.0060 4844  flpydisk - ok
20:19:44.0076 4844  FltMgr - ok
20:19:44.0076 4844  FontCache - ok
20:19:44.0076 4844  FontCache3.0.0.0 - ok
20:19:44.0091 4844  FPLService - ok
20:19:44.0091 4844  FsDepends - ok
20:19:44.0107 4844  Fs_Rec - ok
20:19:44.0107 4844  fvevol - ok
20:19:44.0123 4844  gagp30kx - ok
20:19:44.0138 4844  GamesAppService - ok
20:19:44.0138 4844  GEARAspiWDM - ok
20:19:44.0154 4844  gpsvc - ok
20:19:44.0154 4844  hcw85cir - ok
20:19:44.0154 4844  HdAudAddService - ok
20:19:44.0169 4844  HDAudBus - ok
20:19:44.0169 4844  HidBatt - ok
20:19:44.0185 4844  HidBth - ok
20:19:44.0185 4844  HidIr - ok
20:19:44.0185 4844  hidserv - ok
20:19:44.0201 4844  HidUsb - ok
20:19:44.0201 4844  hkmsvc - ok
20:19:44.0201 4844  HomeGroupListener - ok
20:19:44.0216 4844  HomeGroupProvider - ok
20:19:44.0216 4844  HP Support Assistant Service - ok
20:19:44.0232 4844  HPAuto - ok
20:19:44.0232 4844  HPDrvMntSvc.exe - ok
20:19:44.0247 4844  hpdskflt - ok
20:19:44.0247 4844  hpqwmiex - ok
20:19:44.0263 4844  HpSAMD - ok
20:19:44.0263 4844  hpsrv - ok
20:19:44.0279 4844  HPWMISVC - ok
20:19:44.0294 4844  HTTP - ok
20:19:44.0294 4844  hwpolicy - ok
20:19:44.0310 4844  i8042prt - ok
20:19:44.0310 4844  iaStor - ok
20:19:44.0325 4844  IAStorDataMgrSvc - ok
20:19:44.0325 4844  iaStorV - ok
20:19:44.0341 4844  idsvc - ok
20:19:44.0341 4844  iirsp - ok
20:19:44.0341 4844  IKEEXT - ok
20:19:44.0372 4844  IntcDAud - ok
20:19:44.0372 4844  Intel(R) Capability Licensing Service Interface - ok
20:19:44.0372 4844  intelide - ok
20:19:44.0388 4844  intelkmd - ok
20:19:44.0388 4844  intelppm - ok
20:19:44.0388 4844  IPBusEnum - ok
20:19:44.0403 4844  IpFilterDriver - ok
20:19:44.0403 4844  iphlpsvc - ok
20:19:44.0419 4844  IPMIDRV - ok
20:19:44.0419 4844  IPNAT - ok
20:19:44.0419 4844  iPod Service - ok
20:19:44.0435 4844  IRENUM - ok
20:19:44.0435 4844  isapnp - ok
20:19:44.0435 4844  iScsiPrt - ok
20:19:44.0466 4844  iusb3hcs - ok
20:19:44.0466 4844  iusb3hub - ok
20:19:44.0466 4844  iusb3xhc - ok
20:19:44.0481 4844  jhi_service - ok
20:19:44.0481 4844  kbdclass - ok
20:19:44.0497 4844  kbdhid - ok
20:19:44.0513 4844  KeyIso - ok
20:19:44.0513 4844  KSecDD - ok
20:19:44.0513 4844  KSecPkg - ok
20:19:44.0528 4844  ksthunk - ok
20:19:44.0528 4844  KtmRm - ok
20:19:44.0528 4844  LanmanServer - ok
20:19:44.0544 4844  LanmanWorkstation - ok
20:19:44.0559 4844  lltdio - ok
20:19:44.0575 4844  lltdsvc - ok
20:19:44.0591 4844  lmhosts - ok
20:19:44.0606 4844  LMS - ok
20:19:44.0622 4844  LSI_FC - ok
20:19:44.0622 4844  LSI_SAS - ok
20:19:44.0622 4844  LSI_SAS2 - ok
20:19:44.0637 4844  LSI_SCSI - ok
20:19:44.0637 4844  luafv - ok
20:19:44.0669 4844  MBAMProtector - ok
20:19:44.0684 4844  MBAMScheduler - ok
20:19:44.0684 4844  MBAMService - ok
20:19:44.0700 4844  Mcx2Svc - ok
20:19:44.0700 4844  megasas - ok
20:19:44.0700 4844  MegaSR - ok
20:19:44.0715 4844  MEIx64 - ok
20:19:44.0715 4844  MMCSS - ok
20:19:44.0715 4844  Modem - ok
20:19:44.0731 4844  monitor - ok
20:19:44.0747 4844  mouclass - ok
20:19:44.0747 4844  mouhid - ok
20:19:44.0762 4844  mountmgr - ok
20:19:44.0762 4844  MozillaMaintenance - ok
20:19:44.0778 4844  mpio - ok
20:19:44.0778 4844  mpsdrv - ok
20:19:44.0778 4844  MpsSvc - ok
20:19:44.0793 4844  MRxDAV - ok
20:19:44.0793 4844  mrxsmb - ok
20:19:44.0793 4844  mrxsmb10 - ok
20:19:44.0809 4844  mrxsmb20 - ok
20:19:44.0809 4844  msahci - ok
20:19:44.0809 4844  msdsm - ok
20:19:44.0825 4844  MSDTC - ok
20:19:44.0825 4844  Msfs - ok
20:19:44.0840 4844  mshidkmdf - ok
20:19:44.0840 4844  msisadrv - ok
20:19:44.0840 4844  MSiSCSI - ok
20:19:44.0856 4844  msiserver - ok
20:19:44.0871 4844  MSKSSRV - ok
20:19:44.0871 4844  MSPCLOCK - ok
20:19:44.0871 4844  MSPQM - ok
20:19:44.0887 4844  MsRPC - ok
20:19:44.0887 4844  mssmbios - ok
20:19:44.0887 4844  MSTEE - ok
20:19:44.0903 4844  MTConfig - ok
20:19:44.0903 4844  Mup - ok
20:19:44.0903 4844  napagent - ok
20:19:44.0918 4844  NativeWifiP - ok
20:19:44.0918 4844  NDIS - ok
20:19:44.0918 4844  NdisCap - ok
20:19:44.0949 4844  NdisTapi - ok
20:19:44.0949 4844  Ndisuio - ok
20:19:44.0949 4844  NdisWan - ok
20:19:44.0965 4844  NDProxy - ok
20:19:44.0965 4844  NetBIOS - ok
20:19:44.0965 4844  NetBT - ok
20:19:44.0981 4844  Netlogon - ok
20:19:44.0981 4844  Netman - ok
20:19:44.0996 4844  NetMsmqActivator - ok
20:19:44.0996 4844  NetPipeActivator - ok
20:19:44.0996 4844  netprofm - ok
20:19:45.0012 4844  NetTcpActivator - ok
20:19:45.0012 4844  NetTcpPortSharing - ok
20:19:45.0027 4844  nfrd960 - ok
20:19:45.0043 4844  NlaSvc - ok
20:19:45.0043 4844  Npfs - ok
20:19:45.0043 4844  nsi - ok
20:19:45.0059 4844  nsiproxy - ok
20:19:45.0059 4844  Ntfs - ok
20:19:45.0059 4844  Null - ok
20:19:45.0074 4844  NVENETFD - ok
20:19:45.0090 4844  nvraid - ok
20:19:45.0090 4844  nvstor - ok
20:19:45.0105 4844  nv_agp - ok
20:19:45.0105 4844  ohci1394 - ok
20:19:45.0121 4844  ose - ok
20:19:45.0137 4844  osppsvc - ok
20:19:45.0137 4844  p2pimsvc - ok
20:19:45.0137 4844  p2psvc - ok
20:19:45.0152 4844  Parport - ok
20:19:45.0152 4844  partmgr - ok
20:19:45.0152 4844  PcaSvc - ok
20:19:45.0168 4844  pci - ok
20:19:45.0168 4844  pciide - ok
20:19:45.0168 4844  pcmcia - ok
20:19:45.0183 4844  pcw - ok
20:19:45.0183 4844  PEAUTH - ok
20:19:45.0183 4844  PerfHost - ok
20:19:45.0199 4844  pla - ok
20:19:45.0215 4844  PlugPlay - ok
20:19:45.0215 4844  PNRPAutoReg - ok
20:19:45.0215 4844  PNRPsvc - ok
20:19:45.0215 4844  PolicyAgent - ok
20:19:45.0230 4844  Power - ok
20:19:45.0230 4844  PptpMiniport - ok
20:19:45.0230 4844  Processor - ok
20:19:45.0230 4844  ProfSvc - ok
20:19:45.0246 4844  ProtectedStorage - ok
20:19:45.0246 4844  Psched - ok
20:19:45.0246 4844  ql2300 - ok
20:19:45.0246 4844  ql40xx - ok
20:19:45.0261 4844  QWAVE - ok
20:19:45.0261 4844  QWAVEdrv - ok
20:19:45.0261 4844  RasAcd - ok
20:19:45.0261 4844  RasAgileVpn - ok
20:19:45.0261 4844  RasAuto - ok
20:19:45.0277 4844  Rasl2tp - ok
20:19:45.0277 4844  RasMan - ok
20:19:45.0277 4844  RasPppoe - ok
20:19:45.0277 4844  RasSstp - ok
20:19:45.0293 4844  rdbss - ok
20:19:45.0293 4844  rdpbus - ok
20:19:45.0293 4844  RDPCDD - ok
20:19:45.0293 4844  RDPENCDD - ok
20:19:45.0308 4844  RDPREFMP - ok
20:19:45.0308 4844  RDPWD - ok
20:19:45.0308 4844  rdyboost - ok
20:19:45.0308 4844  RemoteAccess - ok
20:19:45.0324 4844  RemoteRegistry - ok
20:19:45.0324 4844  RFCOMM - ok
20:19:45.0324 4844  RpcEptMapper - ok
20:19:45.0324 4844  RpcLocator - ok
20:19:45.0324 4844  RpcSs - ok
20:19:45.0339 4844  RSBASTOR - ok
20:19:45.0339 4844  rspndr - ok
20:19:45.0339 4844  RTL8167 - ok
20:19:45.0355 4844  SamSs - ok
20:19:45.0355 4844  sbp2port - ok
20:19:45.0355 4844  SCardSvr - ok
20:19:45.0355 4844  scfilter - ok
20:19:45.0355 4844  Schedule - ok
20:19:45.0371 4844  SCPolicySvc - ok
20:19:45.0371 4844  sdbus - ok
20:19:45.0386 4844  SDRSVC - ok
20:19:45.0386 4844  secdrv - ok
20:19:45.0386 4844  seclogon - ok
20:19:45.0386 4844  SENS - ok
20:19:45.0402 4844  SensrSvc - ok
20:19:45.0417 4844  Serenum - ok
20:19:45.0417 4844  Serial - ok
20:19:45.0433 4844  sermouse - ok
20:19:45.0449 4844  SessionEnv - ok
20:19:45.0449 4844  sffdisk - ok
20:19:45.0449 4844  sffp_mmc - ok
20:19:45.0464 4844  sffp_sd - ok
20:19:45.0464 4844  sfloppy - ok
20:19:45.0480 4844  Sftfs - ok
20:19:45.0480 4844  sftlist - ok
20:19:45.0495 4844  Sftplay - ok
20:19:45.0495 4844  Sftredir - ok
20:19:45.0495 4844  Sftvol - ok
20:19:45.0511 4844  sftvsa - ok
20:19:45.0511 4844  SharedAccess - ok
20:19:45.0527 4844  ShellHWDetection - ok
20:19:45.0527 4844  SiSRaid2 - ok
20:19:45.0527 4844  SiSRaid4 - ok
20:19:45.0542 4844  SkypeUpdate - ok
20:19:45.0558 4844  Smb - ok
20:19:45.0573 4844  SmbDrv - ok
20:19:45.0573 4844  SmbDrvIntel - ok
20:19:45.0589 4844  SNMPTRAP - ok
20:19:45.0589 4844  spldr - ok
20:19:45.0589 4844  Spooler - ok
20:19:45.0605 4844  sppsvc - ok
20:19:45.0605 4844  sppuinotify - ok
20:19:45.0605 4844  srv - ok
20:19:45.0620 4844  srv2 - ok
20:19:45.0636 4844  SrvHsfHDA - ok
20:19:45.0636 4844  SrvHsfV92 - ok
20:19:45.0636 4844  SrvHsfWinac - ok
20:19:45.0651 4844  srvnet - ok
20:19:45.0651 4844  SSDPSRV - ok
20:19:45.0667 4844  SstpSvc - ok
20:19:45.0683 4844  STacSV - ok
20:19:45.0683 4844  stexstor - ok
20:19:45.0683 4844  STHDA - ok
20:19:45.0698 4844  stisvc - ok
20:19:45.0714 4844  swenum - ok
20:19:45.0714 4844  swprv - ok
20:19:45.0729 4844  SynTP - ok
20:19:45.0745 4844  SysMain - ok
20:19:45.0745 4844  TabletInputService - ok
20:19:45.0745 4844  TapiSrv - ok
20:19:45.0761 4844  TBS - ok
20:19:45.0761 4844  Tcpip - ok
20:19:45.0761 4844  TCPIP6 - ok
20:19:45.0776 4844  tcpipreg - ok
20:19:45.0776 4844  TDPIPE - ok
20:19:45.0792 4844  TDTCP - ok
20:19:45.0792 4844  tdx - ok
20:19:45.0792 4844  TermDD - ok
20:19:45.0792 4844  TermService - ok
20:19:45.0807 4844  Themes - ok
20:19:45.0807 4844  THREADORDER - ok
20:19:45.0807 4844  TrkWks - ok
20:19:45.0807 4844  TrueService - ok
20:19:45.0807 4844  TrustedInstaller - ok
20:19:45.0807 4844  tssecsrv - ok
20:19:45.0823 4844  TsUsbFlt - ok
20:19:45.0823 4844  TsUsbGD - ok
20:19:45.0839 4844  tunnel - ok
20:19:45.0839 4844  uagp35 - ok
20:19:45.0839 4844  udfs - ok
20:19:45.0839 4844  UI0Detect - ok
20:19:45.0854 4844  uliagpkx - ok
20:19:45.0854 4844  umbus - ok
20:19:45.0870 4844  UmPass - ok
20:19:45.0870 4844  UNS - ok
20:19:45.0870 4844  upnphost - ok
20:19:45.0870 4844  USBAAPL64 - ok
20:19:45.0885 4844  usbccgp - ok
20:19:45.0885 4844  usbcir - ok
20:19:45.0885 4844  usbehci - ok
20:19:45.0885 4844  usbhub - ok
20:19:45.0885 4844  usbohci - ok
20:19:45.0901 4844  usbprint - ok
20:19:45.0901 4844  USBSTOR - ok
20:19:45.0901 4844  usbuhci - ok
20:19:45.0917 4844  usbvideo - ok
20:19:45.0917 4844  UxSms - ok
20:19:45.0932 4844  VaultSvc - ok
20:19:45.0932 4844  vdrvroot - ok
20:19:45.0932 4844  vds - ok
20:19:45.0932 4844  vga - ok
20:19:45.0932 4844  VgaSave - ok
20:19:45.0948 4844  vhdmp - ok
20:19:45.0948 4844  viaide - ok
20:19:45.0948 4844  volmgr - ok
20:19:45.0948 4844  volmgrx - ok
20:19:45.0948 4844  volsnap - ok
20:19:45.0963 4844  vsmraid - ok
20:19:45.0963 4844  VSS - ok
20:19:45.0963 4844  vwifibus - ok
20:19:45.0979 4844  vwififlt - ok
20:19:45.0979 4844  W32Time - ok
20:19:45.0995 4844  WacomPen - ok
20:19:45.0995 4844  WANARP - ok
20:19:46.0010 4844  Wanarpv6 - ok
20:19:46.0010 4844  WatAdminSvc - ok
20:19:46.0010 4844  wbengine - ok
20:19:46.0010 4844  WbioSrvc - ok
20:19:46.0026 4844  wcncsvc - ok
20:19:46.0026 4844  WcsPlugInService - ok
20:19:46.0026 4844  Wd - ok
20:19:46.0026 4844  Wdf01000 - ok
20:19:46.0026 4844  WdiServiceHost - ok
20:19:46.0041 4844  WdiSystemHost - ok
20:19:46.0041 4844  WebClient - ok
20:19:46.0041 4844  Wecsvc - ok
20:19:46.0041 4844  wercplsupport - ok
20:19:46.0041 4844  WerSvc - ok
20:19:46.0057 4844  WfpLwf - ok
20:19:46.0057 4844  WIMMount - ok
20:19:46.0057 4844  WinDefend - ok
20:19:46.0057 4844  WinHttpAutoProxySvc - ok
20:19:46.0073 4844  Winmgmt - ok
20:19:46.0073 4844  WinRM - ok
20:19:46.0073 4844  WinUsb - ok
20:19:46.0073 4844  Wlansvc - ok
20:19:46.0088 4844  wlcrasvc - ok
20:19:46.0104 4844  wlidsvc - ok
20:19:46.0104 4844  WmiAcpi - ok
20:19:46.0104 4844  wmiApSrv - ok
20:19:46.0104 4844  WMPNetworkSvc - ok
20:19:46.0119 4844  WPCSvc - ok
20:19:46.0119 4844  WPDBusEnum - ok
20:19:46.0119 4844  ws2ifsl - ok
20:19:46.0119 4844  wscsvc - ok
20:19:46.0119 4844  WSearch - ok
20:19:46.0135 4844  wuauserv - ok
20:19:46.0135 4844  WudfPf - ok
20:19:46.0135 4844  WUDFRd - ok
20:19:46.0135 4844  wudfsvc - ok
20:19:46.0135 4844  WwanSvc - ok
20:19:46.0151 4844  ================ Scan global ===============================
20:19:46.0151 4844  [Global] - ok
20:19:46.0151 4844  ================ Scan MBR ==================================
20:19:46.0166 4844  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:19:47.0071 4844  \Device\Harddisk0\DR0 - ok
20:19:47.0071 4844  ================ Scan VBR ==================================
20:19:47.0071 4844  ============================================================
20:19:47.0071 4844  Scan finished
20:19:47.0071 4844  ============================================================
20:19:47.0087 3908  Detected object count: 0
20:19:47.0087 3908  Actual detected object count: 0
20:21:31.0108 6944  Deinitialize success

hab da mal noch zwei weitere scans laufen lassen, vielleicht bringts dir ja was...

[code]
GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-22 00:17:20
Windows 6.1.7601 Service Pack 1 
Running: j10g3zu9.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb98ece4b                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb98ece4b@0007ab901cc1         0x87 0xD6 0xE6 0x90 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb98ece4b (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb98ece4b@0007ab901cc1             0x87 0xD6 0xE6 0x90 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Code:

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-21 23:55:32
-----------------------------
23:55:32.217    OS Version: Windows x64 6.1.7601 Service Pack 1
23:55:32.217    Number of processors: 4 586 0x3A09
23:55:32.217    ComputerName: HP-M6  UserName: 
23:55:33.685    Initialize success
23:57:51.367    AVAST engine defs: 12112100
23:58:02.084    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:58:02.084    Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 8
23:58:02.115    Disk 0 MBR read successfully
23:58:02.115    Disk 0 MBR scan
23:58:02.115    Disk 0 Windows 7 default MBR code
23:58:02.131    Disk 0 Partition 1 00     42          SFS                 0 MB offset 63
23:58:02.146    Disk 0 Partition 2 80 (A) 42          SFS NTFS          199 MB offset 2048
23:58:02.162    Disk 0 Partition 3 00     42          SFS NTFS       357372 MB offset 409600
23:58:02.177    Disk 0 Partition 4 00     42          SFS NTFS       357831 MB offset 732307456
23:58:02.193    Disk 0 scanning C:\Windows\system32\drivers
23:58:02.193    Service scanning
23:58:36.903    Modules scanning
23:58:36.903    Disk 0 trace - called modules:
23:58:36.950    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 
23:58:36.966    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069e5790]
23:58:36.966    3 CLASSPNP.SYS[fffff88001d8543f] -> nt!IofCallDriver -> [0xfffffa8006a8eb10]
23:58:36.981    5 hpdskflt.sys[fffff88001d2c189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d8c050]
23:58:38.026    AVAST engine scan C:\Windows
23:58:38.042    AVAST engine scan C:\Windows\system32
23:58:38.042    AVAST engine scan C:\Windows\system32\drivers
23:58:38.042    AVAST engine scan C:\Users\Monika & Mischa
23:58:38.042    AVAST engine scan C:\ProgramData
23:58:38.058    Scan finished successfully
00:03:17.191    Disk 0 MBR has been saved successfully to "C:\Users\Monika & Mischa\Desktop\MBR.dat"
00:03:17.191    The log file has been saved successfully to "C:\Users\Monika & Mischa\Desktop\aswMBR.txt"

t'john · 22.11.2012, 06:32

Sehr gut!

Wie laeuft der Rechner?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html

Kunti · 22.11.2012, 07:06

hey john

der rechner läuft soweit einwandfrei, danke!

allerdings kann ich die emissoft software nicht installieren, kommt immer die meldung dass die files corrupt sind (siehe prt sc)

Kunti · 22.11.2012, 07:07

wie weiter?

t'john · 22.11.2012, 07:23

Wo hast du diese geladen?
Warum steht da NetmediaEurope als Quelle?

Beachte die Anleitung!

Kunti · 22.11.2012, 07:31

ach so, ich habs zuerst mit eurem link versucht. habs dann noch bei zdnet versucht runterzuladen. (war vielleicht nicht so klever, sorry) selbes ergebnis

habs nochmals direkt bei emsisoft probiert, jetzt funktionierts. resultat später...

vielleichtmüsst ihr mal euren link überprüfen...

t'john · 22.11.2012, 13:02

Der Link funktioniert einwandfrei.

Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst.
Poste das Logfile bitte.

Kunti · 22.11.2012, 13:09

ja der link funktioniert schon, aber das runtergeladene file war bei mir jedes mal corrupt. als ich es dann direkt von emsisoft runtergeladen habe und ausgeführt habe hats dann einwandfrei funktioniert. never mind...

resultat kommt noch, bin grad nicht am laptop...

gruss
kunti

t'john · 22.11.2012, 13:25

alles klar.

21.11.2012, 17:18	#6
t'john /// Helfer-Team	Virus Schweizer Eidgenossenschaft Schau auf c:\ Da muss es ein Log geben. __________________ --> Virus Schweizer Eidgenossenschaft

22.11.2012, 07:23	#11
t'john /// Helfer-Team	Virus Schweizer Eidgenossenschaft Wo hast du diese geladen? Warum steht da NetmediaEurope als Quelle? Beachte die Anleitung! __________________ Mfg, t'john Das TB unterstützen

22.11.2012, 13:02	#13
t'john /// Helfer-Team	Virus Schweizer Eidgenossenschaft Der Link funktioniert einwandfrei. Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte. __________________ Mfg, t'john Das TB unterstützen

22.11.2012, 13:25	#15
t'john /// Helfer-Team	Virus Schweizer Eidgenossenschaft alles klar. __________________ Mfg, t'john Das TB unterstützen

Virus Schweizer Eidgenossenschaft

Plagegeister aller Art und deren Bekämpfung: Virus Schweizer Eidgenossenschaft