Trojaner-Board - System langsam, zu viele Prozesse

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - System langsam, zu viele Prozesse (https://www.trojaner-board.de/94657-system-langsam-viele-prozesse.html)

System langsam, zu viele Prozesse

Mein System ist ziemlich langsam geworden, habe mal im Taskmanager nachgeschaut und es laufen es liefen 96 Prozesse. Habe gegoogelt und den Runscanner gefunden. Ich will aber nichts löschen, weil ich davon keine Ahung habe.

Ich hoffe jemand kann mir helfen. Cheers

Code:

Runscanner logfile hxxp://www.runscanner.net
 

* = signed file

- = file not found
 

General info

------------

Computer name : HOME-COMPUTER

Creation time : 11.01.2011 18:22:54

Hosts <> 127.0.0.1 : 0

Hosts file location : %SystemRoot%\System32\drivers\etc

IE version : 8.0.7600.16385

OS : Windows 7 Home Premium

OS Build : 7600

OS SP : 

RunScanner Version : 2.0.0.50

User Language : Deutsch (Schweiz)

User rights : Administrator

Windows folder : C:\Windows
 

Running processes

-----------------

* C:\Windows\System32\atieclxx.exe (AMD)

* C:\Windows\System32\atiesrxx.exe (AMD)

* C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (Andrea Electronics Corporation)

* C:\Windows\System32\services.exe (Microsoft Corporation)

* C:\Windows\System32\taskeng.exe (Microsoft Corporation)

* C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

* C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

* C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)

* C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)

* C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

* C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

* C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)

  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.)

  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)

* C:\Windows\System32\csrss.exe (Microsoft Corporation)

* C:\Windows\System32\csrss.exe (Microsoft Corporation)

* C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.)

* C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

* C:\Windows\System32\dwm.exe (Microsoft Corporation)

  C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

  C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

  C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

* C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

* C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

* C:\Windows\System32\taskhost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\SysWOW64\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Windows\System32\svchost.exe (Microsoft Corporation)

* C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (Hewlett-Packard)

* C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink Corp.)

* C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

* C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard Company)

* C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Company)

* C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)

* C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe

* C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (Hewlett-Packard Company)

* C:\Windows\System32\hpservice.exe (Hewlett-Packard)

* C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)

* C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

* C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe (IDT, Inc.)

* C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

* C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)

  C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

* C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

  C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

* C:\Windows\System32\lsass.exe (Microsoft Corporation)

* C:\Windows\System32\lsm.exe (Microsoft Corporation)

* C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

* C:\Windows\System32\SearchIndexer.exe (Microsoft Corporation)

* C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

* C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

* C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

* C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe ( Hewlett-Packard Development Company, L.P.)

* C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

* C:\Users\Manuel\Desktop\runscanner.exe (Runscanner.net)

* C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

* C:\Windows\System32\spoolsv.exe (Microsoft Corporation)

* C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated)

* C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

* C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

* C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)

  C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

* C:\Windows\system32\audiodg.exe (Microsoft Corporation)

* C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

* C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

* C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

* C:\Windows\System32\winlogon.exe (Microsoft Corporation)

* C:\Windows\explorer.exe (Microsoft Corporation)

* C:\Windows\System32\smss.exe (Microsoft Corporation)

* C:\Windows\System32\wininit.exe (Microsoft Corporation)

* C:\Windows\System32\wbem\WmiPrvSE.exe (Microsoft Corporation)
 

Unrated items

-------------

002   C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)

002   C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

002   C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)

002   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

002   C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)

003   C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

010   C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona Local Host)

010   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (LightScribe Service)

010 * C:\Windows\system32\vcsFPService.exe (VFS101 VCS API Library)

011   C:\Windows\system32\DRIVERS\jmcr.sys (JMCR)

011 * C:\Windows\system32\pwdrvio.sys (pwdrvio.sys)

011 * C:\Windows\system32\pwdspio.sys (pwdspio.sys)

042   GUID / CLSID not found {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}

042   GUID / CLSID not found {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}

042   GUID / CLSID not found {2670000A-7350-4f3c-8081-5663EE0C6C49}

042   GUID / CLSID not found {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}

042   GUID / CLSID not found {92780B25-18CC-41C8-B9BE-3C9C571A8263}

042   GUID / CLSID not found {CCA281CA-C863-46ef-9331-5C8D4460577F}

050   C:\Windows\SysWow64\EZUPBH~1.DLL (EasyBits Software Corp.) {E54729E8-BB3D-4270-9D49-7389EA579090}

052   GUID / CLSID not found {5C255C8A-E604-49b4-9D64-90988571CECB}

052   C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.) {395610AE-C624-4f58-B89E-23733EA00F9A}

060   GUID / CLSID not found {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

061   C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll (DivX, Inc.) {D8D1CE8C-B1EB-4E95-B63B-1531BA60E992}

061   C:\Program Files (x86)\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll (DivX, Inc.) {83238FAE-D346-4E12-8734-D42F7554B3E6}

071   C:\Windows\system32\DPPWDFLT.dll (DigitalPersona, Inc.)

100   Default_Page_URL HKCU : hxxp://g.uk.msn.com/HPCON/12

100   Default_Page_URL HKLM : hxxp://g.uk.msn.com/HPCON/12

100   Start Page HKCU : hxxp://www.google.ch/

100   Start Page HKLM : hxxp://g.uk.msn.com/HPCON/12

105   Bild an &Bluetooth-Gerät senden... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

105   Nach Microsoft E&xel exportieren : res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

105   Seite an &Bluetooth-Gerät senden... : C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

229   GUID / CLSID not found {5E2121EE-0300-11D4-8D3B-444553540000}

254   GUID / CLSID not found {7842554E-6BED-11D2-8CDB-B05550C10000}
 

Missing files

-------------

005 C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

006 C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

032 rdpclip

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 5504
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

11.01.2011 18:56:00

mbam-log-2011-01-11 (18-56-00).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 157460

Laufzeit: 6 Minute(n), 23 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 14

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 7

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

c:\program files (x86)\funwebproducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\screensaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files (x86)\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
 

Infizierte Dateien:

c:\program files (x86)\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Diesen Malwarebyte Log habe ich schon bereinigen lassen vom Programm. Seit dem läuft das System schon einiges besser. Ich poste die anderen Logs trotzdem noch, vielliecht ist ja noch etwas nicht gut.

Dies ist der Log, den ich nach der Reinigung noch habe machen lassen:

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 5505
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

11.01.2011 20:39:54

mbam-log-2011-01-11 (20-39-54).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 157203

Laufzeit: 6 Minute(n), 44 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Hier der OTL Log:

Code:

OTL logfile created on: 11.01.2011 20:54:13 - Run 1

OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Manuel\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449,92 Gb Total Space | 312,50 Gb Free Space | 69,46% Space Free | Partition Type: NTFS

Drive D: | 15,54 Gb Total Space | 2,55 Gb Free Space | 16,39% Space Free | Partition Type: NTFS

Drive E: | 99,02 Mb Total Space | 96,46 Mb Free Space | 97,41% Space Free | Partition Type: FAT32

 

Computer Name: HOME-COMPUTER | User Name: Manuel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Manuel\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)

PRC - c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (CyberLink Corp.)

PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Manuel\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\ezsvc7.dll File not found

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)

SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)

SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)

SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)

SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()

DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()

DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)

DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)

DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)

DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)

DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl (CyberLink Corp.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON/12

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON/12

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/"

FF - prefs.js..extensions.enabledItems: otis@digitalpersona.com:5.0.0.3790

FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5

FF - prefs.js..extensions.enabledItems: {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: fbdislike@doweb.fr:1.2.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: uss-button@uploadscreenshot.com:1.9.0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.27 16:58:44 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.27 16:58:44 | 000,000,000 | ---D | M]

 

[2011.01.09 09:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions

[2011.01.09 09:28:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Extensions\home2@tomtom.com

[2011.01.11 18:03:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\5pua8ym7.default\extensions

[2010.12.14 18:04:06 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\5pua8ym7.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2010.04.20 18:24:16 | 000,000,000 | ---D | M] (TradeManager-Plugin) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\5pua8ym7.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

[2010.12.15 20:24:25 | 000,000,000 | ---D | M] () -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\5pua8ym7.default\extensions\fbdislike@doweb.fr

[2010.11.03 18:06:16 | 000,000,000 | ---D | M] (UploadScreenshot.com Capture) -- C:\Users\Manuel\AppData\Roaming\mozilla\Firefox\Profiles\5pua8ym7.default\extensions\uss-button@uploadscreenshot.com

[2010.10.29 15:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.04.25 12:21:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.10.01 11:29:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.10.29 15:32:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010.03.07 15:48:28 | 000,000,000 | ---D | M] (DigitalPersona Extension) -- C:\PROGRAM FILES (X86)\DIGITALPERSONA\BIN\FIREFOXEXT

[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.07.12 17:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2010.07.23 01:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.07.23 01:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.07.23 01:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.07.23 01:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.07.23 01:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Programme\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()

O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)

O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe (DigitalPersona, Inc.)

O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)

O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.01.11 20:31:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe

[2011.01.11 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Software4u

[2011.01.11 19:34:06 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Software4u

[2011.01.11 19:33:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry CleanUP 4

[2011.01.11 19:33:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Software4u

[2011.01.11 19:25:11 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Uniblue

[2011.01.11 19:24:28 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\PackageAware

[2011.01.11 18:50:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys

[2011.01.11 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Malwarebytes

[2011.01.11 18:39:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011.01.11 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.01.11 18:39:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.01.11 18:39:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011.01.11 18:39:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011.01.11 18:00:41 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Runscanner.net

[2011.01.11 18:00:12 | 001,659,192 | ---- | C] (Runscanner.net) -- C:\Users\Manuel\Desktop\runscanner.exe

[2011.01.09 09:28:34 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Documents\TomTom

[2011.01.09 09:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom

[2011.01.09 09:28:16 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\TomTom

[2011.01.09 09:28:16 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Local\TomTom

[2011.01.09 09:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom

[2011.01.09 09:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V

[2011.01.09 09:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2

[2010.12.29 16:17:14 | 000,000,000 | ---D | C] -- C:\Users\Manuel\Documents\Webcam

[2010.12.27 22:29:04 | 000,000,000 | ---D | C] -- C:\Users\Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte

[2010.12.27 17:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2010.12.27 17:03:55 | 000,000,000 | ---D | C] -- C:\Programme\iPod

[2010.12.27 17:03:54 | 000,000,000 | ---D | C] -- C:\Programme\iTunes

[2010.12.27 16:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2010.12.27 16:58:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010.12.20 13:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\{23D58E70-3B83-4B83-A227-68770F84F5EC}

[2010.12.16 17:43:27 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll

[2010.12.16 17:43:27 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll

[2010.12.16 17:43:27 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll

[2010.12.16 17:43:27 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll

[2010.12.16 17:43:27 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe

[2010.12.16 17:43:27 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll

[2010.12.16 17:43:27 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe

[2010.12.16 17:43:27 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe

[2010.12.16 17:42:58 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2010.12.16 17:42:58 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2010.12.16 17:42:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2010.12.16 17:42:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2010.12.16 17:42:02 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2010.12.16 17:42:02 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2010.12.16 17:41:07 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2010.12.16 17:40:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010.12.16 17:40:48 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010.12.16 17:40:48 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010.12.16 17:40:48 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010.12.16 17:40:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010.12.16 17:40:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010.12.16 17:40:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010.12.16 17:40:47 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010.12.16 17:40:47 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010.12.16 17:40:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010.12.16 17:40:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010.12.16 17:40:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010.12.16 17:40:47 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010.12.16 17:40:47 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.01.11 20:35:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.01.11 20:35:20 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.01.11 20:30:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manuel\Desktop\OTL.exe

[2011.01.11 20:27:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.01.11 20:27:43 | 3218,235,392 | -HS- | M] () -- C:\hiberfil.sys

[2011.01.11 20:06:41 | 000,015,385 | ---- | M] () -- C:\Windows\SysNative\ms8664.sys

[2011.01.11 19:33:58 | 000,002,272 | ---- | M] () -- C:\Users\Manuel\Desktop\Registry CleanUP 4.lnk

[2011.01.11 18:51:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2011.01.11 18:39:24 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.01.11 18:00:19 | 001,659,192 | ---- | M] (Runscanner.net) -- C:\Users\Manuel\Desktop\runscanner.exe

[2011.01.11 17:58:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.01.11 17:58:43 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.01.11 17:58:43 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.01.11 17:58:43 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.01.11 17:58:43 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe

[2010.12.27 17:05:08 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.12.27 16:58:36 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010.12.20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010.12.20 17:35:27 | 000,351,984 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010.12.20 13:59:11 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

 
 ========== Files Created - No Company Name ==========

 

[2011.01.11 19:34:12 | 000,015,385 | ---- | C] () -- C:\Windows\SysNative\ms8664.sys

[2011.01.11 19:33:58 | 000,002,272 | ---- | C] () -- C:\Users\Manuel\Desktop\Registry CleanUP 4.lnk

[2011.01.11 18:51:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf

[2011.01.11 18:39:23 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.12.27 17:05:08 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010.12.27 16:58:36 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2010.12.20 13:59:11 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2010.02.25 21:00:46 | 000,000,000 | ---- | C] () -- C:\Users\Manuel\AppData\Local\QSwitch.txt

[2010.02.25 21:00:46 | 000,000,000 | ---- | C] () -- C:\Users\Manuel\AppData\Local\DSwitch.txt

[2010.02.25 21:00:46 | 000,000,000 | ---- | C] () -- C:\Users\Manuel\AppData\Local\AtStart.txt

[2010.02.25 21:00:43 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2010.01.15 01:44:09 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log

[2010.01.15 01:44:03 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2010.01.15 01:43:52 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log

[2010.01.15 01:43:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2010.01.15 01:43:00 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log

[2010.01.15 01:21:54 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini

[2010.01.15 01:21:54 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini

[2009.11.16 10:14:08 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009.11.16 10:10:29 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log

[2009.11.16 10:09:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009.11.16 10:08:54 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

[2009.09.29 15:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 

< End of report >

Code:

OTL Extras logfile created on: 11.01.2011 20:54:13 - Run 1

OTL by OldTimer - Version 3.2.20.1     Folder = C:\Users\Manuel\Desktop

64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 81,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449,92 Gb Total Space | 312,50 Gb Free Space | 69,46% Space Free | Partition Type: NTFS

Drive D: | 15,54 Gb Total Space | 2,55 Gb Free Space | 16,39% Space Free | Partition Type: NTFS

Drive E: | 99,02 Mb Total Space | 96,46 Mb Free Space | 97,41% Space Free | Partition Type: FAT32

 

Computer Name: HOME-COMPUTER | User Name: Manuel | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter

"{62A20ECA-920E-4052-BF77-88C78DD20FAA}" = Validity Sensors DDK

"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)

"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard

"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-002A-040C-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (French) 2007

"{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{902004C7-2B12-4A4F-E1DB-E75C7B03EDD4}" = ATI Catalyst Install Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support

"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Manager™ 10.0 Personal

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = HP Integrated Module with Bluetooth wireless technology

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{E787AC54-0E56-A6DF-7BDB-AAC360813B6C}" = ccc-utility64

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F74D69E5-ECFD-45D1-A87A-341208ADD7CC}" = DigitalPersona Personal 4.11

"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)

"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)

"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"SynTPDeinstKey" = Synaptics Pointing Device Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0868BCEA-C983-1450-3ACB-79411138ACB0}" = Catalyst Control Center Core Implementation

"{08DB3902-2CE0-474D-BCE3-0177766CE9F1}" = HP Support Assistant

"{0FA359BD-666B-5135-B712-852F21504E96}" = Catalyst Control Center Graphics Previews Vista

"{152C18DA-4270-FAF2-DE48-8A7286BD1FB1}" = CCC Help Japanese

"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{21B5704D-788D-F083-A5E0-94B0390889F5}" = Catalyst Control Center InstallProxy

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2FC32740-5BF8-F11E-1257-80A41497B9F1}" = Catalyst Control Center Graphics Light

"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"{337E0592-9B00-AF1D-B10C-16225B981C96}" = CCC Help Thai

"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons

"{36214841-EA3C-DA47-7F29-E6A16231702E}" = CCC Help Dutch

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3BC080DE-CF23-E18E-0678-47CA2E70C1CD}" = Catalyst Control Center Graphics Full New

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager

"{47365A91-7A32-5C08-927C-17F27D9F0E50}" = Catalyst Control Center Graphics Previews Common

"{47BD6184-519F-C649-6A5C-58234406B62C}" = CCC Help Italian

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B57F6F3-5577-7158-A8F7-9E71547F8B7C}" = CCC Help Finnish

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4E432692-A736-4F77-AF77-F9078CF88D31}" = HP Wireless Assistant

"{5271C0D4-24E4-4C3D-A782-C012033FD3CF}" = AMD USB Filter Driver

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{5708788D-EC95-7D4A-C0D8-CB393C9E90AC}" = CCC Help Hungarian

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library

"{675ABEBC-DBA1-FF26-52BF-697FF5012CA1}" = CCC Help Spanish

"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"{68910580-F9FF-91E0-8AFE-86D49DD07AE4}" = CCC Help Russian

"{6B57CF04-5182-9DED-CCD4-84DAC76784D4}" = CCC Help Swedish

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{71B7E1DE-4913-5E2E-2B83-B90C3BB308BA}" = ccc-core-static

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7DA2FB1E-31A5-54A6-91AC-9EDCA6258F40}" = CCC Help French

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8DF8417C-07F9-22AA-019E-7F761437BFAC}" = CCC Help Polish

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007

"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007

"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007

"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007

"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007

"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007

"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007

"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007

"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-040C-1000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0410-1000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007

"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007

"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007

"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007

"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007

"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90E03F32-42EC-A16D-8146-A4E2F0FC9588}" = CCC Help English

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91B36C7F-0796-5A98-D1BA-C29C8D24396F}" = CCC Help Portuguese

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A0A47CD2-749A-97BD-C4AE-862EFA38CAC1}" = CCC Help Danish

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A44CD09A-6D0F-08EC-8B80-6FD5EF62598B}" = CCC Help Czech

"{A5786D80-1FAE-577A-C448-9C61274E9F7B}" = CCC Help Turkish

"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 4.2.2

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI

"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player

"{AF6B5CC8-55F5-55BC-2E2A-2B192EA79E16}" = CCC Help Greek

"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C2AFB298-CD06-BCF0-16CD-FB506E07B262}" = CCC Help Norwegian

"{C2FFBCE8-3A0D-154C-EE84-47B189E79D60}" = CCC Help German

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB71B7E6-3156-2DB6-3800-6B853D5D6EF6}" = Catalyst Control Center Graphics Full Existing

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update

"{D8029B62-C3D6-E02D-A98E-07AFEA8CDF79}" = Catalyst Control Center Localization All

"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"{E0897770-46C9-4322-AD44-8BFA6BE217B2}" = Catalyst Control Center - Branding

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"{EC1F6690-DE55-4B9E-C556-EE1558EAB7A5}" = CCC Help Chinese Standard

"{EC83C809-3943-830A-ED5C-C569267E4804}" = CCC Help Korean

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL

"{F696BBD9-A383-4F54-155B-451A15482C89}" = CCC Help Chinese Traditional

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"5F7CA463-F69E-414F-9532-86CC343BE46C_is1" = Registry CleanUP 4

"AbiWord2" = AbiWord 2.8.6

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast5" = avast! Free Antivirus

"DivX Setup.divx.com" = DivX-Setup

"EasyBits Magic Desktop" = Magic Desktop

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam

"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite

"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go

"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV

"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!

"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD

"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV

"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video

"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"TomTom HOME" = TomTom HOME 2.8.0.2146

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.0.5

"WildTangent hp Master Uninstall" = HP Games

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 22.12.2010 12:42:08 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7878

 

Error - 22.12.2010 12:42:09 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 22.12.2010 12:42:09 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8892

 

Error - 22.12.2010 12:42:09 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8892

 

Error - 22.12.2010 13:23:17 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 22.12.2010 13:23:17 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2477514

 

Error - 22.12.2010 13:23:17 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2477514

 

Error - 22.12.2010 13:23:19 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 22.12.2010 13:23:19 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2479168

 

Error - 22.12.2010 13:23:19 | Computer Name = Home-Computer | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 2479168

 

[ Hewlett-Packard Events ]

Error - 08.11.2010 13:31:07 | Computer Name = Home-Computer | Source = Hewlett-Packard | ID = 0

Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111008063103.xml

 File not created by asset agent

 

[ System Events ]

Error - 16.08.2010 11:31:18 | Computer Name = Home-Computer | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 17.08.2010 12:15:35 | Computer Name = Home-Computer | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 17.08.2010 12:15:40 | Computer Name = Home-Computer | Source = ACPI | ID = 327693

Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen

 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware

 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 

den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen

 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

 

Error - 17.08.2010 14:07:32 | Computer Name = Home-Computer | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 17.08.2010 14:07:37 | Computer Name = Home-Computer | Source = ACPI | ID = 327693

Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen

 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware

 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 

den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen

 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

 

Error - 17.08.2010 14:56:13 | Computer Name = Home-Computer | Source = ACPI | ID = 327693

Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen

 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware

 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 

den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen

 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

 

Error - 18.08.2010 00:52:04 | Computer Name = Home-Computer | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 18.08.2010 00:52:10 | Computer Name = Home-Computer | Source = ACPI | ID = 327693

Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen

 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware

 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie 

den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen

 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.

 

Error - 18.08.2010 11:27:26 | Computer Name = Home-Computer | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

Error - 19.08.2010 11:20:54 | Computer Name = Home-Computer | Source = atikmdag | ID = 52236

Description = CPLIB :: General - Invalid Parameter

 

 

< End of report >

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen.
Poste auch alle etwaigen anderen Logs von MBAM, die du im Reiter Logdateien siehst.

Code:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 5505
 

Windows 6.1.7600

Internet Explorer 8.0.7600.16385
 

12.01.2011 20:03:07

mbam-log-2011-01-12 (20-03-07).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)

Durchsuchte Objekte: 345579

Laufzeit: 1 Stunde(n), 28 Minute(n), 59 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

O4 - HKLM..\Run: []  File not found

[2011.01.11 19:34:12 | 000,015,385 | ---- | C] () -- C:\Windows\SysNative\ms8664.sys

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Welches Ausgesternte?

Für den Fall, dass du was ausgesternt hast.

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.

C:\Windows\SysNative\ms8664.sys moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Manuel

->Temp folder emptied: 506337344 bytes

->Temporary Internet Files folder emptied: 74709425 bytes

->Java cache emptied: 33911428 bytes

->FireFox cache emptied: 109137780 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 62517 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 27224322 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 717,00 mb

 

 

OTL by OldTimer - Version 3.2.20.1 log created on 01122011_212125
 

Files\Folders moved on Reboot...

C:\Users\Manuel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Muss ich mit dem CCleaner das System bereinigen?

Ich habe das nämlich schon mit dem Registry CleanUP 4 gemacht.

Muss nicht zwingend sein...

Code:

ComboFix 11-01-12.04 - Manuel 13.01.2011  18:05:26.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7600.0.1252.41.1031.18.4092.2805 [GMT 1:00]

ausgeführt von:: c:\users\Manuel\Desktop\cofi.exe.exe

AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

C:\Install.exe
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-12-13 bis 2011-01-13  ))))))))))))))))))))))))))))))

.
 

2011-01-13 17:24 . 2011-01-13 17:24        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-01-13 16:53 . 2011-01-13 08:47        237168        ----a-w-        c:\windows\system32\aswBoot.exe

2011-01-12 20:21 . 2011-01-12 20:21        --------        d-----w-        C:\_OTL

2011-01-11 18:34 . 2011-01-11 18:34        --------        d-----w-        c:\programdata\Software4u

2011-01-11 18:34 . 2011-01-11 18:34        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Software4u

2011-01-11 18:33 . 2011-01-11 18:33        --------        d-----w-        c:\program files (x86)\Software4u

2011-01-11 18:25 . 2011-01-11 18:25        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Uniblue

2011-01-11 18:24 . 2011-01-11 18:24        --------        d-----w-        c:\users\Manuel\AppData\Local\PackageAware

2011-01-11 17:50 . 2009-10-10 03:17        14336        ----a-w-        c:\windows\system32\drivers\sffp_sd.sys

2011-01-11 17:50 . 2009-10-10 02:41        109056        ----a-w-        c:\windows\system32\drivers\sdbus.sys

2011-01-11 17:39 . 2011-01-11 17:39        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Malwarebytes

2011-01-11 17:39 . 2010-12-20 17:09        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-01-11 17:39 . 2011-01-11 17:39        --------        d-----w-        c:\programdata\Malwarebytes

2011-01-11 17:39 . 2011-01-11 17:39        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-01-11 17:39 . 2010-12-20 17:08        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-01-11 17:00 . 2011-01-11 17:00        --------        d-----w-        c:\users\Manuel\AppData\Roaming\Runscanner.net

2011-01-11 16:58 . 2010-11-10 05:35        8199504        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E4C57978-F98A-4665-80D6-45109E385B2C}\mpengine.dll

2011-01-09 08:28 . 2011-01-09 08:28        --------        d-----w-        c:\programdata\TomTom

2011-01-09 08:28 . 2011-01-09 08:28        --------        d-----w-        c:\users\Manuel\AppData\Roaming\TomTom

2011-01-09 08:28 . 2011-01-09 08:28        --------        d-----w-        c:\users\Manuel\AppData\Local\TomTom

2011-01-09 08:28 . 2011-01-09 08:28        --------        d-----w-        c:\program files (x86)\TomTom International B.V

2011-01-09 08:27 . 2011-01-09 08:27        --------        d-----w-        c:\program files (x86)\TomTom HOME 2

2010-12-27 16:03 . 2010-12-27 16:03        --------        d-----w-        c:\program files\iPod

2010-12-27 16:03 . 2010-12-27 16:05        --------        d-----w-        c:\program files\iTunes

2010-12-20 12:56 . 2010-12-20 12:56        --------        d-----w-        c:\programdata\{23D58E70-3B83-4B83-A227-68770F84F5EC}

2010-12-16 16:44 . 2010-10-27 05:06        2048        ----a-w-        c:\windows\system32\tzres.dll

2010-12-16 16:44 . 2010-10-27 04:32        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2010-12-16 16:43 . 2010-11-02 05:16        1114624        ----a-w-        c:\windows\system32\schedsvc.dll

2010-12-16 16:43 . 2010-11-02 05:18        524288        ----a-w-        c:\windows\system32\wmicmiplugin.dll

2010-12-16 16:43 . 2010-11-02 05:17        473600        ----a-w-        c:\windows\system32\taskcomp.dll

2010-12-16 16:43 . 2010-11-02 05:17        1169408        ----a-w-        c:\windows\system32\taskschd.dll

2010-12-16 16:43 . 2010-11-02 05:10        464384        ----a-w-        c:\windows\system32\taskeng.exe

2010-12-16 16:43 . 2010-11-02 05:10        285696        ----a-w-        c:\windows\system32\schtasks.exe

2010-12-16 16:43 . 2010-11-02 04:40        496128        ----a-w-        c:\windows\SysWow64\taskschd.dll

2010-12-16 16:43 . 2010-11-02 04:40        305152        ----a-w-        c:\windows\SysWow64\taskcomp.dll

2010-12-16 16:43 . 2010-11-02 04:34        192000        ----a-w-        c:\windows\SysWow64\taskeng.exe

2010-12-16 16:43 . 2010-11-02 04:34        179712        ----a-w-        c:\windows\SysWow64\schtasks.exe

2010-12-16 16:42 . 2010-10-20 05:20        46080        ----a-w-        c:\windows\system32\atmlib.dll

2010-12-16 16:42 . 2010-10-20 04:54        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll

2010-12-16 16:42 . 2010-10-20 03:05        367104        ----a-w-        c:\windows\system32\atmfd.dll

2010-12-16 16:42 . 2010-10-20 02:58        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll

2010-12-16 16:42 . 2010-10-20 03:09        3124224        ----a-w-        c:\windows\system32\win32k.sys

2010-12-16 16:42 . 2010-10-16 05:19        395776        ----a-w-        c:\windows\system32\webio.dll

2010-12-16 16:42 . 2010-10-16 04:36        314368        ----a-w-        c:\windows\SysWow64\webio.dll

2010-12-16 16:41 . 2010-10-12 05:00        516096        ----a-w-        c:\program files\Windows Mail\wab.exe

2010-12-16 16:41 . 2010-10-12 04:25        516096        ----a-w-        c:\program files (x86)\Windows Mail\wab.exe

2010-12-16 16:41 . 2010-10-12 05:05        35328        ----a-w-        c:\program files\Windows Mail\wabfind.dll

2010-12-16 16:41 . 2010-10-16 05:23        112000        ----a-w-        c:\windows\system32\consent.exe
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-01-13 08:47 . 2010-02-25 20:31        188216        ----a-w-        c:\windows\SysWow64\aswBoot.exe

2011-01-13 08:41 . 2010-02-25 20:32        273488        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-01-13 08:40 . 2010-02-25 20:31        51792        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-01-13 08:37 . 2010-02-25 20:32        29264        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-01-13 08:37 . 2010-02-25 20:31        62032        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-01-13 08:37 . 2010-02-25 20:32        20560        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2010-12-31 20:06 . 2010-06-29 15:32        38848        ----a-w-        c:\windows\avastSS.scr

2010-11-29 16:38 . 2010-11-29 16:38        94208        ----a-w-        c:\windows\SysWow64\QuickTimeVR.qtx

2010-11-29 16:38 . 2010-11-29 16:38        69632        ----a-w-        c:\windows\SysWow64\QuickTime.qts

2010-10-27 12:28 . 2010-10-27 12:28        11320        ----a-w-        c:\windows\help\OEM\Scripts\HPSARedirectorLauncher.exe

2010-10-19 09:41 . 2010-02-25 20:57        270720        ------w-        c:\windows\system32\MpSigStub.exe

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
 

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)
 

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-21 140712]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2009-12-21 19912]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2009-12-21 13264]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]

R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2009-12-03 37392]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/15 01:34];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-10-02 21:38 146928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]

S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]

S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-12 1924400]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-09-17 35104]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
 
 

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc
 

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 12:24        451872        ----a-w-        c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.
 

--------- x86-64 -----------
 
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\cofi.exe\CF12891.cfxxe" [X]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 171520]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.ch/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\users\Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\5pua8ym7.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ch/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files (x86)\DigitalPersona\Bin\FirefoxExt

FF - Ext: DigitalPersona Extension: otis@digitalpersona.com - c:\program files (x86)\DigitalPersona\Bin\firefoxext

FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

FF - Ext: TradeManager-Plugin: {4D144BC3-23FB-47de-90C5-63CCB0139CCF} - %profile%\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF}

FF - Ext: <?xmlversion=1.0?><RDF xmlns=hxxp://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=hxxp://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr

FF - Ext: UploadScreenshot.com Capture: uss-button@uploadscreenshot.com - %profile%\extensions\uss-button@uploadscreenshot.com

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
 
 
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

c:\program files\Alwil Software\Avast5\AvastUI.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-01-13  19:01:40 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-01-13 18:01
 

Vor Suchlauf: 10 Verzeichnis(se), 335'703'728'128 Bytes frei

Nach Suchlauf: 17 Verzeichnis(se), 335'001'858'048 Bytes frei
 

- - End Of File - - 957541CA465038131E7745AF8FDDD98C

Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

Mal ned dumme Frage:Ist mein System durch irgendwas infiziert?

Wenn dem nicht so wäre, hätte MBAM nicht so viele Einträge gefunden. Scheint aber eher harmlos zu sein. Des Rest versuch ich herauszufinden wenn du mal die Logs postest! :kloppen:

Code:

GMER 1.0.15.15530 - hxxp://www.gmer.net

Rootkit scan 2011-01-13 21:09:14

Windows 6.1.7600  

Running: xivn9zwn.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137889b3                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137889b3@002248db085a         0xC2 0x59 0x3B 0xAE ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137889b3@0025e7a82bcd         0xA6 0xB5 0x66 0x9C ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137889b3@0022fc56a5af         0x0E 0xFE 0xC9 0x1F ...

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0027137889b3@0023455a7683         0x44 0x7A 0x2C 0xB9 ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137889b3 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137889b3@002248db085a             0xC2 0x59 0x3B 0xAE ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137889b3@0025e7a82bcd             0xA6 0xB5 0x66 0x9C ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137889b3@0022fc56a5af             0x0E 0xFE 0xC9 0x1F ...

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0027137889b3@0023455a7683             0x44 0x7A 0x2C 0xB9 ...
 

---- EOF - GMER 1.0.15 ----

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Home Premium Edition

Windows Information:                 (build 7600), 64-bit

Base Board Manufacturer:        Hewlett-Packard

BIOS Manufacturer:                Hewlett-Packard

System Manufacturer:                Hewlett-Packard

System Product Name:                HP Pavilion dv6 Notebook PC

Logical Drives Mask:                0x0000003c
 

Kernel Drivers (total 254):

  0x02E14000 \SystemRoot\system32\ntoskrnl.exe

  0x033F0000 \SystemRoot\system32\hal.dll

  0x00BC5000 \SystemRoot\system32\kdcom.dll

  0x00CAF000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00CBC000 \SystemRoot\system32\PSHED.dll

  0x00CD0000 \SystemRoot\system32\CLFS.SYS

  0x00D2E000 \SystemRoot\system32\CI.dll

  0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00DEE000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00EDD000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x00F34000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

  0x00F3D000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x00F47000 \SystemRoot\system32\DRIVERS\pci.sys

  0x00F7A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x00F87000 \SystemRoot\system32\DRIVERS\isapnp.sys

  0x00F90000 \SystemRoot\system32\DRIVERS\mpio.sys

  0x00FBA000 \SystemRoot\System32\drivers\partmgr.sys

  0x00FCF000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x00FD8000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x00FE4000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00E5C000 \SystemRoot\system32\DRIVERS\intelide.sys

  0x00E64000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x00E74000 \SystemRoot\system32\DRIVERS\aliide.sys

  0x00E7B000 \SystemRoot\system32\DRIVERS\amdide.sys

  0x00E82000 \SystemRoot\system32\DRIVERS\cmdide.sys

  0x00E8A000 \SystemRoot\System32\drivers\mountmgr.sys

  0x00EA4000 \SystemRoot\system32\DRIVERS\msdsm.sys

  0x0104A000 \SystemRoot\system32\DRIVERS\nvraid.sys

  0x01073000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x010A3000 \SystemRoot\system32\DRIVERS\pciide.sys

  0x010AA000 \SystemRoot\system32\DRIVERS\viaide.sys

  0x010B2000 \SystemRoot\system32\DRIVERS\iaStorV.sys

  0x011D0000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x01000000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x0102A000 \SystemRoot\system32\DRIVERS\lsi_sas.sys

  0x0128F000 \SystemRoot\system32\DRIVERS\storport.sys

  0x012F1000 \SystemRoot\system32\DRIVERS\msahci.sys

  0x012FC000 \SystemRoot\system32\DRIVERS\HpSAMD.sys

  0x01313000 \SystemRoot\system32\DRIVERS\adp94xx.sys

  0x0138E000 \SystemRoot\system32\DRIVERS\adpahci.sys

  0x01200000 \SystemRoot\system32\DRIVERS\adpu320.sys

  0x0122F000 \SystemRoot\system32\DRIVERS\amdsata.sys

  0x01442000 \SystemRoot\system32\DRIVERS\amdsbs.sys

  0x01489000 \SystemRoot\system32\DRIVERS\amdxata.sys

  0x01494000 \SystemRoot\system32\DRIVERS\arc.sys

  0x014AD000 \SystemRoot\system32\DRIVERS\arcsas.sys

  0x014C8000 \SystemRoot\system32\DRIVERS\elxstor.sys

  0x0154F000 \SystemRoot\system32\DRIVERS\iirsp.sys

  0x01560000 \SystemRoot\system32\DRIVERS\lsi_fc.sys

  0x0157F000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys

  0x01592000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys

  0x015B1000 \SystemRoot\system32\DRIVERS\megasas.sys

  0x01652000 \SystemRoot\system32\DRIVERS\MegaSR.sys

  0x016F6000 \SystemRoot\system32\DRIVERS\nfrd960.sys

  0x01706000 \SystemRoot\system32\DRIVERS\nvstor.sys

  0x01851000 \SystemRoot\system32\DRIVERS\ql2300.sys

  0x01731000 \SystemRoot\system32\DRIVERS\ql40xx.sys

  0x01800000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys

  0x0180E000 \SystemRoot\system32\DRIVERS\sisraid4.sys

  0x01826000 \SystemRoot\system32\DRIVERS\stexstor.sys

  0x01790000 \SystemRoot\system32\DRIVERS\vsmraid.sys

  0x01600000 \SystemRoot\system32\drivers\fltmgr.sys

  0x01830000 \SystemRoot\system32\drivers\fileinfo.sys

  0x01A1C000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01CA8000 \SystemRoot\System32\Drivers\msrpc.sys

  0x01D06000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x01D20000 \SystemRoot\System32\Drivers\cng.sys

  0x01D93000 \SystemRoot\System32\drivers\pcw.sys

  0x01DA4000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x01E12000 \SystemRoot\system32\drivers\ndis.sys

  0x01F04000 \SystemRoot\system32\drivers\NETIO.SYS

  0x01F64000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x02002000 \SystemRoot\System32\drivers\tcpip.sys

  0x01F8F000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01FD9000 \SystemRoot\system32\DRIVERS\wd.sys

  0x01DAE000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x01FE1000 \SystemRoot\System32\Drivers\spldr.sys

  0x01C00000 \SystemRoot\system32\DRIVERS\sbp2port.sys

  0x01C1D000 \SystemRoot\System32\drivers\rdyboost.sys

  0x01FE9000 \SystemRoot\System32\Drivers\mup.sys

  0x01E00000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x01C57000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

  0x01C61000 \SystemRoot\system32\DRIVERS\hotcore3.sys

  0x01C6D000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01BBF000 \SystemRoot\system32\DRIVERS\disk.sys

  0x01E09000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x017BA000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x01A13000 \SystemRoot\System32\Drivers\Null.SYS

  0x01844000 \SystemRoot\System32\Drivers\Beep.SYS

  0x017E4000 \SystemRoot\System32\drivers\vga.sys

  0x015BD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x015E2000 \SystemRoot\System32\drivers\watchdog.sys

  0x019F5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x017F2000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x015F2000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x01400000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x0140B000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x0141C000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x0124D000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x0125A000 \SystemRoot\System32\Drivers\aswTdi.SYS

  0x03457000 \SystemRoot\system32\drivers\afd.sys

  0x034E1000 \SystemRoot\System32\Drivers\aswRdr.SYS

  0x034EB000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x03530000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x03539000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x0355F000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x03575000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x035A1000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x035BC000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x03400000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x03584000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x03590000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x035D0000 \SystemRoot\System32\drivers\discache.sys

  0x035DF000 \SystemRoot\System32\Drivers\dfsc.sys

  0x0126A000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x04214000 \SystemRoot\System32\Drivers\aswSP.SYS

  0x0425D000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x04283000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x0442D000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x04A44000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x04A7A000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x04B6E000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x04BB4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x04C2B000 \SystemRoot\system32\DRIVERS\athrx.sys

  0x04D9A000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x04DA7000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x04DE0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x04DED000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x04298000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x04C00000 \SystemRoot\system32\DRIVERS\usbfilter.sys

  0x04C0D000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x04C0F000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x04BD8000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x04400000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

  0x0440C000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x042EE000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x0441B000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x04341000 \SystemRoot\system32\DRIVERS\enecir.sys

  0x04C20000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x04BF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x0435E000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

  0x0436A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x0437A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x04390000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x043B4000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x043C0000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x013E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x011D9000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x050B9000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x050D3000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x050D5000 \SystemRoot\system32\DRIVERS\ks.sys

  0x05118000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x0512A000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x0513C000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x05196000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x051AB000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x05000000 \SystemRoot\system32\drivers\portcls.sys

  0x0503D000 \SystemRoot\system32\drivers\drmk.sys

  0x0505F000 \SystemRoot\system32\drivers\ksthunk.sys

  0x062CB000 \SystemRoot\system32\DRIVERS\stwrt64.sys

  0x0634A000 \SystemRoot\system32\DRIVERS\hidir.sys

  0x0635B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x06374000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x0637D000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x0638B000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x00010000 \SystemRoot\System32\win32k.sys

  0x06398000 \SystemRoot\System32\drivers\Dxapi.sys

  0x063A4000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x063B2000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x063BE000 \SystemRoot\System32\Drivers\dump_msahci.sys

  0x063C9000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x063DC000 \SystemRoot\system32\DRIVERS\WinUSB.sys

  0x06200000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x05065000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x063ED000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x005A0000 \SystemRoot\System32\TSDDD.dll

  0x051CC000 \SystemRoot\system32\DRIVERS\rfcomm.sys

  0x006D0000 \SystemRoot\System32\cdd.dll

  0x02DF4000 \SystemRoot\system32\DRIVERS\btwrchid.sys

  0x00840000 \SystemRoot\System32\ATMFD.DLL

  0x02C00000 \SystemRoot\system32\drivers\luafv.sys

  0x02C23000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

  0x02C5D000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

  0x02C66000 \SystemRoot\system32\drivers\WudfPf.sys

  0x02C87000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x0402D000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x04080000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x04093000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x040AB000 \SystemRoot\system32\DRIVERS\vwifimp.sys

  0x040B5000 \SystemRoot\system32\drivers\HTTP.sys

  0x0417D000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x0419B000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x041B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x066C4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x06712000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x06735000 \SystemRoot\system32\drivers\peauth.sys

  0x067DB000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x06600000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x0662D000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x0663F000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

  0x06EF3000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x06F5A000 \SystemRoot\System32\DRIVERS\srv.sys

  0x06E71000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

  0x06E79000 \SystemRoot\System32\Drivers\BTHUSB.sys

  0x02C9C000 \SystemRoot\System32\Drivers\bthport.sys

  0x06E91000 \SystemRoot\system32\DRIVERS\BthEnum.sys

  0x06EA1000 \SystemRoot\system32\DRIVERS\bthpan.sys

  0x06EC1000 \SystemRoot\system32\DRIVERS\bthmodem.sys

  0x06ED8000 \SystemRoot\system32\drivers\modem.sys

  0x02D28000 \SystemRoot\system32\drivers\btwavdt.sys

  0x06E00000 \SystemRoot\system32\DRIVERS\hidbth.sys

  0x0621D000 \SystemRoot\system32\drivers\btwaudio.sys

  0x06E1E000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

  0x77300000 \Windows\System32\ntdll.dll

  0x48040000 \Windows\System32\smss.exe

  0xFF620000 \Windows\System32\apisetschema.dll

  0xFF8D0000 \Windows\System32\autochk.exe

  0xFF5F0000 \Windows\System32\sechost.dll

  0x774D0000 \Windows\System32\psapi.dll

  0x774C0000 \Windows\System32\normaliz.dll

  0xFF550000 \Windows\System32\comdlg32.dll

  0xFF3D0000 \Windows\System32\urlmon.dll

  0xFF3C0000 \Windows\System32\nsi.dll

  0xFF3A0000 \Windows\System32\imagehlp.dll

  0xFF320000 \Windows\System32\difxapi.dll

  0xFF240000 \Windows\System32\oleaut32.dll

  0xFF1A0000 \Windows\System32\clbcatq.dll

  0xFEF40000 \Windows\System32\iertutil.dll

  0xFEEF0000 \Windows\System32\Wldap32.dll

  0xFEE50000 \Windows\System32\msvcrt.dll

  0xFEC70000 \Windows\System32\setupapi.dll

  0xFEC40000 \Windows\System32\imm32.dll

  0xFEB10000 \Windows\System32\rpcrt4.dll

  0xFEB00000 \Windows\System32\lpk.dll

  0x771E0000 \Windows\System32\kernel32.dll

  0x770E0000 \Windows\System32\user32.dll

  0xFEAB0000 \Windows\System32\ws2_32.dll

  0xFE8A0000 \Windows\System32\ole32.dll

  0xFE7D0000 \Windows\System32\usp10.dll

  0xFE6F0000 \Windows\System32\advapi32.dll

  0xFE5C0000 \Windows\System32\wininet.dll

  0xFD830000 \Windows\System32\shell32.dll

  0xFD7C0000 \Windows\System32\gdi32.dll

  0xFD6B0000 \Windows\System32\msctf.dll

  0xFD630000 \Windows\System32\shlwapi.dll

  0xFD5F0000 \Windows\System32\cfgmgr32.dll

  0xFD5B0000 \Windows\System32\wintrust.dll

  0xFD510000 \Windows\System32\comctl32.dll

  0xFD4F0000 \Windows\System32\devobj.dll

  0xFD480000 \Windows\System32\KernelBase.dll

  0xFD310000 \Windows\System32\crypt32.dll

  0xFD300000 \Windows\System32\msasn1.dll

  0x750E0000 \Windows\SysWOW64\normaliz.dll
 

Processes (total 68):

       0 System Idle Process

       4 System

     288 C:\Windows\System32\smss.exe

     396 csrss.exe

     468 C:\Windows\System32\wininit.exe

     488 csrss.exe

     540 C:\Windows\System32\services.exe

     552 C:\Windows\System32\lsass.exe

     560 C:\Windows\System32\lsm.exe

     676 C:\Windows\System32\svchost.exe

     780 C:\Windows\System32\winlogon.exe

     808 C:\Windows\System32\svchost.exe

     856 C:\Windows\System32\atiesrxx.exe

     928 C:\Windows\System32\svchost.exe

     960 C:\Windows\System32\svchost.exe

     992 C:\Windows\System32\svchost.exe

     300 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe

    1044 C:\Windows\System32\svchost.exe

    1092 C:\Windows\System32\hpservice.exe

    1168 C:\Windows\System32\vcsFPService.exe

    1264 C:\Windows\System32\svchost.exe

    1388 C:\Windows\System32\atieclxx.exe

    1428 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    1812 C:\Windows\System32\spoolsv.exe

    1856 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

    1980 C:\Windows\System32\svchost.exe

    1136 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

    1352 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1612 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    1864 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    2020 C:\Windows\SysWOW64\svchost.exe

    2112 C:\Windows\System32\svchost.exe

    2144 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    2188 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    2248 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    2320 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    2388 C:\Windows\System32\svchost.exe

    2440 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    2752 C:\Windows\System32\taskhost.exe

    2832 C:\Windows\System32\dwm.exe

    2868 C:\Windows\explorer.exe

    2060 C:\Windows\System32\svchost.exe

    3748 C:\Windows\System32\taskeng.exe

    3840 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    3856 C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

    4084 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    3100 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    3132 C:\Program Files\Java\jre6\bin\jusched.exe

     708 C:\Windows\WindowsMobile\wmdc.exe

    3260 C:\Program Files\IDT\WDM\sttray64.exe

    3340 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

    3344 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    3376 C:\Windows\System32\svchost.exe

    2980 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    2880 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    3316 C:\Windows\System32\SearchIndexer.exe

    3320 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

    2776 C:\Program Files\Windows Media Player\wmpnetwk.exe

    3384 C:\Windows\System32\svchost.exe

    2220 C:\Windows\System32\svchost.exe

    3152 C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    4948 C:\Program Files (x86)\Winamp\winampa.exe

    3308 C:\Windows\System32\audiodg.exe

    1880 C:\Windows\System32\SearchProtocolHost.exe

    4304 C:\Windows\System32\SearchFilterHost.exe

    4308 C:\Users\Manuel\Desktop\MBRCheck.exe

    4280 C:\Windows\System32\conhost.exe

    1896 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`87800000  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000  (FAT32)
 

PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC70E
 

      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: 1284BC985A795D8594F74D43B73C71A426CA41A1
 
 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit: 
 

Done!

Zitat:

465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 1284BC985A795D8594F74D43B73C71A426CA41A1
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Hast du eine Win7-DVD (64-Bit) zu Hand? Wir müsen den MBR fixen.

Leider nicht. Windows war auf dem Laptop vorinstalliert, habe keine CD davon.

Dann müssen wir es mit einer 64-Bit-Vista-Recuedisc probieren, Falls Windows danach nicht mehr startet, müsstest du dir aber so eine Win7-DVD besorgen.

=> Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

Was ist denn nun an meinem Laptop nicht in Ordnung? Kannst du mir das erklären, so dass ich es verstehe?

Setze ich damit meinen Laptop neu auf? Ist das drigend notwendig?

Und warum Vista? Ich habe ja Windows 7 drauf.

Danke für deine Hilfe:party:

Liest du meine Beiträge nicht? Ich muss die Vista-Rescue-Disc verlinken, weil du keine Win7-DVD hast! :balla:
Und ich hab auch erwähnt, dass wir den MBR fixen müssen, ich hab nichts von Neuaufsetzen gepostet! :balla:

Ich lese deine Beitrage sehr wohl, ich verstehe von dem Zeugs eifach nichts, sorry:dummguck:

Mir sagt auch der Begriff MBR rein gar nichts, darum habe ich gefragt, ob du mir vielleicht erklären könntest was nicht in Ordnung ist, so dass ich es verstehe...

Stell dir den MBR als allerersten Sektor deiner Platte vor. In diesem MBR steht eine Partitionstabelle und Startcode, damit dein Rechner überhaupt ein Betriebssystem booten kann. Diesen MBR können Schädlinge manipulieren, um sich besser zu verstecken. Da MBRCheck einen nicht-standardmäßigen MBR meldet, muss man den MBR vorsichtshalber glattziehen.

Alles klar jetzt? :D

Ok, danke fürs Erklären.

Hast den MBR jetzt nach meiner Anleitung gefixt?

Jop, habs gerade gefixt. Beide Eingaben wurden erfolgreich aufgeführt und Windows hat nach dem Neustart ohne Probleme gebootet.

So, hab nochmals einen MBR Check gemacht nachdem ich ihn gefixt habe. Ist nun alles wieder so wies sein sollte?

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:                        

Windows Version:                Windows 7 Home Premium Edition

Windows Information:                 (build 7600), 64-bit

Base Board Manufacturer:        Hewlett-Packard

BIOS Manufacturer:                Hewlett-Packard

System Manufacturer:                Hewlett-Packard

System Product Name:                HP Pavilion dv6 Notebook PC

Logical Drives Mask:                0x0000003c
 

Kernel Drivers (total 253):

  0x02E10000 \SystemRoot\system32\ntoskrnl.exe

  0x033EC000 \SystemRoot\system32\hal.dll

  0x00BB7000 \SystemRoot\system32\kdcom.dll

  0x00CE0000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll

  0x00CED000 \SystemRoot\system32\PSHED.dll

  0x00D01000 \SystemRoot\system32\CLFS.SYS

  0x00C00000 \SystemRoot\system32\CI.dll

  0x00E0A000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x00EAE000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x00EBD000 \SystemRoot\system32\DRIVERS\ACPI.sys

  0x00F14000 \SystemRoot\system32\DRIVERS\WMILIB.SYS

  0x00F1D000 \SystemRoot\system32\DRIVERS\msisadrv.sys

  0x00F27000 \SystemRoot\system32\DRIVERS\pci.sys

  0x00F5A000 \SystemRoot\system32\DRIVERS\vdrvroot.sys

  0x00F67000 \SystemRoot\system32\DRIVERS\isapnp.sys

  0x00F70000 \SystemRoot\system32\DRIVERS\mpio.sys

  0x00F9A000 \SystemRoot\System32\drivers\partmgr.sys

  0x00FAF000 \SystemRoot\system32\DRIVERS\compbatt.sys

  0x00FB8000 \SystemRoot\system32\DRIVERS\BATTC.SYS

  0x00FC4000 \SystemRoot\system32\DRIVERS\volmgr.sys

  0x00D5F000 \SystemRoot\System32\drivers\volmgrx.sys

  0x00FD9000 \SystemRoot\system32\DRIVERS\intelide.sys

  0x00FE1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS

  0x00FF1000 \SystemRoot\system32\DRIVERS\aliide.sys

  0x00FF8000 \SystemRoot\system32\DRIVERS\amdide.sys

  0x00E00000 \SystemRoot\system32\DRIVERS\cmdide.sys

  0x00DBB000 \SystemRoot\System32\drivers\mountmgr.sys

  0x00DD5000 \SystemRoot\system32\DRIVERS\msdsm.sys

  0x0109C000 \SystemRoot\system32\DRIVERS\nvraid.sys

  0x010C5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

  0x010F5000 \SystemRoot\system32\DRIVERS\pciide.sys

  0x010FC000 \SystemRoot\system32\DRIVERS\viaide.sys

  0x01258000 \SystemRoot\system32\DRIVERS\iaStorV.sys

  0x01376000 \SystemRoot\system32\DRIVERS\atapi.sys

  0x0137F000 \SystemRoot\system32\DRIVERS\ataport.SYS

  0x013A9000 \SystemRoot\system32\DRIVERS\lsi_sas.sys

  0x01104000 \SystemRoot\system32\DRIVERS\storport.sys

  0x013C6000 \SystemRoot\system32\DRIVERS\msahci.sys

  0x013D1000 \SystemRoot\system32\DRIVERS\HpSAMD.sys

  0x01166000 \SystemRoot\system32\DRIVERS\adp94xx.sys

  0x01200000 \SystemRoot\system32\DRIVERS\adpahci.sys

  0x01000000 \SystemRoot\system32\DRIVERS\adpu320.sys

  0x0102F000 \SystemRoot\system32\DRIVERS\amdsata.sys

  0x0104D000 \SystemRoot\system32\DRIVERS\amdsbs.sys

  0x013E8000 \SystemRoot\system32\DRIVERS\amdxata.sys

  0x011E1000 \SystemRoot\system32\DRIVERS\arc.sys

  0x00CC0000 \SystemRoot\system32\DRIVERS\arcsas.sys

  0x014B6000 \SystemRoot\system32\DRIVERS\elxstor.sys

  0x0153D000 \SystemRoot\system32\DRIVERS\iirsp.sys

  0x0154E000 \SystemRoot\system32\DRIVERS\lsi_fc.sys

  0x0156D000 \SystemRoot\system32\DRIVERS\lsi_sas2.sys

  0x01580000 \SystemRoot\system32\DRIVERS\lsi_scsi.sys

  0x0159F000 \SystemRoot\system32\DRIVERS\megasas.sys

  0x01400000 \SystemRoot\system32\DRIVERS\MegaSR.sys

  0x014A4000 \SystemRoot\system32\DRIVERS\nfrd960.sys

  0x015AB000 \SystemRoot\system32\DRIVERS\nvstor.sys

  0x0165B000 \SystemRoot\system32\DRIVERS\ql2300.sys

  0x01897000 \SystemRoot\system32\DRIVERS\ql40xx.sys

  0x018F6000 \SystemRoot\system32\DRIVERS\SiSRaid2.sys

  0x01904000 \SystemRoot\system32\DRIVERS\sisraid4.sys

  0x0191C000 \SystemRoot\system32\DRIVERS\stexstor.sys

  0x01926000 \SystemRoot\system32\DRIVERS\vsmraid.sys

  0x01950000 \SystemRoot\system32\drivers\fltmgr.sys

  0x0199C000 \SystemRoot\system32\drivers\fileinfo.sys

  0x01A50000 \SystemRoot\System32\Drivers\Ntfs.sys

  0x01800000 \SystemRoot\System32\Drivers\msrpc.sys

  0x01A00000 \SystemRoot\System32\Drivers\ksecdd.sys

  0x01C9D000 \SystemRoot\System32\Drivers\cng.sys

  0x01D10000 \SystemRoot\System32\drivers\pcw.sys

  0x01D21000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x01E71000 \SystemRoot\system32\drivers\ndis.sys

  0x01F63000 \SystemRoot\system32\drivers\NETIO.SYS

  0x01FC3000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x02002000 \SystemRoot\System32\drivers\tcpip.sys

  0x01E00000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x01E4A000 \SystemRoot\system32\DRIVERS\wd.sys

  0x01D2B000 \SystemRoot\system32\DRIVERS\volsnap.sys

  0x01E52000 \SystemRoot\System32\Drivers\spldr.sys

  0x01D77000 \SystemRoot\system32\DRIVERS\sbp2port.sys

  0x01D94000 \SystemRoot\System32\drivers\rdyboost.sys

  0x01E5A000 \SystemRoot\System32\Drivers\mup.sys

  0x01FEE000 \SystemRoot\System32\drivers\hwpolicy.sys

  0x01DCE000 \SystemRoot\system32\DRIVERS\hpdskflt.sys

  0x01DD8000 \SystemRoot\system32\DRIVERS\hotcore3.sys

  0x01C00000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x01C3A000 \SystemRoot\system32\DRIVERS\disk.sys

  0x01FF7000 \SystemRoot\system32\DRIVERS\AtiPcie.sys

  0x01A1A000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0x01C88000 \SystemRoot\System32\Drivers\Null.SYS

  0x01C91000 \SystemRoot\System32\Drivers\Beep.SYS

  0x01DE4000 \SystemRoot\System32\drivers\vga.sys

  0x0185E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

  0x01883000 \SystemRoot\System32\drivers\watchdog.sys

  0x01DF2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0x01A44000 \SystemRoot\system32\drivers\rdpencdd.sys

  0x01BF3000 \SystemRoot\system32\drivers\rdprefmp.sys

  0x019B0000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x019BB000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x019CC000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x019EA000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x01600000 \SystemRoot\System32\Drivers\aswTdi.SYS

  0x034A2000 \SystemRoot\system32\drivers\afd.sys

  0x0352C000 \SystemRoot\System32\Drivers\aswRdr.SYS

  0x03536000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x0357B000 \SystemRoot\system32\DRIVERS\wfplwf.sys

  0x03584000 \SystemRoot\system32\DRIVERS\pacer.sys

  0x035AA000 \SystemRoot\system32\DRIVERS\vwififlt.sys

  0x035C0000 \SystemRoot\system32\DRIVERS\netbios.sys

  0x03400000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0x0341B000 \SystemRoot\system32\DRIVERS\termdd.sys

  0x0342F000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x03480000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x0348C000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0x035CF000 \SystemRoot\System32\drivers\discache.sys

  0x035DE000 \SystemRoot\System32\Drivers\dfsc.sys

  0x01610000 \SystemRoot\system32\DRIVERS\blbdrive.sys

  0x0422C000 \SystemRoot\System32\Drivers\aswSP.SYS

  0x04275000 \SystemRoot\system32\DRIVERS\tunnel.sys

  0x0429B000 \SystemRoot\system32\DRIVERS\amdppm.sys

  0x04400000 \SystemRoot\system32\DRIVERS\atikmdag.sys

  0x04A17000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x04A4D000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x04B41000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x04B87000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

  0x04C2D000 \SystemRoot\system32\DRIVERS\athrx.sys

  0x04D9C000 \SystemRoot\system32\DRIVERS\vwifibus.sys

  0x04DA9000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

  0x04DE2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

  0x04DEF000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0x042B0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0x04C00000 \SystemRoot\system32\DRIVERS\usbfilter.sys

  0x04C0D000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0x04C0F000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0x04BAB000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0x04C20000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys

  0x04BC9000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0x04306000 \SystemRoot\system32\DRIVERS\SynTP.sys

  0x04BD8000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0x04359000 \SystemRoot\system32\DRIVERS\enecir.sys

  0x04DFA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

  0x04BE7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

  0x04BF0000 \SystemRoot\system32\DRIVERS\Accelerometer.sys

  0x04376000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

  0x04386000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

  0x0439C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0x043C0000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0x043CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0x04200000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0x01621000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0x015D6000 \SystemRoot\system32\DRIVERS\rassstp.sys

  0x04BFC000 \SystemRoot\system32\DRIVERS\swenum.sys

  0x05065000 \SystemRoot\system32\DRIVERS\ks.sys

  0x050A8000 \SystemRoot\system32\DRIVERS\circlass.sys

  0x050BA000 \SystemRoot\system32\DRIVERS\umbus.sys

  0x050CC000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0x05126000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0x0513B000 \SystemRoot\system32\drivers\AtiHdmi.sys

  0x0515C000 \SystemRoot\system32\drivers\portcls.sys

  0x05199000 \SystemRoot\system32\drivers\drmk.sys

  0x051BB000 \SystemRoot\system32\drivers\ksthunk.sys

  0x06288000 \SystemRoot\system32\DRIVERS\stwrt64.sys

  0x06307000 \SystemRoot\system32\DRIVERS\hidir.sys

  0x06318000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

  0x06331000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

  0x0633A000 \SystemRoot\system32\DRIVERS\kbdhid.sys

  0x06348000 \SystemRoot\system32\DRIVERS\mouhid.sys

  0x000E0000 \SystemRoot\System32\win32k.sys

  0x06355000 \SystemRoot\System32\drivers\Dxapi.sys

  0x06361000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x0636F000 \SystemRoot\System32\Drivers\dump_dumpata.sys

  0x0637B000 \SystemRoot\System32\Drivers\dump_msahci.sys

  0x06386000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x06399000 \SystemRoot\system32\DRIVERS\usbccgp.sys

  0x063B6000 \SystemRoot\System32\Drivers\usbvideo.sys

  0x063E4000 \SystemRoot\system32\DRIVERS\monitor.sys

  0x06211000 \SystemRoot\System32\Drivers\BTHUSB.sys

  0x02C79000 \SystemRoot\System32\Drivers\bthport.sys

  0x00490000 \SystemRoot\System32\TSDDD.dll

  0x00660000 \SystemRoot\System32\cdd.dll

  0x02D05000 \SystemRoot\system32\DRIVERS\rfcomm.sys

  0x02D31000 \SystemRoot\system32\DRIVERS\BthEnum.sys

  0x02D41000 \SystemRoot\system32\DRIVERS\bthpan.sys

  0x02D61000 \SystemRoot\system32\DRIVERS\bthmodem.sys

  0x02D78000 \SystemRoot\system32\drivers\modem.sys

  0x02E2E000 \SystemRoot\system32\drivers\btwavdt.sys

  0x02EA9000 \SystemRoot\system32\DRIVERS\hidbth.sys

  0x02EC7000 \SystemRoot\system32\drivers\btwaudio.sys

  0x02F4D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys

  0x02F59000 \SystemRoot\system32\DRIVERS\btwrchid.sys

  0x00810000 \SystemRoot\System32\ATMFD.DLL

  0x02F5D000 \SystemRoot\system32\drivers\luafv.sys

  0x02F80000 \??\C:\Windows\system32\drivers\aswMonFlt.sys

  0x02FBA000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

  0x02FC3000 \SystemRoot\system32\drivers\WudfPf.sys

  0x02FE4000 \SystemRoot\system32\DRIVERS\lltdio.sys

  0x02D87000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x02E00000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0x02E13000 \SystemRoot\system32\DRIVERS\rspndr.sys

  0x02DDA000 \SystemRoot\system32\DRIVERS\vwifimp.sys

  0x068F7000 \SystemRoot\system32\drivers\HTTP.sys

  0x069BF000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x069DD000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x06800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x0682D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x0687B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x0707F000 \SystemRoot\system32\drivers\peauth.sys

  0x07125000 \SystemRoot\System32\Drivers\secdrv.SYS

  0x07130000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x0715D000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x0716F000 \??\c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl

  0x07000000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x072A3000 \SystemRoot\System32\DRIVERS\srv.sys

  0x07271000 \SystemRoot\system32\DRIVERS\WinUSB.sys

  0x76D90000 \Windows\System32\ntdll.dll

  0x48190000 \Windows\System32\smss.exe

  0xFF0B0000 \Windows\System32\apisetschema.dll

  0xFFBF0000 \Windows\System32\autochk.exe

  0xFEEC0000 \Windows\System32\setupapi.dll

  0xFEE70000 \Windows\System32\Wldap32.dll

  0x76C90000 \Windows\System32\user32.dll

  0xFEDD0000 \Windows\System32\comdlg32.dll

  0xFED30000 \Windows\System32\msvcrt.dll

  0xFED10000 \Windows\System32\imagehlp.dll

  0xFED00000 \Windows\System32\lpk.dll

  0xFEAA0000 \Windows\System32\iertutil.dll

  0xFE920000 \Windows\System32\urlmon.dll

  0xFE8F0000 \Windows\System32\imm32.dll

  0xFE870000 \Windows\System32\shlwapi.dll

  0xFE760000 \Windows\System32\msctf.dll

  0xFE630000 \Windows\System32\rpcrt4.dll

  0xFE500000 \Windows\System32\wininet.dll

  0xFE420000 \Windows\System32\advapi32.dll

  0xFE340000 \Windows\System32\oleaut32.dll

  0x76F60000 \Windows\System32\normaliz.dll

  0x76F50000 \Windows\System32\psapi.dll

  0xFE330000 \Windows\System32\nsi.dll

  0xFE2B0000 \Windows\System32\difxapi.dll

  0xFE0A0000 \Windows\System32\ole32.dll

  0xFE080000 \Windows\System32\sechost.dll

  0xFD2F0000 \Windows\System32\shell32.dll

  0xFD2A0000 \Windows\System32\ws2_32.dll

  0xFD1D0000 \Windows\System32\usp10.dll

  0x76B70000 \Windows\System32\kernel32.dll

  0xFD130000 \Windows\System32\clbcatq.dll

  0xFD0C0000 \Windows\System32\gdi32.dll

  0xFD080000 \Windows\System32\wintrust.dll

  0xFCFE0000 \Windows\System32\comctl32.dll

  0xFCFA0000 \Windows\System32\cfgmgr32.dll

  0xFCE30000 \Windows\System32\crypt32.dll

  0xFCE10000 \Windows\System32\devobj.dll

  0xFCDA0000 \Windows\System32\KernelBase.dll

  0xFCD90000 \Windows\System32\msasn1.dll

  0x755E0000 \Windows\SysWOW64\normaliz.dll
 

Processes (total 68):

       0 System Idle Process

       4 System

     288 C:\Windows\System32\smss.exe

     400 csrss.exe

     472 C:\Windows\System32\wininit.exe

     492 csrss.exe

     536 C:\Windows\System32\services.exe

     556 C:\Windows\System32\lsass.exe

     568 C:\Windows\System32\lsm.exe

     656 C:\Windows\System32\svchost.exe

     736 C:\Windows\System32\svchost.exe

     792 C:\Windows\System32\atiesrxx.exe

     844 C:\Windows\System32\winlogon.exe

     888 C:\Windows\System32\svchost.exe

     936 C:\Windows\System32\svchost.exe

     972 C:\Windows\System32\svchost.exe

    1012 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe

    1048 C:\Windows\System32\svchost.exe

    1104 C:\Windows\System32\hpservice.exe

    1216 C:\Windows\System32\vcsFPService.exe

    1276 C:\Windows\System32\svchost.exe

    1388 C:\Windows\System32\atieclxx.exe

    1404 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    1784 C:\Windows\System32\spoolsv.exe

    1852 C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe

    1964 C:\Windows\System32\svchost.exe

    1080 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

    1148 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    1500 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

    1368 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    2024 C:\Windows\SysWOW64\svchost.exe

    2100 C:\Windows\System32\svchost.exe

    2140 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

    2184 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

    2232 C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

    2268 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

    2348 C:\Windows\System32\svchost.exe

    2392 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

    2692 C:\Windows\System32\svchost.exe

    1888 C:\Windows\System32\taskhost.exe

    2212 C:\Windows\System32\dwm.exe

    2972 C:\Windows\explorer.exe

    3132 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    3140 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

    3168 C:\Program Files\Java\jre6\bin\jusched.exe

    3180 C:\Windows\WindowsMobile\wmdc.exe

    3192 C:\Program Files\IDT\WDM\sttray64.exe

    3204 C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

    3256 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    3356 C:\Windows\System32\svchost.exe

    3524 C:\Program Files (x86)\Winamp\winampa.exe

    3580 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

    3588 C:\Program Files (x86)\iTunes\iTunesHelper.exe

    3604 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    3808 C:\Program Files\iPod\bin\iPodService.exe

    3848 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

    3912 C:\Windows\System32\SearchIndexer.exe

    4000 C:\Program Files\Windows Media Player\wmpnetwk.exe

    3964 C:\Windows\System32\svchost.exe

    4596 C:\Windows\System32\taskeng.exe

    4628 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

    4652 C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

    4992 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe

    3548 C:\Windows\System32\svchost.exe

     504 C:\Windows\System32\audiodg.exe

     324 C:\Users\Manuel\Desktop\MBRCheck.exe

    3388 C:\Windows\System32\conhost.exe

    5200 C:\Windows\System32\dllhost.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`0c800000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000070`87800000  (NTFS)

\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000074`6a400000  (FAT32)
 

PhysicalDrive0 Model Number: HitachiHTS725050A9A364, Rev: PC4OC70E
 

      Size  Device Name          MBR Status

  --------------------------------------------

    465 GB  \\.\PhysicalDrive0   Windows 2008 MBR code detected

            SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
 
 

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!