|
Plagegeister aller Art und deren Bekämpfung: Virus Schweizer EidgenossenschaftWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.11.2012, 01:58 | #1 |
| Virus Schweizer Eidgenossenschaft hallo habe mir oben gelisteten virus eingefangen. könnt ihr mir helfen? habe Malwarebytes Anti-Malware mal drüber laufen lassen. hoffe hab damit nicht schon was vertan. hier die OTL files:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.11.2012 01:42:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.73% Memory free 11.81 Gb Paging File | 9.55 Gb Available in Paging File | 80.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 349.00 Gb Total Space | 297.20 Gb Free Space | 85.16% Space Free | Partition Type: NTFS Drive D: | 23.76 Gb Total Space | 2.49 Gb Free Space | 10.47% Space Free | Partition Type: NTFS Computer Name: HP-M6 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00788512-8D3B-4E21-A227-F755896EDE68}" = lport=10243 | protocol=6 | dir=in | app=system | "{012EBFE7-2CFC-47C3-A7E9-CF09BB1691A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{05C05B88-12B9-45E8-9995-000BD4F233DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{07E84A59-4ADD-492C-BF03-D78255C8E52A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0BDF70C5-12A2-4D0B-8418-1520298593B1}" = rport=445 | protocol=6 | dir=out | app=system | "{18FFCC10-F7B2-44A4-9D16-68275E7AB371}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{351E9E07-628A-4C9A-BCDC-BF92EEE1BD4E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{43DEF0B1-E504-4DE2-8008-EC0F81D4436B}" = rport=138 | protocol=17 | dir=out | app=system | "{4478168F-7203-4811-ACB3-34BB1DB3085A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{45E4BCE4-F78B-42A4-9E4B-8ED38B4E85DD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5232BA82-4F51-4D1A-AB3D-17A9A94C9B64}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5E783639-994C-489A-8992-C18791A7CEEC}" = lport=445 | protocol=6 | dir=in | app=system | "{69822409-A9EA-4084-951F-C17C1A590149}" = rport=10243 | protocol=6 | dir=out | app=system | "{6C20296C-1CA4-4918-ADA4-98C2DDCF732C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8F5F93CA-7138-40BF-81A4-D329CE28B88A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{976E369F-9C80-43C3-A5F2-A1582FC5ADF8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A483F1F1-9FF4-4447-A13C-9E6EBCEDD468}" = lport=137 | protocol=17 | dir=in | app=system | "{A9955051-F204-48B9-ACEA-1FEAFC4844E9}" = lport=138 | protocol=17 | dir=in | app=system | "{ABFFEB43-5067-4E42-90EE-96378AF4230D}" = rport=139 | protocol=6 | dir=out | app=system | "{B0C69A17-1CF0-418A-913F-FCAAF9E1EF2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | "{B9F0A9D4-3D3A-41E9-81EF-E3FDD0C6A50B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C0EF270F-0624-4007-A7D6-CE4447295B9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C103D0D9-4CB1-4102-9CEB-F99A6532F703}" = rport=137 | protocol=17 | dir=out | app=system | "{E276D037-E9CA-4D90-8313-145E29591049}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E765C7D3-7314-4342-A379-070B05923AE9}" = lport=2869 | protocol=6 | dir=in | app=system | "{FF3F8F0A-DFF3-4FED-932E-CB70B9CF6530}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{031AC3DA-929F-4159-B452-301493CE846F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{08862B9B-4BBD-48A3-BF99-26FA94480197}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{0DF8D7B7-314C-475E-B2A1-FBDD32513AA2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1808B067-542F-43DD-A18B-EDF14938CFCA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{1A393AA7-4108-4F6C-914E-46D491980A89}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2B7F77E6-A6AA-408D-961F-E39D7A6A6D9C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{2CAEB94F-187E-43FB-9B31-2342E76FB3E4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{380A7CBD-C6E4-4593-B715-544C3D8E2E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{3B6EFFC8-F2B5-4A52-BD0F-C2717618B9F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{42A8793C-5ACC-4C12-8436-B2D6B6D9D54D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{494E8017-5E0F-4736-8B3E-499FD7550AF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{4C5AF61C-A870-4EA6-B3AA-DF3E182BEC85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{553EFA73-645A-4DA2-BDE2-5A4A96A686E0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{595EC533-7A69-4EC5-A77D-AF6B86929DAC}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{5CA068AA-F07D-45D4-ADB4-5D77197829AB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{63A9F76F-7163-46D4-9743-F000E0CFB82B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{63AD03F7-83A9-4F23-A7CC-5E2A86EE141B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6ACB28C9-9599-4630-90CB-871964338DA3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6AF827A5-086C-45BE-9579-90D281FCC7A1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{839AB95D-5CC7-4328-BD86-08BB60499C5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8D963CAD-2158-4BFA-8C0A-40E2721CA940}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{9BC1B5E9-3ECF-45D4-9C3C-BAFDDAEF5D27}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{A34D081A-887C-46C1-8D26-0649ACF1D22B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A82B8C84-79A3-4E68-83C4-6FB1EF4B5530}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BE17B8EA-AF0A-40DB-B3B5-47EBDD79BAE5}" = protocol=6 | dir=out | app=system | "{C6FF8614-2A3A-40C5-B1C6-8B7766ECF7CE}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{CA13E579-3BF7-4CE4-8C29-4052AFD4CAD3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E4822EF1-D3FC-4EBC-8D65-C0C5919906B7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F279C17B-E095-4BC6-B310-2610D22466A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FFE84314-8E6E-4044-BB6B-4357D210378E}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1A3545C2-0AFD-C105-C435-54A15B8A6EEA}" = ccc-utility64 "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit) "{42719DC3-4982-47DD-B025-B21C4BDD504D}" = HP Security Assistant "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B94134E-A125-4D06-ACBE-50747148E406}" = HP 3D DriveGuard "{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = Broadcom Bluetooth Software "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources "{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources "{D8360C56-B89D-47AA-91A5-8D27A20844FB}" = Validity WBF DDK "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{E85D1C80-28C4-76B8-5A5A-2C8D8B38D5D9}" = AMD Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F9E64F70-9BE4-4ECD-9B83-09E74CF5B6C3}" = AuthenTec TrueAPI 64-bit "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{02502AFC-DF30-06EC-23CC-7051137D7010}" = CCC Help English "{04A73D68-AADD-483E-2694-3AA23A654667}" = CCC Help Chinese Standard "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack "{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D83FCDE-8CAF-45E6-907D-6AF8E2A5EE01}" = HP Documentation "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12BBA7A6-D57A-F84E-5DF7-4255C1B22F18}" = Catalyst Control Center Profiles Mobile "{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20D148CE-7130-D361-1EE9-D035CFCA162F}" = CCC Help Polish "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{29814F2A-883F-EDC9-9E36-BE76B2C98784}" = CCC Help Chinese Traditional "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6AC0F7-E57C-F084-B4AE-E32BD567B8B1}" = CCC Help Spanish "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack "{438363A8-F486-4C37-834C-4955773CB3D3}" = HP Setup "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh "{47DD3266-1ECB-05AF-9EB7-8E4972680EA1}" = CCC Help Korean "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live "{498D1F5C-1FE7-9350-60EF-45AFE1A3B34E}" = Catalyst Control Center Graphics Previews Common "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BD76D2B-7E5C-3AA6-819F-303AAEEABA12}" = CCC Help Greek "{4F34A145-8CF3-400C-B5DB-2B1BF604304D}" = ESU for Microsoft Windows 7 SP1 "{520CD906-0723-CCA8-D082-36952E477B88}" = CCC Help French "{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch "{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5B816501-5CE5-D141-620E-3F4C0F080A23}" = CCC Help Turkish "{607474AD-0BA0-3400-78AE-53679AD42D04}" = CCC Help Dutch "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{6B9C61A0-4E98-716E-9E54-298D782D00B3}" = CCC Help Japanese "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker "{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger "{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0 "{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant "{6F971572-2C12-0C09-D468-D9B87963D4A1}" = CCC Help German "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common "{768A2F4E-B14E-C8F1-5E87-E3479B585E7E}" = CCC Help Danish "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh "{85425296-5669-83E6-2079-322EC1C2FB3C}" = CCC Help Swedish "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{8719F1D9-5556-4057-B12A-8789C975BCD9}" = Catalyst Control Center - Branding "{880B5A98-B242-4B53-BD6F-41EA17495EAD}" = HP SimplePass "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{89FEFB54-198C-6ABC-2786-EFB4C292C3D8}" = CCC Help Russian "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EFF7990-ECFA-6EDD-5925-1CCB7120AE19}" = CCC Help Finnish "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9852739C-C172-839B-4A97-D19C9EF0B1DA}" = CCC Help Czech "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D070A8D-054F-4012-DCFC-F211D54B6020}" = CCC Help Italian "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A26012C1-F09D-56D8-284A-7CE11879E989}" = CCC Help Norwegian "{A37BFF91-1A64-10FA-E360-68D2585F3056}" = PX Profile Update "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger "{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C2DBBB1B-1F86-A56F-873D-7B10E74FDACD}" = CCC Help Portuguese "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common "{CBCF6C86-4738-4A84-9C2C-331804DCEB9B}" = LibreOffice 3.6 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEF712BF-07DB-67A8-BA7D-D59A6C22A609}" = Catalyst Control Center Localization All "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D75F189B-E302-55C9-DFEF-D81DA01D1C00}" = CCC Help Thai "{D8C2078B-520D-C552-D63F-0CEE323B70B2}" = CCC Help Hungarian "{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager "{DCD01638-C22B-4AA1-ACCE-1C7150B02076}" = HP Software Framework "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E50B774B-D531-F85A-1DE5-652346F75E90}" = Catalyst Control Center "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live "{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US) "Mozilla Thunderbird 16.0.2 (x86 en-US)" = Mozilla Thunderbird 16.0.2 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Ravensburger tiptoi" = Ravensburger tiptoi "WildTangent hp Master Uninstall" = HP Games "WinLiveSuite" = Windows Live Essentials "WTA-01379085-82e4-41f2-b8d1-165a16c296d1" = Jewel Quest Solitaire 2 "WTA-0bdd3010-5e32-4da3-83d7-9060caffb496" = Polar Bowler "WTA-14919343-c2a8-4ad1-b067-b83f03d8e173" = Farm Frenzy "WTA-3f5a9bef-4f8d-4a6e-8af8-19a7aa813950" = Cradle of Rome 2 "WTA-4c9f5111-3a52-403f-a09c-def330269579" = Virtual Villagers 4 - The Tree of Life "WTA-58fbb02e-9488-4fe5-a20f-0d4f963b0c58" = Cake Mania "WTA-5ac2f729-a5ca-4674-9f37-8deeb41ed873" = Fishdom (TM) 2 "WTA-5c1cd086-3987-44bf-be41-10eb77fb2435" = Plants vs. Zombies - Game of the Year "WTA-68e0afa2-4be7-49fd-a61e-06db3bc42dbf" = Zuma's Revenge "WTA-69c5d967-9e47-483e-b66c-851647b9d752" = Mystery of Mortlake Mansion "WTA-7b65e33a-5f7d-4188-ab75-2ad7d60267d7" = Jewel Quest II "WTA-83e5036d-555a-46fa-9689-5e857822c0b3" = Jewel Match 3 "WTA-8503ca17-80a4-4efb-a420-38aa490c1864" = Bejeweled 3 "WTA-8f151818-67c6-4aeb-9657-65483f5d5dbf" = Farmscapes "WTA-940bccbf-6b75-4aee-a6c7-eeeb72e6a29e" = Chuzzle Deluxe "WTA-a3ad8e56-1b15-4f76-8c79-e35ae9281dfe" = Insaniquarium Deluxe "WTA-a517b578-876b-413c-b8fc-9d541afe3e33" = Mahjongg Artifacts "WTA-b0da96ea-6bf7-48a1-9660-c5f6b228182c" = Final Drive Fury "WTA-b384d1ac-91bb-4e15-ac6a-959658b65cab" = Torchlight "WTA-c611e4b9-9580-45d9-a525-01fae5246ff8" = Wedding Dash "WTA-cd26d234-99d9-47a6-97f4-179edc846564" = Virtual Families ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.10.2012 15:37:31 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 999 Error - 09.10.2012 15:37:31 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 999 Error - 09.10.2012 15:37:32 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 09.10.2012 15:37:32 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 2059 Error - 09.10.2012 15:37:32 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 2059 Error - 09.10.2012 15:37:33 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 09.10.2012 15:37:33 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 3089 Error - 09.10.2012 15:37:33 | Computer Name = HP-M6 | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 3089 Error - 14.10.2012 08:40:13 | Computer Name = HP-M6 | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: Error - 14.10.2012 08:40:53 | Computer Name = HP-M6 | Source = Application Error | ID = 1000 Description = Faulting application name: avguard.exe, version: 13.4.0.184, time stamp: 0x50616a94 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id: 0xec8 Faulting application start time: 0x01cd9d6f65278ea6 Faulting application path: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll Report Id: 6399ffd8-15fc-11e2-8fc1-08edb98ece4b [ Hewlett-Packard Events ] Error - 18.10.2012 13:37:14 | Computer Name = HP-M6 | Source = HPSF.exe | ID = 4000 Description = Error - 18.10.2012 13:37:23 | Computer Name = HP-M6 | Source = hpsa_service.exe | ID = 2000 Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore() at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan, Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message: Object '/ef128df6_3804_4a3d_ba01_f0f4f3d78a04/x5nwyvzpuv4dc7i_tj1wv5zg_5.rem' has been disconnected or does not exist at the server. Name: hpsa_service.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe Format: en-US RAM: 6046 Ram Utilization: 30 TargetSite: Void UpdateDetail(System.String) Error - 19.11.2012 14:44:28 | Computer Name = HP-M6 | Source = HPSFMsgr.exe | ID = 4000 Description = HP Error ID: -2147221164 at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandle& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean fillCache) at System.RuntimeType.CreateInstanceImpl(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at HPSA_Messenger.MessengerCom.TrayDeskBand.isTaskbarDisplayed() Source: mscorlib Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe Format: en-US RAM: 6046 Ram Utilization: 20 TargetSite: System.Object CreateInstance(System.RuntimeType, Boolean, Boolean, Boolean ByRef, System.RuntimeMethodHandle ByRef, Boolean ByRef) [ System Events ] Error - 24.09.2012 11:54:21 | Computer Name = HP-M6 | Source = DCOM | ID = 10010 Description = Error - 14.10.2012 08:41:04 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 14.10.2012 08:41:04 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7006 Description = The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Error - 14.10.2012 08:41:04 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7031 Description = The Avira Real-Time Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error - 14.10.2012 08:41:42 | Computer Name = HP-M6 | Source = DCOM | ID = 10010 Description = Error - 16.10.2012 18:21:54 | Computer Name = HP-M6 | Source = DCOM | ID = 10010 Description = Error - 20.10.2012 10:59:54 | Computer Name = HP-M6 | Source = DCOM | ID = 10010 Description = Error - 21.10.2012 03:17:50 | Computer Name = HP-M6 | Source = DCOM | ID = 10010 Description = Error - 28.10.2012 10:37:48 | Computer Name = HP-M6 | Source = DCOM | ID = 10010 Description = Error - 28.10.2012 10:39:23 | Computer Name = HP-M6 | Source = Service Control Manager | ID = 7011 Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.11.2012 01:42:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy 5.90 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 67.73% Memory free 11.81 Gb Paging File | 9.55 Gb Available in Paging File | 80.87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 349.00 Gb Total Space | 297.20 Gb Free Space | 85.16% Space Free | Partition Type: NTFS Drive D: | 23.76 Gb Total Space | 2.49 Gb Free Space | 10.47% Space Free | Partition Type: NTFS Computer Name: HP-M6 | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass\TouchControl.exe (AuthenTec Inc.) PRC - C:\Program Files (x86)\HP SimplePass\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8bb44e1dd221cada48308ce5f5d20561\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0461c2bf4c5b235c0ca1d923c10d6849\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () ========== Services (SafeList) ========== SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (TrueService) -- C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) SRV:64bit: - (HPAuto) -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe (Hewlett-Packard) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (HP) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (SmbDrvIntel) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (RSBASTOR) -- C:\Windows\SysNative\drivers\RtsBaStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\drivers\Smb_driver.sys (Synaptics Incorporated) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation) DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company) DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company) DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.) DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.) DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDF IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{FEB229F0-15F1-47A4-8A62-E2C37C0B6550}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDF IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/5222-111091-7834-3/4?mpre=hxxp://www.ebay.ch/sch/i.html?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{FEB229F0-15F1-47A4-8A62-E2C37C0B6550}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDF IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/ IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\..\SearchScopes,DefaultScope = {0863FD76-9D47-40BC-8C12-FA2DEA25765E} IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\..\SearchScopes\{0863FD76-9D47-40BC-8C12-FA2DEA25765E}: "URL" = https://www.google.ch/search?q={searchTerms} IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.ch/" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 22:10:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.14 23:23:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 22:10:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.14 23:23:39 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.08.29 17:51:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions [2012.10.23 07:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\xvxmqjm5.default\extensions [2012.10.26 22:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.10.26 22:10:23 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.07 14:40:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.22 10:39:33 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (HP SimplePass Browser Helper Object) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\x64\IEBHO.dll (HP) O3 - HKLM\..\Toolbar: (HP SimplePass Toolbar) - {C98EE38D-21E4-4A50-907D-2B56FEC7013E} - C:\Program Files (x86)\HP SimplePass\IEBHO.dll (HP) O3 - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-4257943579-871120275-3654149370-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4677FE60-156F-4A2A-8A06-97FBD415447F}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.20 01:35:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.20 01:19:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.11.20 01:01:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.11.20 01:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.20 01:00:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.20 01:00:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.20 01:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.20 00:37:30 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.65.0.1400.exe [2012.11.20 00:29:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2012.11.19 19:58:59 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.19 19:58:59 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.19 19:54:33 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.19 19:54:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.19 19:54:32 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.19 19:54:32 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.19 19:54:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.19 19:54:32 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.19 19:54:32 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.19 19:54:32 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.19 19:54:31 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.19 19:54:31 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.19 19:54:31 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.19 19:54:31 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.19 19:54:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.19 19:54:30 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.19 19:54:30 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.19 19:52:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.19 19:52:51 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.19 19:52:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.19 19:52:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.19 19:51:55 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.19 19:51:55 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.19 19:51:55 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.19 19:51:55 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.19 19:51:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.19 19:51:55 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.19 19:51:53 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.19 19:51:53 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.19 19:51:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.19 19:50:38 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.19 19:50:38 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.14 23:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2012.11.04 08:09:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LibreOffice [2012.11.04 08:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.6 [2012.11.04 08:07:30 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew [2012.11.04 08:06:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.6 [2012.10.26 22:10:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.23 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.10.23 19:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.10.23 19:30:34 | 000,000,000 | ---D | C] -- C:\AMD [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.20 01:36:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.11.20 01:01:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.20 00:57:09 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 00:57:09 | 000,031,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.20 00:54:15 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.20 00:54:15 | 000,652,600 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.20 00:54:15 | 000,121,274 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.20 00:47:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.20 00:46:55 | 460,042,239 | -HS- | M] () -- C:\hiberfil.sys [2012.11.20 00:37:48 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\***\Desktop\mbam-setup-1.65.0.1400.exe [2012.11.20 00:29:15 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2012.11.19 20:06:23 | 000,311,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.19 20:04:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.19 07:18:20 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFor***.job [2012.11.19 07:12:37 | 000,002,110 | ---- | M] () -- C:\Users\***\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012.11.15 19:41:16 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.11.15 19:41:15 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.11.08 19:47:12 | 000,019,451 | ---- | M] () -- C:\Users\***\Desktop\Aktuelle-Tiefdrucklage-k246nnte-den-ersehnten-R1.jpg [2012.11.08 19:46:15 | 000,096,397 | ---- | M] () -- C:\Users\***\Desktop\Blitz_(iStock)_466x317.jpg [2012.11.08 19:44:41 | 000,052,315 | ---- | M] () -- C:\Users\***\Desktop\schnee.jpg [2012.11.08 19:41:33 | 000,044,063 | ---- | M] () -- C:\Users\***\Desktop\orkan_lothar_-_10.Par.0002.Image.jpg [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.20 01:00:45 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.19 19:59:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.19 19:52:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.19 19:40:30 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.11.08 19:47:10 | 000,019,451 | ---- | C] () -- C:\Users\***\Desktop\Aktuelle-Tiefdrucklage-k246nnte-den-ersehnten-R1.jpg [2012.11.08 19:46:15 | 000,096,397 | ---- | C] () -- C:\Users\***\Desktop\Blitz_(iStock)_466x317.jpg [2012.11.08 19:44:41 | 000,052,315 | ---- | C] () -- C:\Users\***\Desktop\schnee.jpg [2012.11.08 19:41:32 | 000,044,063 | ---- | C] () -- C:\Users\***\Desktop\orkan_lothar_-_10.Par.0002.Image.jpg [2012.08.29 20:02:33 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2012.08.29 14:25:23 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2012.07.04 23:19:58 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2012.07.04 23:18:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.04 23:16:45 | 003,312,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.07.04 23:08:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2012.03.01 14:26:16 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.03.01 14:26:16 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.02.28 10:58:18 | 000,735,796 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2012.02.28 10:58:18 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2012.02.28 10:52:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.02.28 10:15:26 | 013,024,256 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll [2012.02.02 21:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.13 03:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.29 16:53:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IDT [2012.11.04 08:09:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LibreOffice [2012.09.02 17:54:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\RavensburgerTipToi [2012.11.19 07:17:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.08.29 14:33:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Synaptics [2012.08.29 17:51:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.08.29 20:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.08.31 14:12:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WildTangent [2012.08.29 20:05:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\_MDLogs ========== Purity Check ========== < End of report > |
20.11.2012, 05:55 | #2 |
/// Helfer-Team | Virus Schweizer EidgenossenschaftBitte das Malwarebytes Logfile posten! (Reiter Logberichte) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL O4 - HKLM..\Run: [] File not found [2012.11.19 20:04:06 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\***\*.tmp C:\Users\***\AppData\Local\{*} C:\Users\***\AppData\Local\Temp\*.exe C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
20.11.2012, 20:30 | #3 |
| Virus Schweizer Eidgenossenschaft here you go...
__________________Code:
ATTFilter All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully. ========== FILES ========== File\Folder C:\ProgramData\*.exe not found. File\Folder C:\ProgramData\*.dll not found. File\Folder C:\ProgramData\*.tmp not found. C:\ProgramData\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B} folder moved successfully. C:\ProgramData\Temp\{01FB4998-33C4-4431-85ED-079E3EEFE75D} folder moved successfully. C:\ProgramData\Temp folder moved successfully. File\Folder C:\Users\***\*.tmp not found. File\Folder C:\Users\***\AppData\Local\{*} not found. File\Folder C:\Users\***\AppData\Local\Temp\*.exe not found. File\Folder C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache not found. File/Folder C:\Users\Monika & Mischa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Users\Monika & Mischa\Desktop\cmd.bat deleted successfully. C:\Users\Monika & Mischa\Desktop\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Monika & Mischa ->Temp folder emptied: 573455 bytes ->Temporary Internet Files folder emptied: 229908 bytes ->Java cache emptied: 1008723 bytes ->FireFox cache emptied: 119954042 bytes ->Flash cache emptied: 902 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 41669861 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 156.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11202012_202624 Files\Folders moved on Reboot... C:\Users\Monika & Mischa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... leider kann ich den mbar scan nicht starten. wenn ich auf scan clicke bekomme ich immer einen bluescreen mit einer BAD_POOL_HEADER meldung... hast du einen rat? hier der mbam log: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Monika & Mischa :: HP-M6 [Administrator] Schutz: Aktiviert 20.11.2012 01:13:22 mbam-log-2012-11-20 (01-13-22).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201825 Laufzeit: 2 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ...ach, das war ja nach dem mbam-fixen. log von davor kommt noch... so, hier also der mbam log mit dem fix: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.19.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Monika & Mischa :: HP-M6 [Administrator] Schutz: Aktiviert 20.11.2012 01:02:39 mbam-log-2012-11-20 (01-02-39).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 201819 Laufzeit: 4 Minute(n), 2 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\ProgramData\lsass.exe (Trojan.Delf) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
21.11.2012, 03:38 | #4 |
/// Helfer-Team | Virus Schweizer Eidgenossenschaft Weiter mit Schritt 3! danach: TDSSKiller von Kaspersky - Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.Hier findest Du eine ausführlichere TDSSKiller Anleitung. |
21.11.2012, 07:01 | #5 |
| Virus Schweizer Eidgenossenschaft erst mal adwcleaner: Code:
ATTFilter # AdwCleaner v2.008 - Logfile created 11/21/2012 at 06:57:34 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Monika & Mischa - HP-M6 # Boot Mode : Normal # Running from : C:\Users\Monika & Mischa\Desktop\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v17.0 (en-US) Profile name : default File : C:\Users\Monika & Mischa\AppData\Roaming\Mozilla\Firefox\Profiles\xvxmqjm5.default\prefs.js [OK] File is clean. ************************* AdwCleaner[R1].txt - [1335 octets] - [20/11/2012 22:31:58] AdwCleaner[S1].txt - [1122 octets] - [21/11/2012 06:57:34] ########## EOF - C:\AdwCleaner[S1].txt - [1182 octets] ########## der tdsskiller hat nichts gefunden und auch keinen log produziert. oder habe ich was falsch gemacht? wie weiter? hmm...vielleicht ist das fehlende log beim adsskiller drauf zurückzuführen dass ich adsskiller.exe noch im ordner auf dem desktop hatte. werde das heute abend nochmals wiederholen... thanks! Kunti |
21.11.2012, 17:18 | #6 |
/// Helfer-Team | Virus Schweizer Eidgenossenschaft Schau auf c:\ Da muss es ein Log geben.
__________________ --> Virus Schweizer Eidgenossenschaft |
21.11.2012, 20:22 | #7 |
| Virus Schweizer Eidgenossenschaft ok habs gefunden: Code:
ATTFilter 20:19:32.0516 1876 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:19:32.0641 1876 ============================================================ 20:19:32.0641 1876 Current date / time: 2012/11/21 20:19:32.0641 20:19:32.0641 1876 SystemInfo: 20:19:32.0641 1876 20:19:32.0641 1876 OS Version: 6.1.7601 ServicePack: 1.0 20:19:32.0641 1876 Product type: Workstation 20:19:32.0641 1876 ComputerName: HP-M6 20:19:32.0641 1876 UserName: Monika & Mischa 20:19:32.0641 1876 Windows directory: C:\Windows 20:19:32.0641 1876 System windows directory: C:\Windows 20:19:32.0641 1876 Running under WOW64 20:19:32.0641 1876 Processor architecture: Intel x64 20:19:32.0641 1876 Number of processors: 4 20:19:32.0641 1876 Page size: 0x1000 20:19:32.0641 1876 Boot type: Normal boot 20:19:32.0641 1876 ============================================================ 20:19:33.0062 1876 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:19:33.0078 1876 ============================================================ 20:19:33.0078 1876 \Device\Harddisk0\DR0: 20:19:33.0078 1876 MBR partitions: 20:19:33.0078 1876 Initialize success 20:19:33.0078 1876 ============================================================ 20:19:42.0641 4844 ============================================================ 20:19:42.0641 4844 Scan started 20:19:42.0641 4844 Mode: Manual; SigCheck; TDLFS; 20:19:42.0641 4844 ============================================================ 20:19:42.0828 4844 ================ Scan system memory ======================== 20:19:42.0828 4844 System memory - ok 20:19:42.0828 4844 ================ Scan services ============================= 20:19:42.0890 4844 1394ohci - ok 20:19:42.0906 4844 Accelerometer - ok 20:19:42.0906 4844 ACPI - ok 20:19:42.0921 4844 AcpiPmi - ok 20:19:42.0937 4844 AdobeARMservice - ok 20:19:42.0953 4844 adp94xx - ok 20:19:42.0953 4844 adpahci - ok 20:19:42.0953 4844 adpu320 - ok 20:19:42.0968 4844 AeLookupSvc - ok 20:19:42.0999 4844 AFD - ok 20:19:42.0999 4844 agp440 - ok 20:19:42.0999 4844 ALG - ok 20:19:43.0015 4844 aliide - ok 20:19:43.0031 4844 AMD External Events Utility - ok 20:19:43.0031 4844 amdide - ok 20:19:43.0062 4844 AmdK8 - ok 20:19:43.0077 4844 amdkmdag - ok 20:19:43.0124 4844 amdkmdap - ok 20:19:43.0124 4844 amdkmpfd - ok 20:19:43.0124 4844 AmdPPM - ok 20:19:43.0140 4844 amdsata - ok 20:19:43.0140 4844 amdsbs - ok 20:19:43.0155 4844 amdxata - ok 20:19:43.0171 4844 AntiVirSchedulerService - ok 20:19:43.0187 4844 AntiVirService - ok 20:19:43.0202 4844 AppID - ok 20:19:43.0218 4844 AppIDSvc - ok 20:19:43.0218 4844 Appinfo - ok 20:19:43.0249 4844 Apple Mobile Device - ok 20:19:43.0249 4844 arc - ok 20:19:43.0265 4844 arcsas - ok 20:19:43.0280 4844 aspnet_state - ok 20:19:43.0280 4844 AsyncMac - ok 20:19:43.0296 4844 atapi - ok 20:19:43.0311 4844 AudioEndpointBuilder - ok 20:19:43.0311 4844 AudioSrv - ok 20:19:43.0327 4844 avgntflt - ok 20:19:43.0343 4844 avipbb - ok 20:19:43.0358 4844 avkmgr - ok 20:19:43.0374 4844 AxInstSV - ok 20:19:43.0374 4844 b06bdrv - ok 20:19:43.0389 4844 b57nd60a - ok 20:19:43.0405 4844 bcbtums - ok 20:19:43.0421 4844 BCM43XX - ok 20:19:43.0436 4844 BDESVC - ok 20:19:43.0436 4844 Beep - ok 20:19:43.0452 4844 BFE - ok 20:19:43.0467 4844 BITS - ok 20:19:43.0483 4844 blbdrive - ok 20:19:43.0499 4844 Bonjour Service - ok 20:19:43.0499 4844 bowser - ok 20:19:43.0499 4844 BrFiltLo - ok 20:19:43.0514 4844 BrFiltUp - ok 20:19:43.0514 4844 Browser - ok 20:19:43.0530 4844 Brserid - ok 20:19:43.0530 4844 BrSerWdm - ok 20:19:43.0530 4844 BrUsbMdm - ok 20:19:43.0545 4844 BrUsbSer - ok 20:19:43.0561 4844 BthEnum - ok 20:19:43.0561 4844 BTHMODEM - ok 20:19:43.0561 4844 BthPan - ok 20:19:43.0577 4844 BTHPORT - ok 20:19:43.0577 4844 bthserv - ok 20:19:43.0577 4844 BTHUSB - ok 20:19:43.0592 4844 btwampfl - ok 20:19:43.0592 4844 btwaudio - ok 20:19:43.0608 4844 btwavdt - ok 20:19:43.0608 4844 btwdins - ok 20:19:43.0608 4844 BTWDPAN - ok 20:19:43.0623 4844 btwl2cap - ok 20:19:43.0623 4844 btwrchid - ok 20:19:43.0623 4844 cdfs - ok 20:19:43.0639 4844 cdrom - ok 20:19:43.0655 4844 CertPropSvc - ok 20:19:43.0670 4844 circlass - ok 20:19:43.0670 4844 CLFS - ok 20:19:43.0670 4844 clr_optimization_v2.0.50727_32 - ok 20:19:43.0686 4844 clr_optimization_v2.0.50727_64 - ok 20:19:43.0686 4844 clr_optimization_v4.0.30319_32 - ok 20:19:43.0686 4844 clr_optimization_v4.0.30319_64 - ok 20:19:43.0701 4844 clwvd - ok 20:19:43.0717 4844 CmBatt - ok 20:19:43.0733 4844 cmdide - ok 20:19:43.0733 4844 CNG - ok 20:19:43.0748 4844 Compbatt - ok 20:19:43.0748 4844 CompositeBus - ok 20:19:43.0764 4844 COMSysApp - ok 20:19:43.0779 4844 cphs - ok 20:19:43.0779 4844 crcdisk - ok 20:19:43.0779 4844 CryptSvc - ok 20:19:43.0811 4844 cvhsvc - ok 20:19:43.0842 4844 DcomLaunch - ok 20:19:43.0857 4844 defragsvc - ok 20:19:43.0857 4844 DfsC - ok 20:19:43.0857 4844 Dhcp - ok 20:19:43.0873 4844 discache - ok 20:19:43.0889 4844 Disk - ok 20:19:43.0904 4844 Dnscache - ok 20:19:43.0904 4844 dot3svc - ok 20:19:43.0904 4844 DPS - ok 20:19:43.0920 4844 drmkaud - ok 20:19:43.0920 4844 DXGKrnl - ok 20:19:43.0935 4844 EapHost - ok 20:19:43.0935 4844 ebdrv - ok 20:19:43.0935 4844 EFS - ok 20:19:43.0951 4844 ehRecvr - ok 20:19:43.0967 4844 ehSched - ok 20:19:43.0967 4844 elxstor - ok 20:19:43.0967 4844 ErrDev - ok 20:19:43.0982 4844 EventSystem - ok 20:19:43.0982 4844 exfat - ok 20:19:43.0998 4844 ezSharedSvc - ok 20:19:44.0013 4844 fastfat - ok 20:19:44.0013 4844 Fax - ok 20:19:44.0029 4844 fdc - ok 20:19:44.0029 4844 fdPHost - ok 20:19:44.0045 4844 FDResPub - ok 20:19:44.0045 4844 FileInfo - ok 20:19:44.0060 4844 Filetrace - ok 20:19:44.0060 4844 flpydisk - ok 20:19:44.0076 4844 FltMgr - ok 20:19:44.0076 4844 FontCache - ok 20:19:44.0076 4844 FontCache3.0.0.0 - ok 20:19:44.0091 4844 FPLService - ok 20:19:44.0091 4844 FsDepends - ok 20:19:44.0107 4844 Fs_Rec - ok 20:19:44.0107 4844 fvevol - ok 20:19:44.0123 4844 gagp30kx - ok 20:19:44.0138 4844 GamesAppService - ok 20:19:44.0138 4844 GEARAspiWDM - ok 20:19:44.0154 4844 gpsvc - ok 20:19:44.0154 4844 hcw85cir - ok 20:19:44.0154 4844 HdAudAddService - ok 20:19:44.0169 4844 HDAudBus - ok 20:19:44.0169 4844 HidBatt - ok 20:19:44.0185 4844 HidBth - ok 20:19:44.0185 4844 HidIr - ok 20:19:44.0185 4844 hidserv - ok 20:19:44.0201 4844 HidUsb - ok 20:19:44.0201 4844 hkmsvc - ok 20:19:44.0201 4844 HomeGroupListener - ok 20:19:44.0216 4844 HomeGroupProvider - ok 20:19:44.0216 4844 HP Support Assistant Service - ok 20:19:44.0232 4844 HPAuto - ok 20:19:44.0232 4844 HPDrvMntSvc.exe - ok 20:19:44.0247 4844 hpdskflt - ok 20:19:44.0247 4844 hpqwmiex - ok 20:19:44.0263 4844 HpSAMD - ok 20:19:44.0263 4844 hpsrv - ok 20:19:44.0279 4844 HPWMISVC - ok 20:19:44.0294 4844 HTTP - ok 20:19:44.0294 4844 hwpolicy - ok 20:19:44.0310 4844 i8042prt - ok 20:19:44.0310 4844 iaStor - ok 20:19:44.0325 4844 IAStorDataMgrSvc - ok 20:19:44.0325 4844 iaStorV - ok 20:19:44.0341 4844 idsvc - ok 20:19:44.0341 4844 iirsp - ok 20:19:44.0341 4844 IKEEXT - ok 20:19:44.0372 4844 IntcDAud - ok 20:19:44.0372 4844 Intel(R) Capability Licensing Service Interface - ok 20:19:44.0372 4844 intelide - ok 20:19:44.0388 4844 intelkmd - ok 20:19:44.0388 4844 intelppm - ok 20:19:44.0388 4844 IPBusEnum - ok 20:19:44.0403 4844 IpFilterDriver - ok 20:19:44.0403 4844 iphlpsvc - ok 20:19:44.0419 4844 IPMIDRV - ok 20:19:44.0419 4844 IPNAT - ok 20:19:44.0419 4844 iPod Service - ok 20:19:44.0435 4844 IRENUM - ok 20:19:44.0435 4844 isapnp - ok 20:19:44.0435 4844 iScsiPrt - ok 20:19:44.0466 4844 iusb3hcs - ok 20:19:44.0466 4844 iusb3hub - ok 20:19:44.0466 4844 iusb3xhc - ok 20:19:44.0481 4844 jhi_service - ok 20:19:44.0481 4844 kbdclass - ok 20:19:44.0497 4844 kbdhid - ok 20:19:44.0513 4844 KeyIso - ok 20:19:44.0513 4844 KSecDD - ok 20:19:44.0513 4844 KSecPkg - ok 20:19:44.0528 4844 ksthunk - ok 20:19:44.0528 4844 KtmRm - ok 20:19:44.0528 4844 LanmanServer - ok 20:19:44.0544 4844 LanmanWorkstation - ok 20:19:44.0559 4844 lltdio - ok 20:19:44.0575 4844 lltdsvc - ok 20:19:44.0591 4844 lmhosts - ok 20:19:44.0606 4844 LMS - ok 20:19:44.0622 4844 LSI_FC - ok 20:19:44.0622 4844 LSI_SAS - ok 20:19:44.0622 4844 LSI_SAS2 - ok 20:19:44.0637 4844 LSI_SCSI - ok 20:19:44.0637 4844 luafv - ok 20:19:44.0669 4844 MBAMProtector - ok 20:19:44.0684 4844 MBAMScheduler - ok 20:19:44.0684 4844 MBAMService - ok 20:19:44.0700 4844 Mcx2Svc - ok 20:19:44.0700 4844 megasas - ok 20:19:44.0700 4844 MegaSR - ok 20:19:44.0715 4844 MEIx64 - ok 20:19:44.0715 4844 MMCSS - ok 20:19:44.0715 4844 Modem - ok 20:19:44.0731 4844 monitor - ok 20:19:44.0747 4844 mouclass - ok 20:19:44.0747 4844 mouhid - ok 20:19:44.0762 4844 mountmgr - ok 20:19:44.0762 4844 MozillaMaintenance - ok 20:19:44.0778 4844 mpio - ok 20:19:44.0778 4844 mpsdrv - ok 20:19:44.0778 4844 MpsSvc - ok 20:19:44.0793 4844 MRxDAV - ok 20:19:44.0793 4844 mrxsmb - ok 20:19:44.0793 4844 mrxsmb10 - ok 20:19:44.0809 4844 mrxsmb20 - ok 20:19:44.0809 4844 msahci - ok 20:19:44.0809 4844 msdsm - ok 20:19:44.0825 4844 MSDTC - ok 20:19:44.0825 4844 Msfs - ok 20:19:44.0840 4844 mshidkmdf - ok 20:19:44.0840 4844 msisadrv - ok 20:19:44.0840 4844 MSiSCSI - ok 20:19:44.0856 4844 msiserver - ok 20:19:44.0871 4844 MSKSSRV - ok 20:19:44.0871 4844 MSPCLOCK - ok 20:19:44.0871 4844 MSPQM - ok 20:19:44.0887 4844 MsRPC - ok 20:19:44.0887 4844 mssmbios - ok 20:19:44.0887 4844 MSTEE - ok 20:19:44.0903 4844 MTConfig - ok 20:19:44.0903 4844 Mup - ok 20:19:44.0903 4844 napagent - ok 20:19:44.0918 4844 NativeWifiP - ok 20:19:44.0918 4844 NDIS - ok 20:19:44.0918 4844 NdisCap - ok 20:19:44.0949 4844 NdisTapi - ok 20:19:44.0949 4844 Ndisuio - ok 20:19:44.0949 4844 NdisWan - ok 20:19:44.0965 4844 NDProxy - ok 20:19:44.0965 4844 NetBIOS - ok 20:19:44.0965 4844 NetBT - ok 20:19:44.0981 4844 Netlogon - ok 20:19:44.0981 4844 Netman - ok 20:19:44.0996 4844 NetMsmqActivator - ok 20:19:44.0996 4844 NetPipeActivator - ok 20:19:44.0996 4844 netprofm - ok 20:19:45.0012 4844 NetTcpActivator - ok 20:19:45.0012 4844 NetTcpPortSharing - ok 20:19:45.0027 4844 nfrd960 - ok 20:19:45.0043 4844 NlaSvc - ok 20:19:45.0043 4844 Npfs - ok 20:19:45.0043 4844 nsi - ok 20:19:45.0059 4844 nsiproxy - ok 20:19:45.0059 4844 Ntfs - ok 20:19:45.0059 4844 Null - ok 20:19:45.0074 4844 NVENETFD - ok 20:19:45.0090 4844 nvraid - ok 20:19:45.0090 4844 nvstor - ok 20:19:45.0105 4844 nv_agp - ok 20:19:45.0105 4844 ohci1394 - ok 20:19:45.0121 4844 ose - ok 20:19:45.0137 4844 osppsvc - ok 20:19:45.0137 4844 p2pimsvc - ok 20:19:45.0137 4844 p2psvc - ok 20:19:45.0152 4844 Parport - ok 20:19:45.0152 4844 partmgr - ok 20:19:45.0152 4844 PcaSvc - ok 20:19:45.0168 4844 pci - ok 20:19:45.0168 4844 pciide - ok 20:19:45.0168 4844 pcmcia - ok 20:19:45.0183 4844 pcw - ok 20:19:45.0183 4844 PEAUTH - ok 20:19:45.0183 4844 PerfHost - ok 20:19:45.0199 4844 pla - ok 20:19:45.0215 4844 PlugPlay - ok 20:19:45.0215 4844 PNRPAutoReg - ok 20:19:45.0215 4844 PNRPsvc - ok 20:19:45.0215 4844 PolicyAgent - ok 20:19:45.0230 4844 Power - ok 20:19:45.0230 4844 PptpMiniport - ok 20:19:45.0230 4844 Processor - ok 20:19:45.0230 4844 ProfSvc - ok 20:19:45.0246 4844 ProtectedStorage - ok 20:19:45.0246 4844 Psched - ok 20:19:45.0246 4844 ql2300 - ok 20:19:45.0246 4844 ql40xx - ok 20:19:45.0261 4844 QWAVE - ok 20:19:45.0261 4844 QWAVEdrv - ok 20:19:45.0261 4844 RasAcd - ok 20:19:45.0261 4844 RasAgileVpn - ok 20:19:45.0261 4844 RasAuto - ok 20:19:45.0277 4844 Rasl2tp - ok 20:19:45.0277 4844 RasMan - ok 20:19:45.0277 4844 RasPppoe - ok 20:19:45.0277 4844 RasSstp - ok 20:19:45.0293 4844 rdbss - ok 20:19:45.0293 4844 rdpbus - ok 20:19:45.0293 4844 RDPCDD - ok 20:19:45.0293 4844 RDPENCDD - ok 20:19:45.0308 4844 RDPREFMP - ok 20:19:45.0308 4844 RDPWD - ok 20:19:45.0308 4844 rdyboost - ok 20:19:45.0308 4844 RemoteAccess - ok 20:19:45.0324 4844 RemoteRegistry - ok 20:19:45.0324 4844 RFCOMM - ok 20:19:45.0324 4844 RpcEptMapper - ok 20:19:45.0324 4844 RpcLocator - ok 20:19:45.0324 4844 RpcSs - ok 20:19:45.0339 4844 RSBASTOR - ok 20:19:45.0339 4844 rspndr - ok 20:19:45.0339 4844 RTL8167 - ok 20:19:45.0355 4844 SamSs - ok 20:19:45.0355 4844 sbp2port - ok 20:19:45.0355 4844 SCardSvr - ok 20:19:45.0355 4844 scfilter - ok 20:19:45.0355 4844 Schedule - ok 20:19:45.0371 4844 SCPolicySvc - ok 20:19:45.0371 4844 sdbus - ok 20:19:45.0386 4844 SDRSVC - ok 20:19:45.0386 4844 secdrv - ok 20:19:45.0386 4844 seclogon - ok 20:19:45.0386 4844 SENS - ok 20:19:45.0402 4844 SensrSvc - ok 20:19:45.0417 4844 Serenum - ok 20:19:45.0417 4844 Serial - ok 20:19:45.0433 4844 sermouse - ok 20:19:45.0449 4844 SessionEnv - ok 20:19:45.0449 4844 sffdisk - ok 20:19:45.0449 4844 sffp_mmc - ok 20:19:45.0464 4844 sffp_sd - ok 20:19:45.0464 4844 sfloppy - ok 20:19:45.0480 4844 Sftfs - ok 20:19:45.0480 4844 sftlist - ok 20:19:45.0495 4844 Sftplay - ok 20:19:45.0495 4844 Sftredir - ok 20:19:45.0495 4844 Sftvol - ok 20:19:45.0511 4844 sftvsa - ok 20:19:45.0511 4844 SharedAccess - ok 20:19:45.0527 4844 ShellHWDetection - ok 20:19:45.0527 4844 SiSRaid2 - ok 20:19:45.0527 4844 SiSRaid4 - ok 20:19:45.0542 4844 SkypeUpdate - ok 20:19:45.0558 4844 Smb - ok 20:19:45.0573 4844 SmbDrv - ok 20:19:45.0573 4844 SmbDrvIntel - ok 20:19:45.0589 4844 SNMPTRAP - ok 20:19:45.0589 4844 spldr - ok 20:19:45.0589 4844 Spooler - ok 20:19:45.0605 4844 sppsvc - ok 20:19:45.0605 4844 sppuinotify - ok 20:19:45.0605 4844 srv - ok 20:19:45.0620 4844 srv2 - ok 20:19:45.0636 4844 SrvHsfHDA - ok 20:19:45.0636 4844 SrvHsfV92 - ok 20:19:45.0636 4844 SrvHsfWinac - ok 20:19:45.0651 4844 srvnet - ok 20:19:45.0651 4844 SSDPSRV - ok 20:19:45.0667 4844 SstpSvc - ok 20:19:45.0683 4844 STacSV - ok 20:19:45.0683 4844 stexstor - ok 20:19:45.0683 4844 STHDA - ok 20:19:45.0698 4844 stisvc - ok 20:19:45.0714 4844 swenum - ok 20:19:45.0714 4844 swprv - ok 20:19:45.0729 4844 SynTP - ok 20:19:45.0745 4844 SysMain - ok 20:19:45.0745 4844 TabletInputService - ok 20:19:45.0745 4844 TapiSrv - ok 20:19:45.0761 4844 TBS - ok 20:19:45.0761 4844 Tcpip - ok 20:19:45.0761 4844 TCPIP6 - ok 20:19:45.0776 4844 tcpipreg - ok 20:19:45.0776 4844 TDPIPE - ok 20:19:45.0792 4844 TDTCP - ok 20:19:45.0792 4844 tdx - ok 20:19:45.0792 4844 TermDD - ok 20:19:45.0792 4844 TermService - ok 20:19:45.0807 4844 Themes - ok 20:19:45.0807 4844 THREADORDER - ok 20:19:45.0807 4844 TrkWks - ok 20:19:45.0807 4844 TrueService - ok 20:19:45.0807 4844 TrustedInstaller - ok 20:19:45.0807 4844 tssecsrv - ok 20:19:45.0823 4844 TsUsbFlt - ok 20:19:45.0823 4844 TsUsbGD - ok 20:19:45.0839 4844 tunnel - ok 20:19:45.0839 4844 uagp35 - ok 20:19:45.0839 4844 udfs - ok 20:19:45.0839 4844 UI0Detect - ok 20:19:45.0854 4844 uliagpkx - ok 20:19:45.0854 4844 umbus - ok 20:19:45.0870 4844 UmPass - ok 20:19:45.0870 4844 UNS - ok 20:19:45.0870 4844 upnphost - ok 20:19:45.0870 4844 USBAAPL64 - ok 20:19:45.0885 4844 usbccgp - ok 20:19:45.0885 4844 usbcir - ok 20:19:45.0885 4844 usbehci - ok 20:19:45.0885 4844 usbhub - ok 20:19:45.0885 4844 usbohci - ok 20:19:45.0901 4844 usbprint - ok 20:19:45.0901 4844 USBSTOR - ok 20:19:45.0901 4844 usbuhci - ok 20:19:45.0917 4844 usbvideo - ok 20:19:45.0917 4844 UxSms - ok 20:19:45.0932 4844 VaultSvc - ok 20:19:45.0932 4844 vdrvroot - ok 20:19:45.0932 4844 vds - ok 20:19:45.0932 4844 vga - ok 20:19:45.0932 4844 VgaSave - ok 20:19:45.0948 4844 vhdmp - ok 20:19:45.0948 4844 viaide - ok 20:19:45.0948 4844 volmgr - ok 20:19:45.0948 4844 volmgrx - ok 20:19:45.0948 4844 volsnap - ok 20:19:45.0963 4844 vsmraid - ok 20:19:45.0963 4844 VSS - ok 20:19:45.0963 4844 vwifibus - ok 20:19:45.0979 4844 vwififlt - ok 20:19:45.0979 4844 W32Time - ok 20:19:45.0995 4844 WacomPen - ok 20:19:45.0995 4844 WANARP - ok 20:19:46.0010 4844 Wanarpv6 - ok 20:19:46.0010 4844 WatAdminSvc - ok 20:19:46.0010 4844 wbengine - ok 20:19:46.0010 4844 WbioSrvc - ok 20:19:46.0026 4844 wcncsvc - ok 20:19:46.0026 4844 WcsPlugInService - ok 20:19:46.0026 4844 Wd - ok 20:19:46.0026 4844 Wdf01000 - ok 20:19:46.0026 4844 WdiServiceHost - ok 20:19:46.0041 4844 WdiSystemHost - ok 20:19:46.0041 4844 WebClient - ok 20:19:46.0041 4844 Wecsvc - ok 20:19:46.0041 4844 wercplsupport - ok 20:19:46.0041 4844 WerSvc - ok 20:19:46.0057 4844 WfpLwf - ok 20:19:46.0057 4844 WIMMount - ok 20:19:46.0057 4844 WinDefend - ok 20:19:46.0057 4844 WinHttpAutoProxySvc - ok 20:19:46.0073 4844 Winmgmt - ok 20:19:46.0073 4844 WinRM - ok 20:19:46.0073 4844 WinUsb - ok 20:19:46.0073 4844 Wlansvc - ok 20:19:46.0088 4844 wlcrasvc - ok 20:19:46.0104 4844 wlidsvc - ok 20:19:46.0104 4844 WmiAcpi - ok 20:19:46.0104 4844 wmiApSrv - ok 20:19:46.0104 4844 WMPNetworkSvc - ok 20:19:46.0119 4844 WPCSvc - ok 20:19:46.0119 4844 WPDBusEnum - ok 20:19:46.0119 4844 ws2ifsl - ok 20:19:46.0119 4844 wscsvc - ok 20:19:46.0119 4844 WSearch - ok 20:19:46.0135 4844 wuauserv - ok 20:19:46.0135 4844 WudfPf - ok 20:19:46.0135 4844 WUDFRd - ok 20:19:46.0135 4844 wudfsvc - ok 20:19:46.0135 4844 WwanSvc - ok 20:19:46.0151 4844 ================ Scan global =============================== 20:19:46.0151 4844 [Global] - ok 20:19:46.0151 4844 ================ Scan MBR ================================== 20:19:46.0166 4844 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:19:47.0071 4844 \Device\Harddisk0\DR0 - ok 20:19:47.0071 4844 ================ Scan VBR ================================== 20:19:47.0071 4844 ============================================================ 20:19:47.0071 4844 Scan finished 20:19:47.0071 4844 ============================================================ 20:19:47.0087 3908 Detected object count: 0 20:19:47.0087 3908 Actual detected object count: 0 20:21:31.0108 6944 Deinitialize success [code] GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-22 00:17:20 Windows 6.1.7601 Service Pack 1 Running: j10g3zu9.exe ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb98ece4b Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\08edb98ece4b@0007ab901cc1 0x87 0xD6 0xE6 0x90 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb98ece4b (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\08edb98ece4b@0007ab901cc1 0x87 0xD6 0xE6 0x90 ... ---- EOF - GMER 1.0.15 ---- Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2012-11-21 23:55:32 ----------------------------- 23:55:32.217 OS Version: Windows x64 6.1.7601 Service Pack 1 23:55:32.217 Number of processors: 4 586 0x3A09 23:55:32.217 ComputerName: HP-M6 UserName: 23:55:33.685 Initialize success 23:57:51.367 AVAST engine defs: 12112100 23:58:02.084 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:58:02.084 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 8 23:58:02.115 Disk 0 MBR read successfully 23:58:02.115 Disk 0 MBR scan 23:58:02.115 Disk 0 Windows 7 default MBR code 23:58:02.131 Disk 0 Partition 1 00 42 SFS 0 MB offset 63 23:58:02.146 Disk 0 Partition 2 80 (A) 42 SFS NTFS 199 MB offset 2048 23:58:02.162 Disk 0 Partition 3 00 42 SFS NTFS 357372 MB offset 409600 23:58:02.177 Disk 0 Partition 4 00 42 SFS NTFS 357831 MB offset 732307456 23:58:02.193 Disk 0 scanning C:\Windows\system32\drivers 23:58:02.193 Service scanning 23:58:36.903 Modules scanning 23:58:36.903 Disk 0 trace - called modules: 23:58:36.950 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll 23:58:36.966 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80069e5790] 23:58:36.966 3 CLASSPNP.SYS[fffff88001d8543f] -> nt!IofCallDriver -> [0xfffffa8006a8eb10] 23:58:36.981 5 hpdskflt.sys[fffff88001d2c189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007d8c050] 23:58:38.026 AVAST engine scan C:\Windows 23:58:38.042 AVAST engine scan C:\Windows\system32 23:58:38.042 AVAST engine scan C:\Windows\system32\drivers 23:58:38.042 AVAST engine scan C:\Users\Monika & Mischa 23:58:38.042 AVAST engine scan C:\ProgramData 23:58:38.058 Scan finished successfully 00:03:17.191 Disk 0 MBR has been saved successfully to "C:\Users\Monika & Mischa\Desktop\MBR.dat" 00:03:17.191 The log file has been saved successfully to "C:\Users\Monika & Mischa\Desktop\aswMBR.txt" |
22.11.2012, 06:32 | #8 |
/// Helfer-Team | Virus Schweizer Eidgenossenschaft Sehr gut! Wie laeuft der Rechner? Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html |
22.11.2012, 07:06 | #9 |
| Virus Schweizer Eidgenossenschaft hey john der rechner läuft soweit einwandfrei, danke! allerdings kann ich die emissoft software nicht installieren, kommt immer die meldung dass die files corrupt sind (siehe prt sc) |
22.11.2012, 07:07 | #10 |
| Virus Schweizer Eidgenossenschaft wie weiter? |
22.11.2012, 07:23 | #11 |
/// Helfer-Team | Virus Schweizer Eidgenossenschaft Wo hast du diese geladen? Warum steht da NetmediaEurope als Quelle? Beachte die Anleitung! |
22.11.2012, 07:31 | #12 |
| Virus Schweizer Eidgenossenschaft ach so, ich habs zuerst mit eurem link versucht. habs dann noch bei zdnet versucht runterzuladen. (war vielleicht nicht so klever, sorry) selbes ergebnis habs nochmals direkt bei emsisoft probiert, jetzt funktionierts. resultat später... vielleichtmüsst ihr mal euren link überprüfen... |
22.11.2012, 13:02 | #13 |
/// Helfer-Team | Virus Schweizer Eidgenossenschaft Der Link funktioniert einwandfrei. Schaue bitte in der Anleitung (http://www.trojaner-board.de/103809-...i-malware.html) nach, wo du die Logfiles finden kannst. Poste das Logfile bitte. |
22.11.2012, 13:09 | #14 |
| Virus Schweizer Eidgenossenschaft ja der link funktioniert schon, aber das runtergeladene file war bei mir jedes mal corrupt. als ich es dann direkt von emsisoft runtergeladen habe und ausgeführt habe hats dann einwandfrei funktioniert. never mind... resultat kommt noch, bin grad nicht am laptop... gruss kunti |
22.11.2012, 13:25 | #15 |
/// Helfer-Team | Virus Schweizer Eidgenossenschaft alles klar. |
Themen zu Virus Schweizer Eidgenossenschaft |
autorun, avira, bho, bonjour, error, failed, flash player, helper, hijack, hijackthis, home, igdpmd64.sys, index, install.exe, logfile, microsoft office starter 2010, mozilla, ntdll.dll, object, plug-in, realtek, registry, rundll, scan, security, server, software, svchost.exe, usb, usb 3.0, virus, windows |