Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: SMART_HDD und schwarzer Bildschirm

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 09.04.2012, 16:12   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Zitat:
| Scan Mode: Current user
Du hast den Haken nicht gesetzt bei "Scanne alle Benutzer"
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.04.2012, 22:59   #17
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



o nein - Asche auf mein Haupt, hier noch mal:

Code:
ATTFilter
OTL logfile created on: 09.04.2012 23:08:33 - Run 2
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,43% Memory free
3,98 Gb Paging File | 3,10 Gb Available in Paging File | 77,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,64 Gb Total Space | 177,16 Gb Free Space | 82,15% Space Free | Partition Type: NTFS
Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
 
Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.09 23:06:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL(1).exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
         
__________________


Alt 10.04.2012, 11:27   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Nun ist das Log unvollständig
__________________
__________________

Alt 10.04.2012, 15:02   #19
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



o Mann - frage mich echt, wie ich das wieder hingekriegt habe .... zu blöde. Sorry, sorry.
Also noch einmal:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.04.2012 15:27:00 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,52% Memory free
3,98 Gb Paging File | 3,06 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,64 Gb Total Space | 177,90 Gb Free Space | 82,50% Space Free | Partition Type: NTFS
Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
 
Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.09 23:06:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL(1).exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.03.29 00:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Programme\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2009.10.13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.10 15:23:25 | 000,379,904 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\libsqlitejdbc-815306645106366511.lib
MOD - [2012.04.10 15:23:03 | 000,198,144 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\WindowsAPI.dll
MOD - [2012.02.26 12:23:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012.02.19 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012.02.19 11:20:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.19 11:19:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.19 11:17:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.02.19 11:10:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.19 11:09:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.19 11:09:24 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.02.19 11:08:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.19 11:07:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.19 11:06:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.19 11:06:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.20 22:11:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.29 01:49:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2010.07.29 01:48:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.07.28 19:23:08 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2010.06.18 16:26:18 | 000,267,832 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
MOD - [2010.06.18 16:26:18 | 000,052,280 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2010.06.18 16:26:18 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.09 11:06:18 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.05.07 19:18:10 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.11.11 14:09:22 | 000,018,136 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}
IE - HKLM\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.18 12:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:59:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 11:09:20 | 000,000,000 | ---D | M]
 
[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Extensions
[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Firefox\Profiles\7af0eigr.default\extensions
[2012.03.19 23:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C9F81D2-3215-4C6B-B179-6948B450327A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.08 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.07 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes
[2012.04.07 21:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.07 21:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.07 21:31:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.07 21:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.07 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.03.18 12:30:54 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 15:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.10 15:22:35 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.09 11:02:22 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.09 11:02:22 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.09 11:02:22 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.09 11:02:22 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.08 10:34:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr
[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv
[2012.04.07 21:31:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv
[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk
[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2012.03.19 23:59:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.18 12:25:16 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.08 22:55:46 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.08 22:55:46 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\HP CloudDrive.lnk
[2012.04.08 22:55:46 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2012.04.08 22:55:46 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
[2012.04.08 22:55:46 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\HP Games spielen.lnk
[2012.04.08 22:55:46 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.04.08 22:55:46 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk
[2012.04.08 22:55:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\HP QuickSync.lnk
[2012.04.08 22:55:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.04.08 22:55:46 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.08 22:55:46 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.04.08 22:55:46 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.04.08 22:55:46 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.04.08 22:55:46 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.04.08 22:55:46 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.04.08 22:55:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.04.08 22:55:46 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.08 22:55:46 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.08 22:55:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.04.08 22:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.04.08 22:55:43 | 000,002,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012.04.08 22:55:42 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012.04.07 21:31:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.07 18:45:20 | 000,000,160 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPvr
[2012.04.07 18:45:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPv
[2012.04.07 18:45:19 | 000,000,647 | ---- | C] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk
[2012.04.07 18:45:15 | 000,000,256 | ---- | C] () -- C:\ProgramData\g7wwMXfWUQJwPv
[2012.03.28 22:15:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.03.19 22:42:39 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.19 09:28:49 | 000,000,130 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_Photo.xml
[2011.03.19 09:28:49 | 000,000,121 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_music.xml
[2010.11.08 11:32:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.11.08 11:30:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.11.08 11:24:11 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010.11.08 11:24:11 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010.07.29 01:51:32 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.07.29 01:51:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.07.29 01:51:32 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.07.29 01:51:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.07.28 19:37:48 | 000,000,202 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2010.07.28 17:28:20 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini
 
========== LOP Check ==========
 
[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client
[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP
[2012.04.10 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive
[2011.09.26 19:32:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


An welchen Stellen muss ich dieses SMART_HDD eigentlich überall löschen - taucht im Moment noch auf dem Desktop und unter alle Programme auf.

Alt 10.04.2012, 15:32   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Diesmal ist es kein CustomScan

nochmal laaangsam

- Log vollständig posten in CODE-Tags
- Haken bei ScanneAlleBenutzer
- CustomScan!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.04.2012, 20:47   #21
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



danke, dass Du noch nicht die Geduld mit mir verloren hast - langsam verliere ich ja schon die Geduld mit mir selbst! Ich versuche es also noch mal:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.04.2012 19:59:55 - Run 3
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,80% Memory free
3,98 Gb Paging File | 3,04 Gb Available in Paging File | 76,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,64 Gb Total Space | 177,96 Gb Free Space | 82,53% Space Free | Partition Type: NTFS
Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS
 
Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.09 23:06:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL(1).exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe
PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010.03.29 00:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Programme\Hewlett-Packard\HP CloudDrive\zumodrive.exe
PRC - [2009.10.13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.10 15:23:25 | 000,379,904 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\libsqlitejdbc-815306645106366511.lib
MOD - [2012.04.10 15:23:03 | 000,198,144 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\WindowsAPI.dll
MOD - [2012.02.26 12:23:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll
MOD - [2012.02.19 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012.02.19 11:20:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll
MOD - [2012.02.19 11:19:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.19 11:17:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.02.19 11:10:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.19 11:09:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.19 11:09:24 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.02.19 11:08:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.19 11:07:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.19 11:06:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.19 11:06:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.10.20 22:11:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.07.29 01:49:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll
MOD - [2010.07.29 01:48:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.07.28 19:23:08 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll
MOD - [2010.06.18 16:26:18 | 000,267,832 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
MOD - [2010.06.18 16:26:18 | 000,052,280 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
MOD - [2010.06.18 16:26:18 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.06.09 11:06:18 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.05.07 19:18:10 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.11.11 14:09:22 | 000,018,136 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}
IE - HKLM\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.18 12:30:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:59:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 11:09:20 | 000,000,000 | ---D | M]
 
[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Extensions
[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Firefox\Profiles\7af0eigr.default\extensions
[2012.03.19 23:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C9F81D2-3215-4C6B-B179-6948B450327A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer"
ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - C:\Windows\system32\wscript.exe "C:\Program Files\Hewlett-Packard\HP Media Suite\Home\PinItem.vbs"
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.08 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.07 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes
[2012.04.07 21:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.07 21:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.07 21:31:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.07 21:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.07 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.03.18 12:30:54 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.10 19:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.10 15:22:35 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.09 11:02:22 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.09 11:02:22 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.09 11:02:22 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.09 11:02:22 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.08 10:34:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr
[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv
[2012.04.07 21:31:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv
[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk
[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2012.03.19 23:59:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.03.18 12:25:16 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.04.08 22:55:46 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.04.08 22:55:46 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\HP CloudDrive.lnk
[2012.04.08 22:55:46 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2012.04.08 22:55:46 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk
[2012.04.08 22:55:46 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\HP Games spielen.lnk
[2012.04.08 22:55:46 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012.04.08 22:55:46 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk
[2012.04.08 22:55:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\HP QuickSync.lnk
[2012.04.08 22:55:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.04.08 22:55:46 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012.04.08 22:55:46 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.04.08 22:55:46 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.04.08 22:55:46 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.04.08 22:55:46 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.04.08 22:55:46 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.04.08 22:55:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.04.08 22:55:46 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.04.08 22:55:46 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.08 22:55:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2012.04.08 22:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.04.08 22:55:43 | 000,002,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012.04.08 22:55:42 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2012.04.07 21:31:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.07 18:45:20 | 000,000,160 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPvr
[2012.04.07 18:45:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPv
[2012.04.07 18:45:19 | 000,000,647 | ---- | C] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk
[2012.04.07 18:45:15 | 000,000,256 | ---- | C] () -- C:\ProgramData\g7wwMXfWUQJwPv
[2012.03.28 22:15:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011.03.19 22:42:39 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.19 09:28:49 | 000,000,130 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_Photo.xml
[2011.03.19 09:28:49 | 000,000,121 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_music.xml
[2010.11.08 11:32:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.11.08 11:30:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.11.08 11:24:11 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini
[2010.11.08 11:24:11 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini
[2010.07.29 01:51:32 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.07.29 01:51:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.07.29 01:51:32 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.07.29 01:51:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.07.28 19:37:48 | 000,000,202 | ---- | C] () -- C:\Windows\System32\HPWA.ini
[2010.07.28 17:28:20 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini
 
========== LOP Check ==========
 
[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client
[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP
[2012.04.10 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive
[2011.09.26 19:32:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.03.25 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Adobe
[2011.03.19 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Hewlett-Packard
[2011.03.19 09:28:41 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\hpqLog
[2011.03.19 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Identities
[2011.03.19 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Macromedia
[2012.04.07 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes
[2011.09.05 11:32:49 | 000,000,000 | --SD | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft
[2011.03.19 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Mozilla
[2012.03.11 15:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Skype
[2012.03.10 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\skypePM
[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client
[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP
[2012.02.02 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\U3
[2012.04.10 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive
 
< %APPDATA%\*.exe /s >
[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Roaming\U3\temp\cleanup.exe
[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Mini-ZZ\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys
[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.07.29 02:22:39 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
[2010.07.29 02:22:39 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.07.29 02:22:39 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2010.07.29 02:22:39 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.07.29 02:09:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2010.07.29 02:09:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
--- --- ---

Alt 11.04.2012, 12:09   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun
O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr
[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv
[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv
[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk
[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.04.2012, 21:50   #23
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



ähm - habe da noch ne Frage: wie lange sollte dieser OTL Fix denn so dauern? Ich habe es versucht und 4 Stunden lang keinerlei Reaktion mehr am Rechner gehabt. Es wurde in OTL immer die Staus Meldung "Killing processes - Do not interrupt...." angezeigt. Keinerlei Funktion bei Tastatur oder Touchpad - auch ging der Rechner nicht mehr in den Energiesparmodus, Bildschirm permannent an... Ist das so normal?

Alt 12.04.2012, 09:12   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Wiederhol den Fix im abgesicherten Modus bitte
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.04.2012, 12:46   #25
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Habe ich so gemacht - ging jetzt. Ergebnis

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_USERS\S-1-5-21-3045748316-1306930101-2035370094-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
C:\ProgramData\-g7wwMXfWUQJwPvr moved successfully.
C:\ProgramData\-g7wwMXfWUQJwPv moved successfully.
C:\ProgramData\g7wwMXfWUQJwPv moved successfully.
C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk moved successfully.
C:\Windows\System32\shortcut_ex.dat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mini-ZZ
->Temp folder emptied: 263746661 bytes
->Temporary Internet Files folder emptied: 53593443 bytes
->Java cache emptied: 26516239 bytes
->FireFox cache emptied: 49396472 bytes
->Flash cache emptied: 479 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116349957 bytes
RecycleBin emptied: 12770889 bytes
 
Total Files Cleaned = 498,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Mini-ZZ
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04122012_133935

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 12.04.2012, 15:24   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 12.04.2012, 18:24   #27
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



So hier ist das log:

Code:
ATTFilter
19:10:25.0899 5932	TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:10:26.0289 5932	============================================================
19:10:26.0289 5932	Current date / time: 2012/04/12 19:10:26.0289
19:10:26.0289 5932	SystemInfo:
19:10:26.0289 5932	
19:10:26.0289 5932	OS Version: 6.1.7601 ServicePack: 1.0
19:10:26.0289 5932	Product type: Workstation
19:10:26.0289 5932	ComputerName: HP-MINI-ZZ
19:10:26.0289 5932	UserName: Mini-ZZ
19:10:26.0289 5932	Windows directory: C:\Windows
19:10:26.0289 5932	System windows directory: C:\Windows
19:10:26.0289 5932	Processor architecture: Intel x86
19:10:26.0289 5932	Number of processors: 2
19:10:26.0289 5932	Page size: 0x1000
19:10:26.0289 5932	Boot type: Normal boot
19:10:26.0289 5932	============================================================
19:10:27.0209 5932	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:10:27.0209 5932	\Device\Harddisk0\DR0:
19:10:27.0209 5932	MBR used
19:10:27.0209 5932	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:10:27.0209 5932	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AF48800
19:10:27.0209 5932	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AFAC800, BlocksNum 0x21E5000
19:10:27.0209 5932	\Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
19:10:27.0287 5932	Initialize success
19:10:27.0287 5932	============================================================
19:11:47.0690 5708	============================================================
19:11:47.0690 5708	Scan started
19:11:47.0690 5708	Mode: Manual; SigCheck; TDLFS; 
19:11:47.0690 5708	============================================================
19:11:48.0361 5708	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
19:11:48.0595 5708	1394ohci - ok
19:11:49.0000 5708	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
19:11:49.0078 5708	ACPI - ok
19:11:49.0484 5708	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
19:11:49.0562 5708	AcpiPmi - ok
19:11:49.0983 5708	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:11:50.0077 5708	adp94xx - ok
19:11:50.0482 5708	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:11:50.0545 5708	adpahci - ok
19:11:50.0935 5708	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:11:50.0997 5708	adpu320 - ok
19:11:51.0294 5708	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:11:51.0372 5708	AeLookupSvc - ok
19:11:51.0512 5708	AESTFilters     (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
19:11:51.0637 5708	AESTFilters - ok
19:11:52.0042 5708	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
19:11:52.0136 5708	AFD - ok
19:11:52.0510 5708	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
19:11:52.0557 5708	agp440 - ok
19:11:52.0978 5708	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:11:53.0041 5708	aic78xx - ok
19:11:53.0337 5708	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:11:53.0415 5708	ALG - ok
19:11:53.0790 5708	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
19:11:53.0836 5708	aliide - ok
19:11:54.0226 5708	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
19:11:54.0273 5708	amdagp - ok
19:11:54.0679 5708	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
19:11:54.0726 5708	amdide - ok
19:11:55.0131 5708	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:11:55.0194 5708	AmdK8 - ok
19:11:55.0599 5708	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:11:55.0693 5708	AmdPPM - ok
19:11:56.0098 5708	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
19:11:56.0145 5708	amdsata - ok
19:11:56.0551 5708	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:11:56.0598 5708	amdsbs - ok
19:11:57.0003 5708	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
19:11:57.0050 5708	amdxata - ok
19:11:57.0440 5708	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
19:11:57.0565 5708	AppID - ok
19:11:57.0861 5708	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:11:57.0970 5708	AppIDSvc - ok
19:11:58.0282 5708	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
19:11:58.0407 5708	Appinfo - ok
19:11:58.0813 5708	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:11:58.0844 5708	arc - ok
19:11:59.0296 5708	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:11:59.0343 5708	arcsas - ok
19:11:59.0796 5708	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
19:11:59.0889 5708	aswFsBlk - ok
19:12:00.0342 5708	aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
19:12:00.0388 5708	aswMonFlt - ok
19:12:00.0825 5708	aswRdr          (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys
19:12:00.0872 5708	aswRdr - ok
19:12:01.0340 5708	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
19:12:01.0387 5708	aswSnx - ok
19:12:01.0839 5708	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
19:12:01.0886 5708	aswSP - ok
19:12:02.0323 5708	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
19:12:02.0354 5708	aswTdi - ok
19:12:02.0760 5708	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:12:02.0869 5708	AsyncMac - ok
19:12:03.0243 5708	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
19:12:03.0290 5708	atapi - ok
19:12:03.0618 5708	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:12:03.0758 5708	AudioEndpointBuilder - ok
19:12:03.0774 5708	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
19:12:03.0852 5708	Audiosrv - ok
19:12:03.0961 5708	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:12:04.0008 5708	avast! Antivirus - ok
19:12:04.0304 5708	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
19:12:04.0398 5708	AxInstSV - ok
19:12:04.0803 5708	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:12:04.0881 5708	b06bdrv - ok
19:12:05.0302 5708	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:12:05.0396 5708	b57nd60x - ok
19:12:05.0630 5708	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
19:12:05.0692 5708	BBSvc - ok
19:12:05.0739 5708	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
19:12:05.0802 5708	BBUpdate - ok
19:12:06.0285 5708	BCM43XX         (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:12:06.0426 5708	BCM43XX - ok
19:12:06.0753 5708	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:12:06.0847 5708	BDESVC - ok
19:12:07.0252 5708	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:12:07.0377 5708	Beep - ok
19:12:07.0705 5708	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
19:12:07.0830 5708	BFE - ok
19:12:08.0173 5708	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
19:12:08.0344 5708	BITS - ok
19:12:08.0750 5708	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:12:08.0812 5708	blbdrive - ok
19:12:09.0218 5708	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
19:12:09.0296 5708	bowser - ok
19:12:09.0655 5708	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:12:09.0733 5708	BrFiltLo - ok
19:12:10.0123 5708	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:12:10.0248 5708	BrFiltUp - ok
19:12:10.0544 5708	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
19:12:10.0669 5708	Browser - ok
19:12:11.0059 5708	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:12:11.0152 5708	Brserid - ok
19:12:11.0558 5708	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:12:11.0636 5708	BrSerWdm - ok
19:12:12.0026 5708	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:12:12.0104 5708	BrUsbMdm - ok
19:12:12.0494 5708	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:12:12.0572 5708	BrUsbSer - ok
19:12:12.0946 5708	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:12:13.0040 5708	BTHMODEM - ok
19:12:13.0336 5708	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:12:13.0461 5708	bthserv - ok
19:12:13.0836 5708	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:12:13.0929 5708	cdfs - ok
19:12:14.0350 5708	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
19:12:14.0413 5708	cdrom - ok
19:12:14.0709 5708	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:12:14.0834 5708	CertPropSvc - ok
19:12:15.0224 5708	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:12:15.0302 5708	circlass - ok
19:12:15.0614 5708	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:12:15.0676 5708	CLFS - ok
19:12:15.0879 5708	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:12:15.0926 5708	clr_optimization_v2.0.50727_32 - ok
19:12:16.0269 5708	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:12:16.0316 5708	clr_optimization_v4.0.30319_32 - ok
19:12:16.0706 5708	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:12:16.0768 5708	CmBatt - ok
19:12:17.0143 5708	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
19:12:17.0190 5708	cmdide - ok
19:12:17.0595 5708	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
19:12:17.0673 5708	CNG - ok
19:12:18.0048 5708	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:12:18.0110 5708	Compbatt - ok
19:12:18.0516 5708	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
19:12:18.0594 5708	CompositeBus - ok
19:12:18.0874 5708	COMSysApp - ok
19:12:19.0264 5708	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:12:19.0311 5708	crcdisk - ok
19:12:19.0639 5708	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
19:12:19.0764 5708	CryptSvc - ok
19:12:19.0951 5708	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:12:20.0029 5708	cvhsvc - ok
19:12:20.0356 5708	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:12:20.0497 5708	DcomLaunch - ok
19:12:20.0653 5708	DCService.exe   (cc8b5c964b777f4ec3e89f13b4b5ff0f) C:\ProgramData\DatacardService\DCService.exe
19:12:20.0700 5708	DCService.exe ( UnsignedFile.Multi.Generic ) - warning
19:12:20.0700 5708	DCService.exe - detected UnsignedFile.Multi.Generic (1)
19:12:20.0996 5708	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:12:21.0090 5708	defragsvc - ok
19:12:21.0480 5708	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
19:12:21.0604 5708	DfsC - ok
19:12:21.0916 5708	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
19:12:22.0057 5708	Dhcp - ok
19:12:22.0447 5708	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:12:22.0540 5708	discache - ok
19:12:22.0946 5708	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:12:22.0993 5708	Disk - ok
19:12:23.0289 5708	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
19:12:23.0383 5708	Dnscache - ok
19:12:23.0695 5708	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
19:12:23.0820 5708	dot3svc - ok
19:12:24.0132 5708	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
19:12:24.0256 5708	DPS - ok
19:12:24.0662 5708	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:12:24.0756 5708	drmkaud - ok
19:12:25.0177 5708	DVMIO           (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys
19:12:25.0224 5708	DVMIO - ok
19:12:25.0364 5708	DvmMDES         (489c4ec8baa2a458615f3248ff2ace7e) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe
19:12:25.0426 5708	DvmMDES - ok
19:12:25.0832 5708	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
19:12:25.0910 5708	DXGKrnl - ok
19:12:26.0206 5708	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:12:26.0331 5708	EapHost - ok
19:12:26.0815 5708	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:12:26.0986 5708	ebdrv - ok
19:12:27.0283 5708	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
19:12:27.0376 5708	EFS - ok
19:12:27.0782 5708	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:12:27.0860 5708	elxstor - ok
19:12:28.0250 5708	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
19:12:28.0328 5708	ErrDev - ok
19:12:28.0640 5708	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:12:28.0780 5708	EventSystem - ok
19:12:29.0217 5708	ewusbnet        (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys
19:12:29.0326 5708	ewusbnet - ok
19:12:29.0748 5708	ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:12:29.0810 5708	ew_hwusbdev - ok
19:12:30.0216 5708	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:12:30.0325 5708	exfat - ok
19:12:30.0730 5708	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:12:30.0840 5708	fastfat - ok
19:12:31.0136 5708	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
19:12:31.0276 5708	Fax - ok
19:12:31.0651 5708	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:12:31.0729 5708	fdc - ok
19:12:32.0010 5708	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:12:32.0119 5708	fdPHost - ok
19:12:32.0431 5708	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:12:32.0571 5708	FDResPub - ok
19:12:32.0977 5708	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:12:33.0024 5708	FileInfo - ok
19:12:33.0414 5708	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:12:33.0538 5708	Filetrace - ok
19:12:33.0928 5708	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:12:34.0006 5708	flpydisk - ok
19:12:34.0412 5708	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:12:34.0459 5708	FltMgr - ok
19:12:34.0771 5708	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
19:12:34.0880 5708	FontCache - ok
19:12:35.0052 5708	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:12:35.0098 5708	FontCache3.0.0.0 - ok
19:12:35.0410 5708	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:12:35.0457 5708	FsDepends - ok
19:12:35.0878 5708	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:12:35.0910 5708	Fs_Rec - ok
19:12:36.0315 5708	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
19:12:36.0378 5708	fvevol - ok
19:12:36.0783 5708	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:12:36.0846 5708	gagp30kx - ok
19:12:36.0986 5708	GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
19:12:37.0033 5708	GameConsoleService - ok
19:12:37.0345 5708	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
19:12:37.0485 5708	gpsvc - ok
19:12:37.0891 5708	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:12:37.0953 5708	hcw85cir - ok
19:12:38.0374 5708	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
19:12:38.0484 5708	HdAudAddService - ok
19:12:38.0889 5708	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
19:12:38.0983 5708	HDAudBus - ok
19:12:39.0388 5708	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:12:39.0451 5708	HidBatt - ok
19:12:39.0856 5708	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:12:39.0934 5708	HidBth - ok
19:12:40.0340 5708	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:12:40.0434 5708	HidIr - ok
19:12:40.0730 5708	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:12:40.0839 5708	hidserv - ok
19:12:41.0260 5708	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
19:12:41.0307 5708	HidUsb - ok
19:12:41.0619 5708	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
19:12:41.0744 5708	hkmsvc - ok
19:12:42.0040 5708	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
19:12:42.0118 5708	HomeGroupListener - ok
19:12:42.0430 5708	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
19:12:42.0555 5708	HomeGroupProvider - ok
19:12:42.0711 5708	HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
19:12:42.0742 5708	HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
19:12:42.0742 5708	HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
19:12:42.0867 5708	HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
19:12:42.0914 5708	HP Wireless Assistant Service - ok
19:12:42.0976 5708	HPDrvMntSvc.exe (881f74074963cdad8c475d09dc3a0bb6) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:12:43.0023 5708	HPDrvMntSvc.exe - ok
19:12:43.0117 5708	hpqwmiex        (fe51b163a618b1cbf015485d21c1bc68) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:12:43.0195 5708	hpqwmiex - ok
19:12:43.0632 5708	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
19:12:43.0694 5708	HpSAMD - ok
19:12:43.0897 5708	HPWMISVC        (9df9cf7840a3a99f2ffd614f0a13f2f9) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
19:12:43.0928 5708	HPWMISVC - ok
19:12:44.0599 5708	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
19:12:44.0724 5708	HTTP - ok
19:12:45.0114 5708	huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:12:45.0192 5708	huawei_enumerator - ok
19:12:45.0582 5708	hwdatacard      (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:12:45.0691 5708	hwdatacard - ok
19:12:46.0096 5708	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
19:12:46.0143 5708	hwpolicy - ok
19:12:46.0596 5708	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
19:12:46.0674 5708	i8042prt - ok
19:12:46.0798 5708	IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
19:12:46.0845 5708	IAANTMON - ok
19:12:47.0251 5708	iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
19:12:47.0298 5708	iaStor - ok
19:12:47.0719 5708	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
19:12:47.0781 5708	iaStorV - ok
19:12:48.0000 5708	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:12:48.0093 5708	idsvc - ok
19:12:48.0702 5708	igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:12:48.0982 5708	igfx - ok
19:12:49.0388 5708	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:12:49.0450 5708	iirsp - ok
19:12:49.0778 5708	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
19:12:50.0012 5708	IKEEXT - ok
19:12:50.0402 5708	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
19:12:50.0464 5708	intelide - ok
19:12:51.0198 5708	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:12:51.0322 5708	intelppm - ok
19:12:51.0588 5708	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:12:51.0728 5708	IPBusEnum - ok
19:12:51.0915 5708	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:12:52.0056 5708	IpFilterDriver - ok
19:12:52.0399 5708	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
19:12:52.0586 5708	iphlpsvc - ok
19:12:52.0992 5708	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
19:12:53.0054 5708	IPMIDRV - ok
19:12:53.0444 5708	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:12:53.0600 5708	IPNAT - ok
19:12:53.0990 5708	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:12:54.0052 5708	IRENUM - ok
19:12:54.0442 5708	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
19:12:54.0474 5708	isapnp - ok
19:12:54.0895 5708	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
19:12:54.0942 5708	iScsiPrt - ok
19:12:55.0332 5708	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
19:12:55.0378 5708	kbdclass - ok
19:12:55.0800 5708	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
19:12:55.0878 5708	kbdhid - ok
19:12:56.0143 5708	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:12:56.0190 5708	KeyIso - ok
19:12:56.0580 5708	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
19:12:56.0642 5708	KSecDD - ok
19:12:57.0048 5708	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
19:12:57.0094 5708	KSecPkg - ok
19:12:57.0391 5708	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:12:57.0547 5708	KtmRm - ok
19:12:57.0874 5708	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
19:12:58.0046 5708	LanmanServer - ok
19:12:58.0358 5708	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
19:12:58.0467 5708	LanmanWorkstation - ok
19:12:58.0888 5708	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:12:58.0998 5708	lltdio - ok
19:12:59.0278 5708	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:12:59.0388 5708	lltdsvc - ok
19:12:59.0668 5708	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:12:59.0793 5708	lmhosts - ok
19:13:00.0199 5708	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:13:00.0261 5708	LSI_FC - ok
19:13:00.0651 5708	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:13:00.0714 5708	LSI_SAS - ok
19:13:01.0104 5708	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:13:01.0150 5708	LSI_SAS2 - ok
19:13:01.0556 5708	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:13:01.0603 5708	LSI_SCSI - ok
19:13:02.0008 5708	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:13:02.0102 5708	luafv - ok
19:13:02.0508 5708	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:13:02.0570 5708	megasas - ok
19:13:02.0991 5708	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:13:03.0038 5708	MegaSR - ok
19:13:03.0506 5708	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:13:03.0646 5708	MMCSS - ok
19:13:04.0052 5708	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:13:04.0177 5708	Modem - ok
19:13:04.0598 5708	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:13:04.0676 5708	monitor - ok
19:13:05.0097 5708	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
19:13:05.0128 5708	mouclass - ok
19:13:05.0659 5708	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:13:05.0737 5708	mouhid - ok
19:13:06.0142 5708	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
19:13:06.0205 5708	mountmgr - ok
19:13:06.0595 5708	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
19:13:06.0657 5708	mpio - ok
19:13:07.0047 5708	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:13:07.0156 5708	mpsdrv - ok
19:13:07.0468 5708	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
19:13:07.0656 5708	MpsSvc - ok
19:13:08.0046 5708	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
19:13:08.0155 5708	MRxDAV - ok
19:13:08.0545 5708	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:08.0638 5708	mrxsmb - ok
19:13:09.0044 5708	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:09.0122 5708	mrxsmb10 - ok
19:13:09.0496 5708	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:09.0590 5708	mrxsmb20 - ok
19:13:09.0980 5708	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
19:13:10.0011 5708	msahci - ok
19:13:10.0417 5708	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
19:13:10.0479 5708	msdsm - ok
19:13:10.0791 5708	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:13:10.0854 5708	MSDTC - ok
19:13:11.0259 5708	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:13:11.0353 5708	Msfs - ok
19:13:11.0743 5708	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:13:11.0821 5708	mshidkmdf - ok
19:13:12.0195 5708	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
19:13:12.0242 5708	msisadrv - ok
19:13:12.0538 5708	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:13:12.0663 5708	MSiSCSI - ok
19:13:12.0928 5708	msiserver - ok
19:13:13.0334 5708	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:13:13.0474 5708	MSKSSRV - ok
19:13:13.0880 5708	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:13.0989 5708	MSPCLOCK - ok
19:13:14.0410 5708	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:13:14.0520 5708	MSPQM - ok
19:13:14.0925 5708	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:13:14.0972 5708	MsRPC - ok
19:13:15.0378 5708	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
19:13:15.0424 5708	mssmbios - ok
19:13:15.0830 5708	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:13:15.0955 5708	MSTEE - ok
19:13:16.0345 5708	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:13:16.0423 5708	MTConfig - ok
19:13:16.0797 5708	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:13:16.0844 5708	Mup - ok
19:13:17.0156 5708	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
19:13:17.0312 5708	napagent - ok
19:13:17.0702 5708	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:13:17.0780 5708	NativeWifiP - ok
19:13:18.0217 5708	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
19:13:18.0310 5708	NDIS - ok
19:13:18.0700 5708	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:13:18.0825 5708	NdisCap - ok
19:13:19.0246 5708	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:19.0356 5708	NdisTapi - ok
19:13:19.0761 5708	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:19.0886 5708	Ndisuio - ok
19:13:20.0276 5708	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:20.0385 5708	NdisWan - ok
19:13:20.0791 5708	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
19:13:20.0900 5708	NDProxy - ok
19:13:21.0306 5708	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:13:21.0430 5708	NetBIOS - ok
19:13:21.0836 5708	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
19:13:21.0930 5708	NetBT - ok
19:13:22.0226 5708	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:13:22.0288 5708	Netlogon - ok
19:13:22.0600 5708	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:13:22.0741 5708	Netman - ok
19:13:23.0037 5708	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:13:23.0193 5708	netprofm - ok
19:13:23.0396 5708	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:23.0443 5708	NetTcpPortSharing - ok
19:13:23.0926 5708	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
19:13:24.0176 5708	netw5v32 - ok
19:13:24.0597 5708	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:13:24.0644 5708	nfrd960 - ok
19:13:24.0940 5708	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
19:13:25.0096 5708	NlaSvc - ok
19:13:25.0518 5708	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:13:25.0658 5708	Npfs - ok
19:13:25.0939 5708	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:13:26.0048 5708	nsi - ok
19:13:26.0422 5708	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:13:26.0547 5708	nsiproxy - ok
19:13:26.0984 5708	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
19:13:27.0109 5708	Ntfs - ok
19:13:27.0499 5708	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:13:27.0608 5708	Null - ok
19:13:28.0029 5708	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
19:13:28.0076 5708	nvraid - ok
19:13:28.0482 5708	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
19:13:28.0528 5708	nvstor - ok
19:13:28.0934 5708	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
19:13:28.0965 5708	nv_agp - ok
19:13:29.0371 5708	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
19:13:29.0449 5708	ohci1394 - ok
19:13:29.0574 5708	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:13:29.0620 5708	ose - ok
19:13:29.0808 5708	osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:13:30.0104 5708	osppsvc - ok
19:13:30.0432 5708	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:13:30.0541 5708	p2pimsvc - ok
19:13:30.0853 5708	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:13:30.0962 5708	p2psvc - ok
19:13:31.0383 5708	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:13:31.0446 5708	Parport - ok
19:13:31.0851 5708	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
19:13:31.0898 5708	partmgr - ok
19:13:32.0304 5708	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:13:32.0366 5708	Parvdm - ok
19:13:32.0678 5708	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:13:32.0756 5708	PcaSvc - ok
19:13:33.0130 5708	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
19:13:33.0193 5708	pci - ok
19:13:33.0598 5708	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
19:13:33.0645 5708	pciide - ok
19:13:34.0035 5708	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:13:34.0098 5708	pcmcia - ok
19:13:34.0472 5708	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:13:34.0519 5708	pcw - ok
19:13:34.0956 5708	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:13:35.0096 5708	PEAUTH - ok
19:13:35.0486 5708	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
19:13:35.0689 5708	pla - ok
19:13:35.0985 5708	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
19:13:36.0063 5708	PlugPlay - ok
19:13:36.0360 5708	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:13:36.0453 5708	PNRPAutoReg - ok
19:13:36.0765 5708	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:13:36.0859 5708	PNRPsvc - ok
19:13:37.0171 5708	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
19:13:37.0342 5708	PolicyAgent - ok
19:13:37.0654 5708	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
19:13:37.0764 5708	Power - ok
19:13:38.0169 5708	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:38.0278 5708	PptpMiniport - ok
19:13:38.0684 5708	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:13:38.0762 5708	Processor - ok
19:13:39.0058 5708	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
19:13:39.0183 5708	ProfSvc - ok
19:13:39.0495 5708	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:13:39.0542 5708	ProtectedStorage - ok
19:13:39.0948 5708	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:13:40.0057 5708	Psched - ok
19:13:40.0494 5708	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:13:40.0650 5708	ql2300 - ok
19:13:41.0040 5708	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:13:41.0102 5708	ql40xx - ok
19:13:41.0398 5708	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:13:41.0492 5708	QWAVE - ok
19:13:41.0898 5708	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:13:41.0960 5708	QWAVEdrv - ok
19:13:42.0381 5708	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:42.0506 5708	RasAcd - ok
19:13:42.0912 5708	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:13:43.0005 5708	RasAgileVpn - ok
19:13:43.0302 5708	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:13:43.0411 5708	RasAuto - ok
19:13:43.0817 5708	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:43.0926 5708	Rasl2tp - ok
19:13:44.0253 5708	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
19:13:44.0409 5708	RasMan - ok
19:13:44.0815 5708	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:44.0909 5708	RasPppoe - ok
19:13:45.0299 5708	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:45.0408 5708	RasSstp - ok
19:13:45.0798 5708	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:45.0938 5708	rdbss - ok
19:13:46.0328 5708	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:13:46.0406 5708	rdpbus - ok
19:13:46.0827 5708	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:46.0937 5708	RDPCDD - ok
19:13:47.0451 5708	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:13:47.0576 5708	RDPENCDD - ok
19:13:48.0013 5708	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:13:48.0138 5708	RDPREFMP - ok
19:13:48.0543 5708	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
19:13:48.0621 5708	RDPWD - ok
19:13:49.0058 5708	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
19:13:49.0105 5708	rdyboost - ok
19:13:49.0417 5708	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:13:49.0542 5708	RemoteAccess - ok
19:13:49.0838 5708	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:13:49.0932 5708	RemoteRegistry - ok
19:13:50.0228 5708	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:13:50.0322 5708	RpcEptMapper - ok
19:13:50.0618 5708	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:13:50.0696 5708	RpcLocator - ok
19:13:51.0008 5708	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
19:13:51.0102 5708	RpcSs - ok
19:13:51.0585 5708	RSPCIESTOR      (2ad7b2b3d7a10ae3d534877d543eed74) C:\Windows\system32\DRIVERS\RtsPStor.sys
19:13:51.0632 5708	RSPCIESTOR - ok
19:13:52.0038 5708	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:52.0163 5708	rspndr - ok
19:13:52.0584 5708	RTL8167         (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys
19:13:52.0631 5708	RTL8167 - ok
19:13:52.0927 5708	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:13:52.0989 5708	SamSs - ok
19:13:53.0411 5708	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
19:13:53.0457 5708	sbp2port - ok
19:13:53.0769 5708	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:13:53.0910 5708	SCardSvr - ok
19:13:54.0315 5708	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
19:13:54.0440 5708	scfilter - ok
19:13:54.0752 5708	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
19:13:54.0939 5708	Schedule - ok
19:13:55.0251 5708	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
19:13:55.0361 5708	SCPolicySvc - ok
19:13:55.0782 5708	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
19:13:55.0860 5708	sdbus - ok
19:13:56.0156 5708	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
19:13:56.0234 5708	SDRSVC - ok
19:13:56.0640 5708	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:13:56.0733 5708	secdrv - ok
19:13:57.0014 5708	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:13:57.0155 5708	seclogon - ok
19:13:57.0451 5708	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:13:57.0576 5708	SENS - ok
19:13:57.0981 5708	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:13:58.0028 5708	Serenum - ok
19:13:58.0449 5708	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:13:58.0527 5708	Serial - ok
19:13:58.0917 5708	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:13:58.0995 5708	sermouse - ok
19:13:59.0323 5708	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
19:13:59.0463 5708	SessionEnv - ok
19:13:59.0853 5708	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
19:13:59.0931 5708	sffdisk - ok
19:14:00.0337 5708	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
19:14:00.0431 5708	sffp_mmc - ok
19:14:00.0836 5708	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
19:14:00.0899 5708	sffp_sd - ok
19:14:01.0289 5708	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:14:01.0382 5708	sfloppy - ok
19:14:01.0835 5708	Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:14:01.0897 5708	Sftfs - ok
19:14:02.0022 5708	sftlist         (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
19:14:02.0100 5708	sftlist - ok
19:14:02.0490 5708	Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:14:02.0537 5708	Sftplay - ok
19:14:02.0927 5708	Sftredir        (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:14:02.0973 5708	Sftredir - ok
19:14:03.0379 5708	Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:14:03.0426 5708	Sftvol - ok
19:14:03.0551 5708	sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
19:14:03.0597 5708	sftvsa - ok
19:14:03.0909 5708	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:14:04.0050 5708	SharedAccess - ok
19:14:04.0377 5708	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
19:14:04.0533 5708	ShellHWDetection - ok
19:14:04.0955 5708	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
19:14:05.0001 5708	sisagp - ok
19:14:05.0423 5708	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:14:05.0469 5708	SiSRaid2 - ok
19:14:05.0859 5708	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:14:05.0906 5708	SiSRaid4 - ok
19:14:06.0312 5708	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:14:06.0405 5708	Smb - ok
19:14:06.0717 5708	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:14:06.0795 5708	SNMPTRAP - ok
19:14:07.0154 5708	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:14:07.0217 5708	spldr - ok
19:14:07.0544 5708	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
19:14:07.0716 5708	Spooler - ok
19:14:08.0121 5708	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
19:14:08.0371 5708	sppsvc - ok
19:14:08.0714 5708	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
19:14:08.0839 5708	sppuinotify - ok
19:14:09.0260 5708	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
19:14:09.0338 5708	srv - ok
19:14:09.0744 5708	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
19:14:09.0837 5708	srv2 - ok
19:14:10.0243 5708	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:14:10.0321 5708	SrvHsfHDA - ok
19:14:10.0742 5708	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:14:10.0851 5708	SrvHsfV92 - ok
19:14:11.0273 5708	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:14:11.0351 5708	SrvHsfWinac - ok
19:14:11.0756 5708	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
19:14:11.0819 5708	srvnet - ok
19:14:12.0115 5708	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:14:12.0224 5708	SSDPSRV - ok
19:14:12.0521 5708	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:14:12.0630 5708	SstpSvc - ok
19:14:12.0801 5708	STacSV          (f076ffe8af8398fdf2028f6eac5f1778) C:\Program Files\IDT\WDM\STacSV.exe
19:14:12.0879 5708	STacSV - ok
19:14:13.0254 5708	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:14:13.0301 5708	stexstor - ok
19:14:13.0737 5708	STHDA           (f71736dc79731c98698b93326e01a6bd) C:\Windows\system32\DRIVERS\stwrt.sys
19:14:13.0815 5708	STHDA - ok
19:14:14.0127 5708	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
19:14:14.0252 5708	StiSvc - ok
19:14:14.0627 5708	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
19:14:14.0673 5708	swenum - ok
19:14:14.0985 5708	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:14:15.0141 5708	swprv - ok
19:14:15.0594 5708	SynTP           (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys
19:14:15.0672 5708	SynTP - ok
19:14:15.0999 5708	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
19:14:16.0124 5708	SysMain - ok
19:14:16.0452 5708	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
19:14:16.0530 5708	TabletInputService - ok
19:14:16.0842 5708	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
19:14:16.0998 5708	TapiSrv - ok
19:14:17.0294 5708	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:14:17.0419 5708	TBS - ok
19:14:17.0871 5708	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
19:14:17.0996 5708	Tcpip - ok
19:14:18.0433 5708	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
19:14:18.0511 5708	TCPIP6 - ok
19:14:18.0932 5708	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
19:14:19.0057 5708	tcpipreg - ok
19:14:19.0478 5708	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
19:14:19.0572 5708	TDPIPE - ok
19:14:19.0962 5708	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
19:14:20.0040 5708	TDTCP - ok
19:14:20.0461 5708	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
19:14:20.0570 5708	tdx - ok
19:14:20.0976 5708	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
19:14:21.0023 5708	TermDD - ok
19:14:21.0319 5708	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
19:14:21.0444 5708	TermService - ok
19:14:21.0725 5708	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:14:21.0834 5708	Themes - ok
19:14:22.0146 5708	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:14:22.0255 5708	THREADORDER - ok
19:14:22.0551 5708	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:14:22.0676 5708	TrkWks - ok
19:14:22.0817 5708	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
19:14:22.0941 5708	TrustedInstaller - ok
19:14:23.0285 5708	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:14:23.0363 5708	tssecsrv - ok
19:14:23.0831 5708	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
19:14:23.0893 5708	TsUsbFlt - ok
19:14:24.0330 5708	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
19:14:24.0455 5708	tunnel - ok
19:14:24.0845 5708	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:14:24.0891 5708	uagp35 - ok
19:14:25.0297 5708	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
19:14:25.0422 5708	udfs - ok
19:14:25.0718 5708	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:14:25.0827 5708	UI0Detect - ok
19:14:26.0217 5708	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
19:14:26.0264 5708	uliagpkx - ok
19:14:26.0654 5708	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
19:14:26.0717 5708	umbus - ok
19:14:27.0091 5708	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:14:27.0200 5708	UmPass - ok
19:14:27.0512 5708	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:14:27.0653 5708	upnphost - ok
19:14:28.0043 5708	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
19:14:28.0121 5708	usbccgp - ok
19:14:28.0511 5708	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
19:14:28.0604 5708	usbcir - ok
19:14:28.0994 5708	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
19:14:29.0057 5708	usbehci - ok
19:14:29.0525 5708	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
19:14:29.0634 5708	usbhub - ok
19:14:30.0507 5708	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
19:14:30.0585 5708	usbohci - ok
19:14:31.0225 5708	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:14:31.0319 5708	usbprint - ok
19:14:31.0709 5708	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:14:31.0787 5708	USBSTOR - ok
19:14:32.0223 5708	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
19:14:32.0317 5708	usbuhci - ok
19:14:32.0769 5708	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
19:14:32.0832 5708	usbvideo - ok
19:14:33.0128 5708	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:14:33.0269 5708	UxSms - ok
19:14:33.0581 5708	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
19:14:33.0659 5708	VaultSvc - ok
19:14:34.0080 5708	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
19:14:34.0127 5708	vdrvroot - ok
19:14:34.0454 5708	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
19:14:34.0641 5708	vds - ok
19:14:35.0047 5708	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:14:35.0141 5708	vga - ok
19:14:35.0531 5708	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:14:35.0640 5708	VgaSave - ok
19:14:36.0045 5708	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
19:14:36.0108 5708	vhdmp - ok
19:14:36.0498 5708	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
19:14:36.0560 5708	viaagp - ok
19:14:36.0935 5708	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:14:37.0028 5708	ViaC7 - ok
19:14:37.0418 5708	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
19:14:37.0465 5708	viaide - ok
19:14:37.0855 5708	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
19:14:37.0902 5708	volmgr - ok
19:14:38.0292 5708	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:14:38.0354 5708	volmgrx - ok
19:14:38.0775 5708	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
19:14:38.0822 5708	volsnap - ok
19:14:39.0228 5708	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:14:39.0290 5708	vsmraid - ok
19:14:39.0633 5708	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
19:14:39.0852 5708	VSS - ok
19:14:40.0242 5708	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:14:40.0335 5708	vwifibus - ok
19:14:40.0725 5708	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:14:40.0819 5708	vwififlt - ok
19:14:41.0209 5708	vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
19:14:41.0256 5708	vwifimp - ok
19:14:41.0568 5708	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:14:41.0724 5708	W32Time - ok
19:14:42.0129 5708	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:14:42.0207 5708	WacomPen - ok
19:14:42.0613 5708	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:14:42.0738 5708	WANARP - ok
19:14:42.0738 5708	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
19:14:42.0816 5708	Wanarpv6 - ok
19:14:43.0143 5708	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
19:14:43.0299 5708	wbengine - ok
19:14:43.0611 5708	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:14:43.0689 5708	WbioSrvc - ok
19:14:43.0986 5708	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
19:14:44.0079 5708	wcncsvc - ok
19:14:44.0391 5708	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:14:44.0485 5708	WcsPlugInService - ok
19:14:44.0891 5708	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:14:44.0937 5708	Wd - ok
19:14:45.0359 5708	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:14:45.0437 5708	Wdf01000 - ok
19:14:45.0733 5708	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:14:45.0827 5708	WdiServiceHost - ok
19:14:45.0842 5708	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:14:45.0889 5708	WdiSystemHost - ok
19:14:46.0217 5708	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
19:14:46.0341 5708	WebClient - ok
19:14:46.0669 5708	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:14:46.0763 5708	Wecsvc - ok
19:14:47.0059 5708	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:14:47.0168 5708	wercplsupport - ok
19:14:47.0480 5708	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:14:47.0605 5708	WerSvc - ok
19:14:47.0995 5708	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:14:48.0104 5708	WfpLwf - ok
19:14:48.0494 5708	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:14:48.0541 5708	WIMMount - ok
19:14:48.0681 5708	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:14:48.0806 5708	WinDefend - ok
19:14:48.0822 5708	WinHttpAutoProxySvc - ok
19:14:49.0181 5708	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:14:49.0290 5708	Winmgmt - ok
19:14:49.0617 5708	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
19:14:49.0820 5708	WinRM - ok
19:14:50.0163 5708	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:14:50.0304 5708	Wlansvc - ok
19:14:50.0709 5708	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
19:14:50.0756 5708	WmiAcpi - ok
19:14:51.0146 5708	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:14:51.0224 5708	wmiApSrv - ok
19:14:51.0365 5708	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:14:51.0474 5708	WMPNetworkSvc - ok
19:14:51.0755 5708	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:14:51.0864 5708	WPCSvc - ok
19:14:52.0160 5708	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
19:14:52.0254 5708	WPDBusEnum - ok
19:14:52.0644 5708	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:14:52.0737 5708	ws2ifsl - ok
19:14:53.0049 5708	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:14:53.0127 5708	wscsvc - ok
19:14:53.0393 5708	WSearch - ok
19:14:53.0783 5708	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
19:14:54.0017 5708	wuauserv - ok
19:14:54.0438 5708	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
19:14:54.0531 5708	WudfPf - ok
19:14:54.0968 5708	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:14:55.0077 5708	WUDFRd - ok
19:14:55.0389 5708	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
19:14:55.0499 5708	wudfsvc - ok
19:14:55.0811 5708	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:14:55.0951 5708	WwanSvc - ok
19:14:56.0388 5708	yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
19:14:56.0450 5708	yukonw7 - ok
19:14:56.0575 5708	MBR (0x1B8)     (af16213c8d7c2ffd462507ceed3bfc6b) \Device\Harddisk0\DR0
19:14:56.0762 5708	\Device\Harddisk0\DR0 - ok
19:14:56.0809 5708	Boot (0x1200)   (40f9be7f944102b933f64f2ae778cadb) \Device\Harddisk0\DR0\Partition0
19:14:56.0809 5708	\Device\Harddisk0\DR0\Partition0 - ok
19:14:56.0840 5708	Boot (0x1200)   (9d2343a07d30c785f10ab0225b8bd6d4) \Device\Harddisk0\DR0\Partition1
19:14:56.0840 5708	\Device\Harddisk0\DR0\Partition1 - ok
19:14:56.0871 5708	Boot (0x1200)   (32fd8968b40ffe44064e01afa23ca67d) \Device\Harddisk0\DR0\Partition2
19:14:56.0887 5708	\Device\Harddisk0\DR0\Partition2 - ok
19:14:56.0918 5708	Boot (0x1200)   (ec57184e610e76e5c3ae4506d8a901b2) \Device\Harddisk0\DR0\Partition3
19:14:56.0918 5708	\Device\Harddisk0\DR0\Partition3 - ok
19:14:56.0918 5708	============================================================
19:14:56.0918 5708	Scan finished
19:14:56.0918 5708	============================================================
19:14:56.0965 3720	Detected object count: 2
19:14:56.0965 3720	Actual detected object count: 2
19:18:26.0505 3720	DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:26.0505 3720	DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:18:26.0505 3720	HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:18:26.0505 3720	HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:20:01.0067 1700	Deinitialize success
         

Alt 12.04.2012, 19:52   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.04.2012, 08:39   #29
Giulietta
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



ok - hier das nächste log:

Combofix Logfile:
Code:
ATTFilter
ComboFix 12-04-12.03 - Mini-ZZ 13.04.2012   9:10.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2036.1086 [GMT 2:00]
ausgeführt von:: c:\users\Mini-ZZ\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-03-13 bis 2012-04-13  ))))))))))))))))))))))))))))))
.
.
2012-04-13 07:25 . 2012-04-13 07:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-04-12 17:27 . 2012-03-14 02:15	6582328	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{D29BCA23-4962-4118-BF1C-AAD9A27504D8}\mpengine.dll
2012-04-11 17:40 . 2012-04-11 17:40	--------	d-----w-	C:\_OTL
2012-04-08 19:55 . 2012-04-08 19:55	--------	d-----w-	c:\program files\ESET
2012-04-07 19:31 . 2012-04-07 19:31	--------	d-----w-	c:\users\Mini-ZZ\AppData\Roaming\Malwarebytes
2012-04-07 19:31 . 2012-04-07 19:31	--------	d-----w-	c:\programdata\Malwarebytes
2012-04-07 19:31 . 2012-04-07 19:31	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-04-07 19:31 . 2011-12-10 13:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-19 21:59 . 2012-03-13 04:38	97208	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-03-19 21:37 . 2012-03-13 04:36	44472	----a-w-	c:\program files\Mozilla Firefox\mozglue.dll
2012-03-19 21:37 . 2012-03-13 04:36	592824	----a-w-	c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 10:30 . 2012-03-07 00:02	44376	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-18 09:46 . 2011-11-19 14:50	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-18 09:45 . 2011-11-19 14:50	3913584	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-03-17 08:45 . 2012-02-03 03:54	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-03-17 08:45 . 2012-02-10 05:38	1077248	----a-w-	c:\windows\system32\DWrite.dll
2012-03-17 08:42 . 2012-01-25 05:27	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-03-17 08:42 . 2012-01-25 05:32	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-03-17 08:42 . 2012-01-25 05:32	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-03-17 08:42 . 2012-02-17 05:34	826880	----a-w-	c:\windows\system32\rdpcore.dll
2012-03-17 08:42 . 2012-02-17 04:13	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-03-17 08:42 . 2012-02-17 04:14	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 09:27 . 2011-06-02 17:54	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-03-19 16:23	41184	----a-w-	c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-03-19 16:23	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-03-19 16:23	612184	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-03-19 16:23	337880	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:01 . 2011-03-19 16:23	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-03-19 16:23	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-03-19 16:23	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-03-19 17:13	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-03-13 04:38 . 2012-03-19 21:59	97208	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	123536	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-03-28 22:22	718848	----a-w-	c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-03-28 22:22	718848	----a-w-	c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-03-28 22:22	718848	----a-w-	c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-03-28 22:22	718848	----a-w-	c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-03-28 22:22	718848	----a-w-	c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-09 495708]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-07-28 2038]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-01 338168]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-05-07 230944]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]
2010-06-23 17:47	687104	----a-w-	c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]
2009-07-14 01:14	141824	----a-w-	c:\windows\System32\wscript.exe
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206
FF - ProfilePath - c:\users\Mini-ZZ\AppData\Roaming\Mozilla\Firefox\Profiles\7af0eigr.default\
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1380)
c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll
.
Zeit der Fertigstellung: 2012-04-13  09:31:59
ComboFix-quarantined-files.txt  2012-04-13 07:31
.
Vor Suchlauf: 12 Verzeichnis(se), 190.523.564.032 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 190.446.522.368 Bytes frei
.
- - End Of File - - D378C32131BC01A9B33200AA07557A2D
         
--- --- ---

Alt 13.04.2012, 11:31   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
SMART_HDD und schwarzer Bildschirm - Standard

SMART_HDD und schwarzer Bildschirm



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu SMART_HDD und schwarzer Bildschirm
angebliche, avast, bildschirm, dateisystem, explorer, fehlermeldungen, festplatte, gen, hallo zusammen, heuristiks/extra, heuristiks/shuriken, maus, maustaste, mozilla, papierkorb, platte, rechte, scan, scanner, schwarze, schwarzer, schwarzer bildschirm, situation, smart, windows, windows 7, windows 7 starter, zusammen, öffnen



Ähnliche Themen: SMART_HDD und schwarzer Bildschirm


  1. schwarzer Bildschirm was tun ?
    Plagegeister aller Art und deren Bekämpfung - 30.09.2014 (5)
  2. Schwarzer Bildschirm
    Alles rund um Windows - 18.08.2014 (3)
  3. Schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 15.08.2014 (11)
  4. Schwarzer bildschirm beim start von windows kurz und links oben ein schwarzer kasten der ladet-keine rechte die anwendungen zu benutzen
    Plagegeister aller Art und deren Bekämpfung - 29.07.2014 (5)
  5. Schwarzer Bildschirm und Curser
    Plagegeister aller Art und deren Bekämpfung - 06.05.2014 (1)
  6. weißer bildschirm, schwarzer bildschirm, maus laggs nach systemstart, mausbewegungen in boxen.
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (3)
  7. Schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 22.04.2012 (14)
  8. weißer Bildschirm bitten warten Sie jetzt schwarzer Bildschirm
    Log-Analyse und Auswertung - 13.04.2012 (1)
  9. Smart_HDD - Bildschirm schwarz, Desktop leer
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (1)
  10. Trojaner ? schwarzer Bildschirm, 50€
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (5)
  11. schwarzer bildschirm
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (2)
  12. schwarzer Bildschirm/explorerseiten
    Log-Analyse und Auswertung - 08.12.2011 (39)
  13. Schwarzer bildschirm
    Plagegeister aller Art und deren Bekämpfung - 07.02.2010 (18)
  14. PC ,schwarzer bildschirm!?
    Alles rund um Windows - 25.11.2009 (16)
  15. Schwarzer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 16.01.2006 (2)
  16. Schwarzer Bildschirm
    Alles rund um Windows - 10.11.2005 (2)
  17. schwarzer Bildschirm,,
    Plagegeister aller Art und deren Bekämpfung - 10.05.2005 (2)

Zum Thema SMART_HDD und schwarzer Bildschirm - Zitat: | Scan Mode: Current user Du hast den Haken nicht gesetzt bei "Scanne alle Benutzer" - SMART_HDD und schwarzer Bildschirm...
Archiv
Du betrachtest: SMART_HDD und schwarzer Bildschirm auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.