Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   von Bundespolizei gesperrt (https://www.trojaner-board.de/144034-bundespolizei-gesperrt.html)

Neda Al 03.11.2013 18:11
von Bundespolizei gesperrt
 
Hallo Leute,

meine Mutter hat gerade eine Serie geschaut und dann öffnette Fenster von der Bundespolizei auf...

folgender Link --> hxxp://polizei.de.id227612047-9317955029.n2195.com/?flow_id=7958&427510=12572/case_id=77414

Aber ich bin mir sicher dass dies ein Virus ist.
Daraufhin habe ich FRST runtergeladen und gescannt

Editor-Addition:

HTML-Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-10-2013
Ran by mothername at 2013-11-03 17:16:23
Running from C:\Users\mothername\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Quick Heal AntiVirus Pro 2013 (Enabled - Up to date) {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
AS: Quick Heal AntiVirus Pro 2013 (Enabled - Up to date) {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {E07A0A2B-A4EF-1278-9A2D-946815EFA634}

==================== Installed Programs ======================

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635)
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (x32 Version: 2012.0806.1156.19437)
Catalyst Control Center Profiles Mobile (x32 Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (x32 Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (x32 Version: 2012.0806.1155.19437)
CCC Help Czech (x32 Version: 2012.0806.1155.19437)
CCC Help Danish (x32 Version: 2012.0806.1155.19437)
CCC Help Dutch (x32 Version: 2012.0806.1155.19437)
CCC Help English (x32 Version: 2012.0806.1155.19437)
CCC Help Finnish (x32 Version: 2012.0806.1155.19437)
CCC Help French (x32 Version: 2012.0806.1155.19437)
CCC Help German (x32 Version: 2012.0806.1155.19437)
CCC Help Greek (x32 Version: 2012.0806.1155.19437)
CCC Help Hungarian (x32 Version: 2012.0806.1155.19437)
CCC Help Italian (x32 Version: 2012.0806.1155.19437)
CCC Help Japanese (x32 Version: 2012.0806.1155.19437)
CCC Help Korean (x32 Version: 2012.0806.1155.19437)
CCC Help Norwegian (x32 Version: 2012.0806.1155.19437)
CCC Help Polish (x32 Version: 2012.0806.1155.19437)
CCC Help Portuguese (x32 Version: 2012.0806.1155.19437)
CCC Help Russian (x32 Version: 2012.0806.1155.19437)
CCC Help Spanish (x32 Version: 2012.0806.1155.19437)
CCC Help Swedish (x32 Version: 2012.0806.1155.19437)
CCC Help Thai (x32 Version: 2012.0806.1155.19437)
CCC Help Turkish (x32 Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)
CyberLink LabelPrint (x32 Version: 2.5.3.5901)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925)
CyberLink PowerDVD (x32 Version: 10.0.6.4319)
CyberLink YouCam (x32 Version: 3.5.4.5527)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Energy Star (Version: 1.0.8)
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000)
HP 3D DriveGuard (Version: 4.2.5.1)
HP CoolSense (x32 Version: 2.10.3)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.1.0.0)
HP Postscript Converter (Version: 3.1.3554)
HP Quick Launch (x32 Version: 3.0.3)
HP Recovery Manager (x32 Version: 7.00)
HP Registration Service (Version: 1.0.5976.4186)
HP Software Framework (x32 Version: 4.6.8.1)
HP Support Assistant (x32 Version: 7.0.32.44)
HP Utility Center (x32 Version: 1.0.7)
HP Wireless Button Driver (x32 Version: 1.0.5.1)
IDT Audio (x32 Version: 1.0.6425.0)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Display Audio Driver (x32 Version: 6.14.00.3097)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1252)
Intel(R) Rapid Storage Technology (x32 Version: 11.5.9.1002)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (Arabic) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (Arabic) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (x32 Version: 24.0)
Mozilla Maintenance Service (x32 Version: 24.0)
MSVCRT (x32 Version: 15.4.2862.0708)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Pandora Service (x32)
PX Profile Update (x32 Version: 1.00.1.)
Quick Heal AntiVirus Pro (Version: 14.00)
Ralink Bluetooth Stack64 (Version: 9.0.715.0)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.2.0)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029)
swMSM (x32 Version: 12.0.0.1)
Synaptics Pointing Device Driver (Version: 16.2.10.12)
The KMPlayer (remove only) (x32 Version: 3.5.0.77)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector (KB2583935) (x32)
VLC media player 2.0.5 (x32 Version: 2.0.5)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
معرض صور Windows Live (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

11-10-2013 16:52:13 Quick Heal AntiMalware Restore Point
18-10-2013 19:25:38 Scheduled Checkpoint
26-10-2013 20:52:58 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 06:26 - 2013-11-03 16:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {22B51C15-480E-468C-9374-DC691D3214CA} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {2A864A54-D092-45F2-AE41-5ACAD79930E0} - System32\Tasks\HPCeeScheduleForAWATEF$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {2FF320EE-5D06-4FC3-AFB2-6027DD26BA95} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ASMAIN.EXE [2012-07-27] (Quick Heal Technologies (P) Ltd.)
Task: {34EDBF62-581B-41B8-AA83-081E3CD582A6} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {3EF0EFB4-3FD4-49E2-B3B2-03CF2B00DD06} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-08-07] (Hewlett-Packard Company)
Task: {4065293C-F2DA-4536-BF99-B429B2485C27} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4CC86C14-E328-4F3F-8BF6-E1F421292C3F} - System32\Tasks\HPCeeScheduleFormothername => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {52632512-7D6C-4AB7-99A0-102D304750FA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {5BEB6A8F-5A0F-4A95-8DAE-F21F3A41B946} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {6D4C284B-8275-4FFE-9DF3-8466F9FEABB6} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\System32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {91E95979-2132-4729-843D-F386B07C5DF3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {97ECCA5C-7714-4418-A868-EFBFE20BD957} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {A36246B9-66FE-4E2E-A36C-08102D7D86E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {C477CF83-F128-42D7-8547-54C4C2155303} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {D0ABC8AD-0AF8-4E1E-A603-B9DFB8DAD29B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {E7B781B4-2524-47A5-9380-B4DA7793BCC2} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ACAPPAA.EXE [2012-07-27] (Quick Heal Technologies (P) Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAWATEF$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleFormothername.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ACAPPAA.EXE

==================== Loaded Modules (whitelisted) =============

2012-07-25 21:08 - 2012-07-25 21:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-06 11:54 - 2012-08-06 11:54 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-15 19:33 - 2013-09-15 19:33 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\14050be959443e89237e6c9136ea8e5e\Windows.Foundation.ni.dll
2013-09-15 19:33 - 2013-09-15 19:33 - 01061888 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\a4aef785d3ce787535cf39a1a67f6b48\Windows.ApplicationModel.ni.dll
2013-09-15 19:33 - 2013-09-15 19:33 - 01179136 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\9fbc5975a21c5638ba05f81b9febfaee\Windows.UI.ni.dll
2013-09-15 19:33 - 2013-09-15 19:33 - 01121792 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Storage\937d81c961078049761a9c1e9abb6ef4\Windows.Storage.ni.dll
2013-09-15 19:33 - 2013-09-15 19:33 - 00227328 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\789b6df82d1313538e00a90ec38da270\Windows.Globalization.ni.dll
2013-09-15 19:33 - 2013-09-15 19:33 - 00615424 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Devices\ded7492ea8cf31bac03f36f783ad5ca5\Windows.Devices.ni.dll
2012-07-25 21:44 - 2012-07-25 21:35 - 00036864 _____ () C:\Windows\system32\WinMetadata\Windows.Data.winmd
2013-09-15 19:33 - 2013-09-15 19:33 - 00786944 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Networking\1f422a296316dc0cfe8b0bbb2f51e73e\Windows.Networking.ni.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/03/2013 03:58:19 PM) (Source: ATIeRecord) (User: )
Description: ATI EEU maximum number of session has been surpassed

Error: (11/02/2013 10:28:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7391

Error: (11/02/2013 10:28:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7391

Error: (11/02/2013 10:28:58 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2013 10:28:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6313

Error: (11/02/2013 10:28:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6313

Error: (11/02/2013 10:28:57 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2013 10:28:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5266

Error: (11/02/2013 10:28:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5266

Error: (11/02/2013 10:28:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/02/2013 10:28:37 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/02/2013 10:28:37 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/29/2013 10:30:19 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/29/2013 10:30:19 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/29/2013 10:30:19 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/29/2013 10:30:19 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/29/2013 10:30:19 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/29/2013 10:30:19 PM) (Source: DCOM) (User: AWATEF)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (10/23/2013 08:49:31 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (10/21/2013 07:16:17 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.


Microsoft Office Sessions:
=========================
Error: (11/03/2013 03:58:19 PM) (Source: ATIeRecord)(User: )
Description:

Error: (11/02/2013 10:28:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7391

Error: (11/02/2013 10:28:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7391

Error: (11/02/2013 10:28:58 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2013 10:28:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6313

Error: (11/02/2013 10:28:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6313

Error: (11/02/2013 10:28:57 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/02/2013 10:28:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5266

Error: (11/02/2013 10:28:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5266

Error: (11/02/2013 10:28:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
  Date: 2013-06-09 16:10:51.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:08:09.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:07:25.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:05:57.184
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:05:50.250
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:05:29.389
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:00:42.461
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 16:00:05.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-09 15:59:20.111
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-08 22:23:11.640
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 45%
Total physical RAM: 6036.27 MB
Available physical RAM: 3298.59 MB
Total Pagefile: 6996.27 MB
Available Pagefile: 4042.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:681.91 GB) (Free:640.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.95 GB) (Free:2.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: A3282B07)

Partition: GPT Partition Type
==================== End Of Log ============================
Editor-FRST

HTML-Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by mothername (administrator) on AWATEF on 03-11-2013 17:12:30
Running from C:\Users\mothername\Downloads
Windows 8 Single Language (X64) OS Language: 0401
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\onlinent.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE
(Microsoft Corporation) C:\Windows\system32\wwahost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Farbar) C:\Users\mothername\Downloads\FRST64(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [Quick Heal Core UI] - C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\STRTUPAP.EXE [194536 2012-08-03] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe [74144 2012-08-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
Startup: C:\Users\mothername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
BootExecute: autocheck autochk * C:\PROGRA~1\QUICKH~1\QUICKH~1\nativscn.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\mothername\AppData\Roaming\Mozilla\Firefox\Profiles\70tgm37f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

==================== Services (Whitelisted) =================

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation)
S2 Cleaning Service; C:\PROGRA~1\QUICKH~1\QUICKH~1\ntclnsrv.exe [116128 2013-10-09] ()
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE [38888 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [254952 2012-07-27] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [254952 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe [31720 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe [110056 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE [298952 2012-08-08] (Quick Heal Technologies (P) Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [49824 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [18592 2012-08-05] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [64160 2012-07-27] (Quick Heal Technologies (P) Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio64.sys [66136 2013-08-14] (Quick Heal Technologies (P) Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank64.sys [40096 2012-07-27] (Quick Heal Technologies (P) Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
R1 wsnf; C:\Windows\system32\DRIVERS\wsnf.sys [45176 2012-07-09] (Quick Heal Technologies (P) Ltd.)
R1 wstif; C:\Windows\System32\drivers\wstif.sys [114848 2012-08-03] (Quick Heal Technologies (P) Ltd.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 17:11 - 2013-11-03 17:11 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64(1).exe
2013-11-03 17:11 - 2013-11-03 17:11 - 00000000 ____D C:\FRST
2013-11-03 17:09 - 2013-11-03 17:09 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST(1).exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64.exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST.exe
2013-11-03 16:04 - 2013-11-03 16:04 - 00000000 ____D C:\Windows\system32\Native
2013-10-14 20:39 - 2013-10-14 20:39 - 00422072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 07:25 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 07:25 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 07:25 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 07:25 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 07:25 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 07:25 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 07:25 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 07:25 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 07:25 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-11 07:25 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-11 07:25 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 07:25 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 07:25 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 07:25 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 07:25 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 07:25 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-11 07:25 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 07:25 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 14:39 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:39 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:39 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:39 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:39 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 14:39 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-10 14:39 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-10 14:39 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-10 14:39 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 14:39 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:39 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:39 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 14:39 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 14:39 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:39 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 14:39 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:39 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:39 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:39 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

==================== One Month Modified Files and Folders =======

2013-11-03 17:12 - 2013-01-17 09:03 - 01933484 _____ C:\Windows\WindowsUpdate.log
2013-11-03 17:11 - 2013-11-03 17:11 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64(1).exe
2013-11-03 17:11 - 2013-11-03 17:11 - 00000000 ____D C:\FRST
2013-11-03 17:09 - 2013-11-03 17:09 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST(1).exe
2013-11-03 17:08 - 2013-01-17 09:13 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-527169638-2750244333-1523627778-1001
2013-11-03 17:08 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-03 17:00 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-03 16:59 - 2013-11-03 16:59 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64.exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST.exe
2013-11-03 16:26 - 2013-02-24 19:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-03 16:04 - 2013-11-03 16:04 - 00000000 ____D C:\Windows\system32\Native
2013-11-03 16:04 - 2013-01-17 09:42 - 00003190 _____ C:\Windows\System32\Tasks\HPCeeScheduleFormothername
2013-11-03 16:04 - 2013-01-17 09:42 - 00000366 _____ C:\Windows\Tasks\HPCeeScheduleFormothername.job
2013-11-03 16:04 - 2013-01-17 09:02 - 00000000 ____D C:\Users\mothername
2013-11-03 16:03 - 2013-02-24 16:02 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-03 16:02 - 2013-02-24 16:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-03 16:01 - 2012-08-10 17:45 - 00000821 _____ C:\Windows\SysWOW64\bscs.ini
2013-11-03 15:58 - 2012-09-07 00:42 - 00004524 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-03 15:58 - 2012-09-07 00:42 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-02 21:52 - 2013-01-17 09:52 - 00000486 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2013-11-02 21:51 - 2013-01-17 09:51 - 00000462 _____ C:\Windows\Tasks\Resume Quickup Download.job
2013-10-23 19:49 - 2013-02-24 16:02 - 00003196 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAWATEF$
2013-10-23 19:49 - 2013-02-24 16:02 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForAWATEF$.job
2013-10-15 12:16 - 2013-01-17 09:49 - 00000000 ____D C:\Windows\system32\gprodat
2013-10-14 20:39 - 2013-10-14 20:39 - 00422072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 20:39 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-14 20:38 - 2013-02-16 04:33 - 00000533 _____ C:\Windows\system32\nvscnrpt.log
2013-10-14 20:38 - 2012-08-03 23:23 - 00895698 _____ C:\Windows\PFRO.log
2013-10-13 21:58 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-10-11 17:45 - 2012-08-17 22:43 - 00852564 _____ C:\Windows\system32\perfh00C.dat
2013-10-11 17:45 - 2012-08-17 22:43 - 00496906 _____ C:\Windows\system32\perfh001.dat
2013-10-11 17:45 - 2012-08-17 22:43 - 00182252 _____ C:\Windows\system32\perfc00C.dat
2013-10-11 17:45 - 2012-08-17 22:43 - 00095038 _____ C:\Windows\system32\perfc001.dat
2013-10-11 17:45 - 2012-07-26 08:28 - 02533578 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-11 17:36 - 2013-02-15 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 15:41 - 2013-07-26 00:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 15:39 - 2013-02-16 04:54 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-08 19:26 - 2013-02-24 19:56 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\mothername\AppData\Local\Temp\Extract.exe
C:\Users\mothername\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\mothername\AppData\Local\Temp\PIPInstaller_PTV_.exe
C:\Users\mothername\AppData\Local\Temp\SP59648.exe
C:\Users\mothername\AppData\Local\Temp\SP61795.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-29 14:30

==================== End Of Log ============================

Leider weiß ich nicht wie ich weiter vorgehen soll, da ich eigentlich keine Ahnung habe...
Kann mir dabei jemand helfen? :heulen:

schrauber 03.11.2013 21:56
hi,
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Neda Al 04.11.2013 15:10
Hi,
erstmal möchte ich mich sehr bedanken für deine Hilfe.

Nachdem ich gestern neugestartet hab war die Seite nicht mehr da, aber ich glaube, dass man trotzdem was unternehmen sollte oder?

Habe gerade Combofix laufen lassen

log:
Combofix Logfile:
Code:
ComboFix 13-11-03.02 - mothername 04/11/2013  14:50:45.1.8 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.44.1025.18.6036.4604 [GMT 1:00]
Running from: c:\users\mothername\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((  Files Created from 2013-10-04 to 2013-11-04  )))))))))))))))))))))))))))))))
.
.
2013-11-04 13:57 . 2013-11-04 13:57        --------        d-----w-        c:\users\mothername\AppData\Local\temp
2013-11-04 13:57 . 2013-11-04 13:57        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-11-03 20:01 . 2013-11-03 20:01        --------        d-----w-        c:\users\mothername\AppData\Roaming\Avira
2013-11-03 19:56 . 2013-10-10 18:14        83160        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-11-03 19:56 . 2013-10-10 18:14        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-11-03 19:56 . 2013-10-10 18:14        132600        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-11-03 19:56 . 2013-10-10 18:14        105856        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-11-03 19:56 . 2013-11-03 19:56        --------        d-----w-        c:\programdata\Avira
2013-11-03 19:56 . 2013-11-03 19:56        --------        d-----w-        c:\program files (x86)\Avira
2013-11-03 16:11 . 2013-11-03 16:11        --------        d-----w-        C:\FRST
2013-10-31 13:41 . 2013-10-31 13:41        304304        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10223.bin
2013-10-10 13:39 . 2013-07-05 22:02        99328        ----a-w-        c:\windows\system32\drivers\usbcir.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-11 14:39 . 2013-02-16 03:54        80541720        ----a-w-        c:\windows\system32\MRT.exe
2013-10-02 01:38 . 2013-09-13 07:14        78296        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38 . 2013-09-13 07:14        694232        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-16 05:41 . 2013-09-11 18:30        58200        ----a-w-        c:\windows\system32\drivers\dam.sys
2013-08-16 05:39 . 2013-09-11 18:30        2371728        ----a-w-        c:\windows\system32\WSService.dll
2013-08-16 05:39 . 2013-09-11 18:30        59416        ----a-w-        c:\windows\system32\wuauclt.exe
2013-08-16 05:32 . 2013-09-11 18:30        209200        ----a-w-        c:\windows\system32\NotificationUI.exe
2013-08-16 05:22 . 2013-09-11 18:30        40448        ----a-w-        c:\windows\system32\wuapp.exe
2013-08-16 05:22 . 2013-09-11 18:30        4917760        ----a-w-        c:\windows\system32\sppsvc.exe
2013-08-16 05:21 . 2013-09-11 18:30        3275776        ----a-w-        c:\windows\system32\wuaueng.dll
2013-08-16 05:21 . 2013-09-11 18:30        49664        ----a-w-        c:\windows\system32\wups.dll
2013-08-16 05:21 . 2013-09-11 18:30        49152        ----a-w-        c:\windows\system32\wups2.dll
2013-08-16 05:21 . 2013-09-11 18:30        1621504        ----a-w-        c:\windows\system32\wucltux.dll
2013-08-16 05:21 . 2013-09-11 18:30        99328        ----a-w-        c:\windows\system32\wudriver.dll
2013-08-16 05:21 . 2013-09-11 18:30        252416        ----a-w-        c:\windows\system32\WUSettingsProvider.dll
2013-08-16 05:21 . 2013-09-11 18:30        142848        ----a-w-        c:\windows\system32\wuwebv.dll
2013-08-16 05:21 . 2013-09-11 18:30        773120        ----a-w-        c:\windows\system32\wuapi.dll
2013-08-16 05:21 . 2013-09-11 18:30        688640        ----a-w-        c:\windows\system32\WSShared.dll
2013-08-16 05:21 . 2013-09-11 18:30        183808        ----a-w-        c:\windows\system32\WSSync.dll
2013-08-16 05:21 . 2013-09-11 18:30        204800        ----a-w-        c:\windows\system32\WSClient.dll
2013-08-16 05:21 . 2013-09-11 18:30        198656        ----a-w-        c:\windows\system32\Windows.ApplicationModel.Store.dll
2013-08-16 05:21 . 2013-09-11 18:30        163840        ----a-w-        c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-16 05:21 . 2013-09-11 18:30        174592        ----a-w-        c:\windows\system32\storewuauth.dll
2013-08-16 05:21 . 2013-09-11 18:30        1164288        ----a-w-        c:\windows\system32\sppobjs.dll
2013-08-16 05:21 . 2013-09-11 18:30        368640        ----a-w-        c:\windows\system32\sppwinob.dll
2013-08-16 05:21 . 2013-09-11 18:30        81408        ----a-w-        c:\windows\system32\setupcln.dll
2013-08-16 05:21 . 2013-09-11 18:30        120320        ----a-w-        c:\windows\system32\sppc.dll
2013-08-16 05:20 . 2013-09-11 18:30        105984        ----a-w-        c:\windows\system32\WinSetupUI.dll
2013-08-15 22:43 . 2013-09-11 18:30        35328        ----a-w-        c:\windows\SysWow64\wuapp.exe
2013-08-15 22:43 . 2013-09-11 18:30        628736        ----a-w-        c:\windows\SysWow64\wuapi.dll
2013-08-15 22:43 . 2013-09-11 18:30        84992        ----a-w-        c:\windows\SysWow64\wudriver.dll
2013-08-15 22:43 . 2013-09-11 18:30        20992        ----a-w-        c:\windows\SysWow64\wups.dll
2013-08-15 22:43 . 2013-09-11 18:30        126976        ----a-w-        c:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43 . 2013-09-11 18:30        562688        ----a-w-        c:\windows\SysWow64\WSShared.dll
2013-08-15 22:43 . 2013-09-11 18:30        159232        ----a-w-        c:\windows\SysWow64\WSSync.dll
2013-08-15 22:43 . 2013-09-11 18:30        143872        ----a-w-        c:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43 . 2013-09-11 18:30        83968        ----a-w-        c:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43 . 2013-09-11 18:30        167424        ----a-w-        c:\windows\SysWow64\WSClient.dll
2013-08-15 22:43 . 2013-09-11 18:30        124928        ----a-w-        c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42 . 2013-09-11 18:30        76800        ----a-w-        c:\windows\SysWow64\setupcln.dll
2013-08-15 22:42 . 2013-09-11 18:30        91648        ----a-w-        c:\windows\SysWow64\sppc.dll
2013-08-07 05:15 . 2013-09-11 18:23        144896        ----a-w-        c:\windows\system32\tssdisai.dll
.
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress8"="c:\program files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe" [2013-01-27 1711680]
"AccelerometerSysTrayApplet"="c:\program files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe" [2012-08-10 74144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-08-02 363520]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-10-10 681032]
.
c:\users\mothername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R4 AntiVirWebService;Avira Browser-Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 IntcDAud;??? ?????? ?? Intel(R)???;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost        REG_MULTI_SZ          apphostsvc
iissvcs        REG_MULTI_SZ          w3svc was
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-24 18:26]
.
2013-11-03 c:\windows\Tasks\HPCeeScheduleForAWATEF$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
2013-11-03 c:\windows\Tasks\HPCeeScheduleFormothername.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-07-25 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-07-25 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-07-25 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2013-06-09 1664000]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com?pc=HPNTDFJS
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
mStart Page = hxxp://www.bing.com?pc=HPNTDFJS
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: ??&??? ??? OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: ?&???? ??? Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\mothername\AppData\Roaming\Mozilla\Firefox\Profiles\70tgm37f.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-11-04  14:59:50
ComboFix-quarantined-files.txt  2013-11-04 13:59
.
Pre-Run: 688,569,044,992 bytes free
Post-Run: 688,335,876,096 bytes free
.
- - End Of File - - E280234DEECD64C152CF743718695705
--- --- ---

schrauber 05.11.2013 10:51
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Neda Al 05.11.2013 22:10
Malware:
HTML-Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.11.05.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16721
mothername :: AWATEF [Administrator]

Schutz: Aktiviert

05/11/2013 21:24:17
mbam-log-2013-11-05 (21-24-17).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207242
Laufzeit: 3 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\mothername\Downloads\Java.exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mothername\Downloads\Setup_V.173700665b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mothername\Downloads\Setup_V.173700942b.exe (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\mothername\Downloads\SoftonicDownloader_for_kmplayer.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
AdwCleaner Logfile:
Code:
# AdwCleaner v3.011 - Report created 05/11/2013 at 21:38:46
# Updated 03/11/2013 by Xplode
# Operating System : Windows 8 Single Language  (64 bits)
# Username : mothername - AWATEF
# Running from : C:\Users\mothername\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\PIP

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\mothername\AppData\Roaming\Mozilla\Firefox\Profiles\70tgm37f.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1402 octets] - [05/11/2013 21:38:11]
AdwCleaner[S0].txt - [1135 octets] - [05/11/2013 21:38:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1195 octets] ##########
--- --- ---


Junkware:
HTML-Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 8 Single Language x64
Ran by mothername on 05/11/2013 at 21:46:53.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\mothername\AppData\Roaming\mozilla\firefox\profiles\70tgm37f.default\minidumps [80 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/11/2013 at 21:50:40.46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by mothername (administrator) on AWATEF on 05-11-2013 21:58:05
Running from C:\Users\mothername\Downloads
Windows 8 Single Language (X64) OS Language: 0401
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-09] (IDT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
HKCU\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe [74144 2012-08-10] (Hewlett-Packard Company)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [363520 2012-08-02] (IVT Corporation)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-10] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\mothername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bing.com?pc=HPNTDFJS
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com?pc=HPNTDFJS
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\mothername\AppData\Roaming\Mozilla\Firefox\Profiles\70tgm37f.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-10] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1544192 2012-08-02] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [138752 2012-07-10] (IVT Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-10] (Advanced Micro Devices, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132600 2013-10-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-10-10] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [83160 2013-10-10] (Avira Operations GmbH & Co. KG)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48736 2012-08-08] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rtbth; C:\Windows\System32\drivers\rtbth.sys [695392 2012-08-09] (Ralink Technology, Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-05 21:50 - 2013-11-05 21:50 - 00000770 _____ C:\Users\mothername\Desktop\JRT.txt
2013-11-05 21:46 - 2013-11-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-11-05 21:45 - 2013-11-05 21:45 - 01033335 _____ (Thisisu) C:\Users\mothername\Downloads\JRT.exe
2013-11-05 21:42 - 2013-11-05 21:42 - 00001279 _____ C:\Users\mothername\Desktop\AdwCleaner[S0].txt
2013-11-05 21:38 - 2013-11-05 21:38 - 00000000 ____D C:\AdwCleaner
2013-11-05 21:37 - 2013-11-05 21:37 - 01073258 _____ C:\Users\mothername\Downloads\adwcleaner.exe
2013-11-05 21:22 - 2013-11-05 21:22 - 00000000 ____D C:\Users\mothername\AppData\Roaming\Malwarebytes
2013-11-05 21:21 - 2013-11-05 21:21 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-05 21:21 - 2013-11-05 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-05 21:21 - 2013-11-05 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-05 21:21 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-05 21:20 - 2013-11-05 21:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mothername\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-04 14:59 - 2013-11-04 14:59 - 00015269 _____ C:\ComboFix.txt
2013-11-04 14:50 - 2013-11-04 14:50 - 00001179 _____ C:\Users\mothername\Desktop\‫ComboFix - رمز اختصار.lnk
2013-11-04 14:41 - 2013-11-04 14:41 - 00000260 _____ C:\Users\mothername\Documents\QuickHeal.txt
2013-11-03 23:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-03 23:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-03 23:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-03 23:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-03 23:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-03 23:10 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-11-03 23:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-03 23:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-03 23:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-03 22:40 - 2013-11-04 14:39 - 00024422 _____ C:\uninst.log
2013-11-03 22:35 - 2013-11-04 14:59 - 00000000 ____D C:\Qoobox
2013-11-03 22:35 - 2013-11-04 14:58 - 00000000 ____D C:\Windows\erdnt
2013-11-03 22:35 - 2013-11-03 22:35 - 05143677 ____R (Swearware) C:\Users\mothername\Downloads\ComboFix.exe
2013-11-03 21:01 - 2013-11-03 21:01 - 00000000 ____D C:\Users\mothername\AppData\Roaming\Avira
2013-11-03 20:56 - 2013-11-03 20:56 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-03 20:56 - 2013-11-03 20:56 - 00000000 ____D C:\ProgramData\Avira
2013-11-03 20:56 - 2013-11-03 20:56 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-03 20:56 - 2013-10-10 19:14 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-03 20:56 - 2013-10-10 19:14 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-03 20:56 - 2013-10-10 19:14 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-03 20:56 - 2013-10-10 19:14 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-03 20:54 - 2013-11-03 20:55 - 123853152 _____ C:\Users\mothername\Downloads\avira_free_antivirus_de.exe
2013-11-03 17:16 - 2013-11-03 17:47 - 00022423 _____ C:\Users\mothername\Downloads\Addition.txt
2013-11-03 17:14 - 2013-08-03 07:40 - 01374208 _____ (Microsoft Corporation) C:\Windows\system32\wdc.dll
2013-11-03 17:14 - 2013-08-03 07:40 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wvc.dll
2013-11-03 17:14 - 2013-08-03 07:40 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2013-11-03 17:14 - 2013-08-03 06:14 - 00399360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2013-11-03 17:14 - 2013-08-03 06:13 - 01245696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdc.dll
2013-11-03 17:14 - 2013-08-03 06:13 - 00437248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wvc.dll
2013-11-03 17:13 - 2013-08-10 06:21 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2013-11-03 17:13 - 2013-08-10 06:21 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncInfo.dll
2013-11-03 17:13 - 2013-08-10 04:58 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2013-11-03 17:13 - 2013-08-02 07:28 - 19758080 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-03 17:13 - 2013-08-02 07:28 - 10116608 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2013-11-03 17:13 - 2013-08-02 07:28 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-03 17:13 - 2013-08-02 07:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-03 17:13 - 2013-08-02 06:08 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-03 17:13 - 2013-08-02 06:08 - 08858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2013-11-03 17:13 - 2013-08-02 06:08 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-03 17:13 - 2013-08-02 06:06 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-03 17:13 - 2013-08-01 11:41 - 02233688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-03 17:13 - 2013-07-31 00:30 - 00386923 _____ C:\Windows\system32\ApnDatabase.xml
2013-11-03 17:13 - 2013-07-25 00:10 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2013-11-03 17:13 - 2013-07-25 00:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2013-11-03 17:13 - 2013-04-10 00:17 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2013-11-03 17:13 - 2013-04-09 23:29 - 00893952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2013-11-03 17:11 - 2013-11-03 17:11 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64(1).exe
2013-11-03 17:11 - 2013-11-03 17:11 - 00000000 ____D C:\FRST
2013-11-03 17:09 - 2013-11-03 17:09 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST(1).exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64.exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST.exe
2013-10-14 20:39 - 2013-10-14 20:39 - 00422072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 07:25 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-11 07:25 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-11 07:25 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-11 07:25 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-11 07:25 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-11 07:25 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-11 07:25 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-11 07:25 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-11 07:25 - 2013-07-06 01:15 - 00652288 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-11 07:25 - 2013-07-04 03:13 - 00541696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-11 07:25 - 2013-05-15 23:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2013-10-11 07:25 - 2013-05-15 23:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2013-10-11 07:25 - 2013-05-14 14:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-11 07:25 - 2013-05-14 10:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-11 07:25 - 2013-04-28 23:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-11 07:25 - 2013-02-21 11:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-11 07:25 - 2013-02-21 11:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-11 07:25 - 2013-02-21 11:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-11 07:25 - 2013-02-19 10:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2013-10-11 07:25 - 2012-11-08 05:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-11 07:25 - 2012-11-08 05:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 14:39 - 2013-08-23 06:11 - 04040192 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-10 14:39 - 2013-07-19 23:13 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:39 - 2013-07-19 23:13 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-10 14:39 - 2013-07-05 23:02 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-10 14:39 - 2013-07-05 23:01 - 00210560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-10 14:39 - 2013-07-02 02:41 - 00447320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2013-10-10 14:39 - 2013-07-02 02:41 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2013-10-10 14:39 - 2013-07-02 02:41 - 00213336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2013-10-10 14:39 - 2013-07-01 23:14 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbprint.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00623448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00498008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-10 14:39 - 2013-07-01 02:42 - 00021848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-10 14:39 - 2013-06-29 04:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-10 14:39 - 2013-06-29 04:07 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-10 14:39 - 2013-06-29 04:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-10 14:39 - 2013-06-29 04:06 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-10 14:39 - 2013-06-22 06:45 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-10 14:39 - 2013-06-22 06:45 - 00054488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-10-10 14:39 - 2013-05-27 00:17 - 00035328 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-10 14:39 - 2013-05-26 23:59 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-10 14:39 - 2013-05-25 04:15 - 00362496 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-10 14:39 - 2013-05-25 03:32 - 00300032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll

==================== One Month Modified Files and Folders =======

2013-11-05 21:53 - 2013-01-17 09:03 - 01428973 _____ C:\Windows\WindowsUpdate.log
2013-11-05 21:50 - 2013-11-05 21:50 - 00000770 _____ C:\Users\mothername\Desktop\JRT.txt
2013-11-05 21:46 - 2013-11-05 21:46 - 00000000 ____D C:\Windows\ERUNT
2013-11-05 21:46 - 2012-08-17 22:43 - 00852564 _____ C:\Windows\system32\perfh00C.dat
2013-11-05 21:46 - 2012-08-17 22:43 - 00496906 _____ C:\Windows\system32\perfh001.dat
2013-11-05 21:46 - 2012-08-17 22:43 - 00182252 _____ C:\Windows\system32\perfc00C.dat
2013-11-05 21:46 - 2012-08-17 22:43 - 00095038 _____ C:\Windows\system32\perfc001.dat
2013-11-05 21:46 - 2012-07-26 08:28 - 02533578 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-05 21:45 - 2013-11-05 21:45 - 01033335 _____ (Thisisu) C:\Users\mothername\Downloads\JRT.exe
2013-11-05 21:43 - 2012-08-10 17:45 - 00000821 _____ C:\Windows\SysWOW64\bscs.ini
2013-11-05 21:42 - 2013-11-05 21:42 - 00001279 _____ C:\Users\mothername\Desktop\AdwCleaner[S0].txt
2013-11-05 21:42 - 2012-09-07 00:42 - 00004524 _____ C:\Windows\SysWOW64\LOCALSERVICE.INI
2013-11-05 21:40 - 2012-09-07 00:42 - 00000043 _____ C:\Windows\SysWOW64\LOCALDEVICE.INI
2013-11-05 21:39 - 2012-07-26 08:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-05 21:39 - 2012-07-26 06:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2013-11-05 21:38 - 2013-11-05 21:38 - 00000000 ____D C:\AdwCleaner
2013-11-05 21:37 - 2013-11-05 21:37 - 01073258 _____ C:\Users\mothername\Downloads\adwcleaner.exe
2013-11-05 21:35 - 2013-01-17 09:07 - 00000000 ___RD C:\Users\mothername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-05 21:35 - 2013-01-17 09:07 - 00000000 ___RD C:\Users\mothername\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-05 21:31 - 2012-08-03 23:23 - 01008010 _____ C:\Windows\PFRO.log
2013-11-05 21:30 - 2012-07-26 09:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-05 21:26 - 2013-02-24 19:56 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-05 21:22 - 2013-11-05 21:22 - 00000000 ____D C:\Users\mothername\AppData\Roaming\Malwarebytes
2013-11-05 21:21 - 2013-11-05 21:21 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-05 21:21 - 2013-11-05 21:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-05 21:21 - 2013-11-05 21:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-05 21:20 - 2013-11-05 21:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\mothername\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-05 21:02 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\system32\sru
2013-11-05 13:55 - 2012-07-26 09:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-11-04 17:20 - 2013-01-17 09:13 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-527169638-2750244333-1523627778-1001
2013-11-04 14:59 - 2013-11-04 14:59 - 00015269 _____ C:\ComboFix.txt
2013-11-04 14:59 - 2013-11-03 22:35 - 00000000 ____D C:\Qoobox
2013-11-04 14:59 - 2012-07-26 06:37 - 00000000 __RHD C:\Users\Default
2013-11-04 14:58 - 2013-11-03 22:35 - 00000000 ____D C:\Windows\erdnt
2013-11-04 14:57 - 2012-07-26 06:26 - 00000215 _____ C:\Windows\system.ini
2013-11-04 14:50 - 2013-11-04 14:50 - 00001179 _____ C:\Users\mothername\Desktop\‫ComboFix - رمز اختصار.lnk
2013-11-04 14:41 - 2013-11-04 14:41 - 00000260 _____ C:\Users\mothername\Documents\QuickHeal.txt
2013-11-04 14:39 - 2013-11-03 22:40 - 00024422 _____ C:\uninst.log
2013-11-03 22:35 - 2013-11-03 22:35 - 05143677 ____R (Swearware) C:\Users\mothername\Downloads\ComboFix.exe
2013-11-03 21:01 - 2013-11-03 21:01 - 00000000 ____D C:\Users\mothername\AppData\Roaming\Avira
2013-11-03 20:56 - 2013-11-03 20:56 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-03 20:56 - 2013-11-03 20:56 - 00000000 ____D C:\ProgramData\Avira
2013-11-03 20:56 - 2013-11-03 20:56 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-03 20:55 - 2013-11-03 20:54 - 123853152 _____ C:\Users\mothername\Downloads\avira_free_antivirus_de.exe
2013-11-03 20:39 - 2013-02-24 16:02 - 00000360 _____ C:\Windows\Tasks\HPCeeScheduleForAWATEF$.job
2013-11-03 20:39 - 2013-02-16 04:33 - 00000534 _____ C:\Windows\system32\nvscnrpt.log
2013-11-03 20:39 - 2013-01-17 09:42 - 00000366 _____ C:\Windows\Tasks\HPCeeScheduleFormothername.job
2013-11-03 17:47 - 2013-11-03 17:16 - 00022423 _____ C:\Users\mothername\Downloads\Addition.txt
2013-11-03 17:11 - 2013-11-03 17:11 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64(1).exe
2013-11-03 17:11 - 2013-11-03 17:11 - 00000000 ____D C:\FRST
2013-11-03 17:09 - 2013-11-03 17:09 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST(1).exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01957098 _____ (Farbar) C:\Users\mothername\Downloads\FRST64.exe
2013-11-03 16:59 - 2013-11-03 16:59 - 01089445 _____ (Farbar) C:\Users\mothername\Downloads\FRST.exe
2013-11-03 16:04 - 2013-01-17 09:42 - 00003190 _____ C:\Windows\System32\Tasks\HPCeeScheduleFormothername
2013-11-03 16:04 - 2013-01-17 09:02 - 00000000 ____D C:\Users\mothername
2013-11-03 16:03 - 2013-02-24 16:02 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-03 16:02 - 2013-02-24 16:02 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-10-23 19:49 - 2013-02-24 16:02 - 00003196 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAWATEF$
2013-10-14 20:39 - 2013-10-14 20:39 - 00422072 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-11 17:36 - 2013-02-15 10:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-11 15:41 - 2013-07-26 00:54 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 15:39 - 2013-02-16 04:54 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-10 19:14 - 2013-11-03 20:56 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-10 19:14 - 2013-11-03 20:56 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-10 19:14 - 2013-11-03 20:56 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-10-10 19:14 - 2013-11-03 20:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-08 19:26 - 2013-02-24 19:56 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

Some content of TEMP:
====================
C:\Users\mothername\AppData\Local\temp\avgnt.exe
C:\Users\mothername\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-29 14:30

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---



:applaus::applaus::applaus::applaus: fertig oder????

schrauber 06.11.2013 13:59
Kontrolle :)


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Neda Al 09.12.2013 14:53
Sorry hatte die Zeit über kein Internet. Eset scannt immer bis 50% hängt und scannt nicht weiter. Aber die Viren sind alle weg und es gibt keine Probleme mehr :)) dankeee:))

schrauber 10.12.2013 09:41
Dann lass ESET weg und mach nur den Rest :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:31 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19