Trojaner-Board - SMART_HDD und schwarzer Bildschirm

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - SMART_HDD und schwarzer Bildschirm (https://www.trojaner-board.de/113282-smart_hdd-schwarzer-bildschirm.html)

SMART_HDD und schwarzer Bildschirm

Hallo zusammen,

habe auf dem Netbook nach vielen Pop-up Fehlermeldungen auch den schwarzen Bildschirm, auf dem nur der Papierkorb zu sehen ist und die SMART HDD Meldung, die angebliche Fehler auf der Festplatte zeigt.

Virenscanner avast hat nun nachträglich eine Bedrohungs-Meldung ausgegeben - Situation aber unverändert.

Betriebssystem ist Windows 7 Starter, 32-bit System.

Windows Explorer lässt sich über rechte Maustaste auf Start öffnen und auch Mozilla kann ich von hier starten.

Was ist zu tun? Danke!

Habe nun Malwarebytes Suchlauf durchgefürhrt hier das Ergebnis:

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.07.08

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Mini-ZZ :: HP-MINI-ZZ [Administrator]

07.04.2012 21:32:31
mbam-log-2012-04-08 (09-01-33).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 282963
Laufzeit: 2 Stunde(n), 37 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\ProgramData\g7wwMXfWUQJwPv.exe (Trojan.Agent.WQ) -> 4984 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|WoTuDITMYEaeiyp.exe (Trojan.Agent) -> Daten: C:\ProgramData\WoTuDITMYEaeiyp.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\g7wwMXfWUQJwPv.exe (Trojan.Agent.WQ) -> Keine Aktion durchgeführt.
C:\ProgramData\WoTuDITMYEaeiyp.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Users\Mini-ZZ\AppData\Local\Temp\Ed0imYRlk9MvPE.exe.tmp (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Danke fürs Kümmern - nein habe Malwarebytes erst wg. des aktuellen Problems runtergeladen und Vollscan durchgeführt. Aktuell noch mal einen Schnell-Scan gemacht, der keine negativen Ergebnisse mehr liefert. Windows Defender ermittelt auch keine unerwünschte Software.
Desktop leider weiter schwarz bzw. alles, was versteckt wurde, weiterhin nicht sichtbar.
Gibt es weitere Schritte, die ich unternehmen kann? Danke!

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

o.k. hier ist der log.txt:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5a41b85c8a7d404db00513875748f95f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-08 08:02:53
# local_time=2012-04-08 10:02:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 40866 85546300 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=3774
# found=0
# cleaned=0
# scan_time=285

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

zu 1): denke nein - Desktop weiter schwarz und ich kann z.B. die Systemsteuerung nicht finden
zu 2) Startmenue ist erst mal leer - unter alle Programme sieht es erst mal gut aus, scheint auf Ordnerebene komplett, aber es gibt leere Ordner: alle ausser Malewarbyte und HDD Smart sind leer

Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

das sieht jetzt gut aus - bis auf Hintergrundbild vom Desktop alles wieder da. Danke! Fertig so oder solltest Du log von unhide.exe noch sehen?

Ja poste mal das Log

hier kommt es:

Unhide by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
hxxp://www.bleepingcomputer.com/forums/topic405109.html

Program started at: 04/08/2012 10:50:00 PM
Windows Version: Windows 7

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 141603 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 100 files processed.

Processing the Q:\ drive
Finished processing the Q:\ drive. 0 files processed.

Restoring the Start Menu.
* 205 Shortcuts and Desktop items were restored.

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/08/2012 10:55:53 PM
Execution time: 0 hours(s), 5 minute(s), and 53 seconds(s)

Ist nun wieder alles da im Startmenü?

ja, alles wieder da bis auf Hintergrundbild (war Standard von Hewlett Packard)

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

endlich erledigt:

Code:

OTL logfile created on: 09.04.2012 00:06:39 - Run 1

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,83% Memory free

3,98 Gb Paging File | 3,07 Gb Available in Paging File | 77,27% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,64 Gb Total Space | 176,72 Gb Free Space | 81,95% Space Free | Partition Type: NTFS

Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS

 

Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.09 00:02:11 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL.exe

PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe

PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe

PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2010.03.29 00:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Programme\Hewlett-Packard\HP CloudDrive\zumodrive.exe

PRC - [2009.10.13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.08 22:13:48 | 000,379,904 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\libsqlitejdbc-6540651479043137018.lib

MOD - [2012.04.07 18:04:31 | 000,198,144 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\WindowsAPI.dll

MOD - [2012.02.26 12:23:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll

MOD - [2012.02.19 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MOD - [2012.02.19 11:20:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MOD - [2012.02.19 11:19:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.19 11:17:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll

MOD - [2012.02.19 11:10:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.19 11:09:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.19 11:09:24 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll

MOD - [2012.02.19 11:08:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.19 11:07:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.19 11:06:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.19 11:06:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011.10.20 22:11:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.07.29 01:49:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll

MOD - [2010.07.29 01:48:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.07.28 19:23:08 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll

MOD - [2010.06.18 16:26:18 | 000,267,832 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

MOD - [2010.06.18 16:26:18 | 000,052,280 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll

MOD - [2010.06.18 16:26:18 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.06.09 11:06:18 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010.05.07 19:18:10 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2009.11.11 14:09:22 | 000,018,136 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}

IE - HKLM\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKCU\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}

IE - HKCU\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKCU\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKCU\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.18 12:30:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:59:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 11:09:20 | 000,000,000 | ---D | M]

 

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Extensions

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Firefox\Profiles\7af0eigr.default\extensions

[2012.03.19 23:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C9F81D2-3215-4C6B-B179-6948B450327A}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer"

ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - C:\Windows\system32\wscript.exe "C:\Program Files\Hewlett-Packard\HP Media Suite\Home\PinItem.vbs"

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.08 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.07 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes

[2012.04.07 21:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.07 21:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.07 21:31:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.07 21:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.07 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.03.18 12:30:54 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.08 22:21:14 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.08 22:21:14 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.08 22:18:01 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.08 22:18:01 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.08 22:18:01 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.08 22:18:01 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.08 22:12:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.08 22:12:21 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.08 10:34:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 21:31:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat

[2012.03.19 23:59:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.03.18 12:25:16 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.08 22:55:46 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.04.08 22:55:46 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\HP CloudDrive.lnk

[2012.04.08 22:55:46 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2012.04.08 22:55:46 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk

[2012.04.08 22:55:46 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\HP Games spielen.lnk

[2012.04.08 22:55:46 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012.04.08 22:55:46 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk

[2012.04.08 22:55:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\HP QuickSync.lnk

[2012.04.08 22:55:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.04.08 22:55:46 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.04.08 22:55:46 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012.04.08 22:55:46 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2012.04.08 22:55:46 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2012.04.08 22:55:46 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2012.04.08 22:55:46 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2012.04.08 22:55:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2012.04.08 22:55:46 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.08 22:55:46 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.08 22:55:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk

[2012.04.08 22:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.04.08 22:55:43 | 000,002,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

[2012.04.08 22:55:42 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk

[2012.04.07 21:31:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.07 18:45:20 | 000,000,160 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.07 18:45:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | C] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.04.07 18:45:15 | 000,000,256 | ---- | C] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.03.28 22:15:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011.03.19 22:42:39 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.03.19 09:28:49 | 000,000,130 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_Photo.xml

[2011.03.19 09:28:49 | 000,000,121 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_music.xml

[2010.11.08 11:32:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010.11.08 11:30:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010.11.08 11:24:11 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini

[2010.11.08 11:24:11 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

[2010.07.29 01:51:32 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010.07.29 01:51:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010.07.29 01:51:32 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010.07.29 01:51:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.07.28 19:37:48 | 000,000,202 | ---- | C] () -- C:\Windows\System32\HPWA.ini

[2010.07.28 17:28:20 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini

 
 ========== LOP Check ==========

 

[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client

[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP

[2012.04.08 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive

[2011.09.26 19:32:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.03.25 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Adobe

[2011.03.19 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Hewlett-Packard

[2011.03.19 09:28:41 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\hpqLog

[2011.03.19 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Identities

[2011.03.19 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Macromedia

[2012.04.07 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes

[2011.09.05 11:32:49 | 000,000,000 | --SD | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Mozilla

[2012.03.11 15:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Skype

[2012.03.10 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\skypePM

[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client

[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP

[2012.02.02 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\U3

[2012.04.08 22:13:22 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive

 
 < %APPDATA%\*.exe /s >

[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Roaming\U3\temp\cleanup.exe

[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Mini-ZZ\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys

[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.07.29 02:22:39 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

[2010.07.29 02:22:39 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010.07.29 02:22:39 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[2010.07.29 02:22:39 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.07.29 02:09:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010.07.29 02:09:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

Zitat:

| Scan Mode: Current user

Du hast den Haken nicht gesetzt bei "Scanne alle Benutzer" :(

o nein - Asche auf mein Haupt, hier noch mal:

Code:

OTL logfile created on: 09.04.2012 23:08:33 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,43% Memory free

3,98 Gb Paging File | 3,10 Gb Available in Paging File | 77,84% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,64 Gb Total Space | 177,16 Gb Free Space | 82,15% Space Free | Partition Type: NTFS

Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS

 

Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.09 23:06:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL(1).exe

PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe

PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe

Nun ist das Log unvollständig :D

o Mann - frage mich echt, wie ich das wieder hingekriegt habe .... zu blöde. Sorry, sorry.
Also noch einmal:

OTL Logfile:

Code:

OTL logfile created on: 10.04.2012 15:27:00 - Run 3

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 61,52% Memory free

3,98 Gb Paging File | 3,06 Gb Available in Paging File | 76,95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,64 Gb Total Space | 177,90 Gb Free Space | 82,50% Space Free | Partition Type: NTFS

Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS

 

Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.09 23:06:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL(1).exe

PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE

PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe

PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe

PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2010.03.29 00:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Programme\Hewlett-Packard\HP CloudDrive\zumodrive.exe

PRC - [2009.10.13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.10 15:23:25 | 000,379,904 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\libsqlitejdbc-815306645106366511.lib

MOD - [2012.04.10 15:23:03 | 000,198,144 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\WindowsAPI.dll

MOD - [2012.02.26 12:23:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll

MOD - [2012.02.19 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MOD - [2012.02.19 11:20:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MOD - [2012.02.19 11:19:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.19 11:17:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll

MOD - [2012.02.19 11:10:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.19 11:09:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.19 11:09:24 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll

MOD - [2012.02.19 11:08:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.19 11:07:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.19 11:06:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.19 11:06:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011.10.20 22:11:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.07.29 01:49:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll

MOD - [2010.07.29 01:48:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.07.28 19:23:08 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll

MOD - [2010.06.18 16:26:18 | 000,267,832 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

MOD - [2010.06.18 16:26:18 | 000,052,280 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll

MOD - [2010.06.18 16:26:18 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.06.09 11:06:18 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010.05.07 19:18:10 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2009.11.11 14:09:22 | 000,018,136 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}

IE - HKLM\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.18 12:30:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:59:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 11:09:20 | 000,000,000 | ---D | M]

 

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Extensions

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Firefox\Profiles\7af0eigr.default\extensions

[2012.03.19 23:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C9F81D2-3215-4C6B-B179-6948B450327A}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.08 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.07 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes

[2012.04.07 21:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.07 21:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.07 21:31:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.07 21:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.07 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.03.18 12:30:54 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.10 15:22:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.10 15:22:35 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.09 11:02:22 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.09 11:02:22 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.09 11:02:22 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.09 11:02:22 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.08 10:34:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 21:31:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat

[2012.03.19 23:59:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.03.18 12:25:16 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.08 22:55:46 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.04.08 22:55:46 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\HP CloudDrive.lnk

[2012.04.08 22:55:46 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2012.04.08 22:55:46 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk

[2012.04.08 22:55:46 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\HP Games spielen.lnk

[2012.04.08 22:55:46 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012.04.08 22:55:46 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk

[2012.04.08 22:55:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\HP QuickSync.lnk

[2012.04.08 22:55:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.04.08 22:55:46 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.04.08 22:55:46 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012.04.08 22:55:46 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2012.04.08 22:55:46 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2012.04.08 22:55:46 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2012.04.08 22:55:46 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2012.04.08 22:55:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2012.04.08 22:55:46 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.08 22:55:46 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.08 22:55:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk

[2012.04.08 22:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.04.08 22:55:43 | 000,002,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

[2012.04.08 22:55:42 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk

[2012.04.07 21:31:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.07 18:45:20 | 000,000,160 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.07 18:45:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | C] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.04.07 18:45:15 | 000,000,256 | ---- | C] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.03.28 22:15:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011.03.19 22:42:39 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.03.19 09:28:49 | 000,000,130 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_Photo.xml

[2011.03.19 09:28:49 | 000,000,121 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_music.xml

[2010.11.08 11:32:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010.11.08 11:30:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010.11.08 11:24:11 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini

[2010.11.08 11:24:11 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

[2010.07.29 01:51:32 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010.07.29 01:51:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010.07.29 01:51:32 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010.07.29 01:51:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.07.28 19:37:48 | 000,000,202 | ---- | C] () -- C:\Windows\System32\HPWA.ini

[2010.07.28 17:28:20 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini

 
 ========== LOP Check ==========

 

[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client

[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP

[2012.04.10 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive

[2011.09.26 19:32:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

An welchen Stellen muss ich dieses SMART_HDD eigentlich überall löschen - taucht im Moment noch auf dem Desktop und unter alle Programme auf.

Diesmal ist es kein CustomScan :D

nochmal laaangsam

- Log vollständig posten in CODE-Tags
- Haken bei ScanneAlleBenutzer
- CustomScan!

danke, dass Du noch nicht die Geduld mit mir verloren hast - langsam verliere ich ja schon die Geduld mit mir selbst! Ich versuche es also noch mal:

OTL Logfile:

Code:

OTL logfile created on: 10.04.2012 19:59:55 - Run 3

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Mini-ZZ\Downloads

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,25 Gb Available Physical Memory | 62,80% Memory free

3,98 Gb Paging File | 3,04 Gb Available in Paging File | 76,49% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 215,64 Gb Total Space | 177,96 Gb Free Space | 82,53% Space Free | Partition Type: NTFS

Drive D: | 16,95 Gb Total Space | 2,45 Gb Free Space | 14,46% Space Free | Partition Type: NTFS

 

Computer Name: HP-MINI-ZZ | User Name: Mini-ZZ | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.04.09 23:06:16 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Mini-ZZ\Downloads\OTL(1).exe

PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe

PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe

PRC - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE

PRC - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2010.07.02 11:48:24 | 000,602,680 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

PRC - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2010.06.25 13:53:28 | 000,309,816 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Programme\Hewlett-Packard\Shared\hpCaslNotification.exe

PRC - [2010.06.18 16:26:18 | 000,363,064 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe

PRC - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

PRC - [2010.06.09 11:06:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe

PRC - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe

PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe

PRC - [2010.05.08 13:48:26 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2010.03.29 00:22:20 | 000,154,304 | ---- | M] (Zecter Inc.) -- C:\Programme\Hewlett-Packard\HP CloudDrive\zumodrive.exe

PRC - [2009.10.13 12:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.04.10 15:23:25 | 000,379,904 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\libsqlitejdbc-815306645106366511.lib

MOD - [2012.04.10 15:23:03 | 000,198,144 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Local\Temp\WindowsAPI.dll

MOD - [2012.02.26 12:23:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll

MOD - [2012.02.19 11:21:54 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll

MOD - [2012.02.19 11:20:17 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll

MOD - [2012.02.19 11:19:19 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll

MOD - [2012.02.19 11:17:08 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll

MOD - [2012.02.19 11:10:06 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll

MOD - [2012.02.19 11:09:37 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll

MOD - [2012.02.19 11:09:24 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll

MOD - [2012.02.19 11:08:23 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll

MOD - [2012.02.19 11:07:15 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll

MOD - [2012.02.19 11:06:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll

MOD - [2012.02.19 11:06:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll

MOD - [2011.10.20 22:11:54 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll

MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2010.07.29 01:49:18 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Core.resources\3.5.0.0_de_b77a5c561934e089\System.Core.resources.dll

MOD - [2010.07.29 01:48:35 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.07.28 19:23:08 | 000,237,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll

MOD - [2010.06.18 16:26:18 | 000,267,832 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll

MOD - [2010.06.18 16:26:18 | 000,052,280 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll

MOD - [2010.06.18 16:26:18 | 000,030,264 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012.01.04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)

SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)

SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)

SRV - [2011.10.01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011.10.01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

SRV - [2010.07.02 11:51:16 | 000,027,192 | ---- | M] () [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2010.07.01 20:09:10 | 000,338,168 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe -- (DvmMDES)

SRV - [2010.06.25 13:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2010.06.18 16:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)

SRV - [2010.06.09 11:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)

SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)

SRV - [2010.04.04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Programme\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)

SRV - [2009.10.13 12:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009.03.03 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012.03.07 02:02:14 | 000,044,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)

DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.10.01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)

DRV - [2011.10.01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)

DRV - [2011.10.01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)

DRV - [2011.10.01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.06.09 11:06:18 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2010.05.07 19:18:10 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010.04.07 17:05:00 | 000,204,800 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2010.03.25 10:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2009.11.11 14:09:22 | 000,018,136 | ---- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)

DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKLM\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}

IE - HKLM\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKLM\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKLM\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes,DefaultScope = {FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{C98E6371-953C-4ECC-AE37-766E85BC0C27}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{EFDC04E1-7F61-401E-9716-0321E0862E63}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\SearchScopes\{FEDFEDCF-D5FC-44E0-92AB-3DF25938A90A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.18 12:30:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 23:59:52 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.19 11:09:20 | 000,000,000 | ---D | M]

 

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Extensions

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mini-ZZ\AppData\Roaming\mozilla\Firefox\Profiles\7af0eigr.default\extensions

[2012.03.19 23:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.10.03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Quick Launch] C:\Programme\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()

O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [ZumoDrive] C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C9F81D2-3215-4C6B-B179-6948B450327A}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer"

ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} - C:\Windows\system32\wscript.exe "C:\Program Files\Hewlett-Packard\HP Media Suite\Home\PinItem.vbs"

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.08 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.07 21:31:25 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes

[2012.04.07 21:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.07 21:31:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.07 21:31:11 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.07 21:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.07 18:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.03.18 12:30:54 | 000,044,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.10 19:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.10 15:30:54 | 000,014,128 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.10 15:22:35 | 1601,093,632 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.09 11:02:22 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.09 11:02:22 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.09 11:02:22 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.09 11:02:22 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.08 10:34:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 21:31:17 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat

[2012.03.19 23:59:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.03.18 12:25:16 | 000,267,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.04.08 22:55:46 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.04.08 22:55:46 | 000,002,158 | ---- | C] () -- C:\Users\Public\Desktop\HP CloudDrive.lnk

[2012.04.08 22:55:46 | 000,002,156 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk

[2012.04.08 22:55:46 | 000,002,154 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Snapfish.lnk

[2012.04.08 22:55:46 | 000,002,150 | ---- | C] () -- C:\Users\Public\Desktop\HP Games spielen.lnk

[2012.04.08 22:55:46 | 000,002,137 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2012.04.08 22:55:46 | 000,002,118 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk

[2012.04.08 22:55:46 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\HP QuickSync.lnk

[2012.04.08 22:55:46 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012.04.08 22:55:46 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012.04.08 22:55:46 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

[2012.04.08 22:55:46 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk

[2012.04.08 22:55:46 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk

[2012.04.08 22:55:46 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

[2012.04.08 22:55:46 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk

[2012.04.08 22:55:46 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk

[2012.04.08 22:55:46 | 000,001,023 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2012.04.08 22:55:46 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.08 22:55:45 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk

[2012.04.08 22:55:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk

[2012.04.08 22:55:43 | 000,002,162 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

[2012.04.08 22:55:42 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk

[2012.04.07 21:31:17 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.07 18:45:20 | 000,000,160 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.07 18:45:20 | 000,000,000 | ---- | C] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | C] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.04.07 18:45:15 | 000,000,256 | ---- | C] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.03.28 22:15:04 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat

[2011.03.19 22:42:39 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.03.19 09:28:49 | 000,000,130 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_Photo.xml

[2011.03.19 09:28:49 | 000,000,121 | ---- | C] () -- C:\Users\Mini-ZZ\AppData\Local\mv_music.xml

[2010.11.08 11:32:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

[2010.11.08 11:30:16 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

[2010.11.08 11:24:11 | 000,000,292 | ---- | C] () -- C:\Windows\System32\RStoneLog2.ini

[2010.11.08 11:24:11 | 000,000,233 | ---- | C] () -- C:\Windows\System32\RStoneLog.ini

[2010.07.29 01:51:32 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2010.07.29 01:51:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2010.07.29 01:51:32 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2010.07.29 01:51:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2010.07.28 19:37:48 | 000,000,202 | ---- | C] () -- C:\Windows\System32\HPWA.ini

[2010.07.28 17:28:20 | 000,000,180 | ---- | C] () -- C:\Windows\System32\HP Documentation.ini

 
 ========== LOP Check ==========

 

[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client

[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP

[2012.04.10 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive

[2011.09.26 19:32:40 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.03.25 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Adobe

[2011.03.19 09:23:54 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Hewlett-Packard

[2011.03.19 09:28:41 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\hpqLog

[2011.03.19 09:28:12 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Identities

[2011.03.19 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Macromedia

[2012.04.07 21:31:25 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Malwarebytes

[2011.09.05 11:32:49 | 000,000,000 | --SD | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Microsoft

[2011.03.19 19:03:43 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Mozilla

[2012.03.11 15:30:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\Skype

[2012.03.10 20:14:11 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\skypePM

[2012.03.28 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\SoftGrid Client

[2011.03.19 19:21:23 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\TP

[2012.02.02 22:36:47 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\U3

[2012.04.10 15:23:17 | 000,000,000 | ---D | M] -- C:\Users\Mini-ZZ\AppData\Roaming\ZumoDrive

 
 < %APPDATA%\*.exe /s >

[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Mini-ZZ\AppData\Roaming\U3\temp\cleanup.exe

[2008.05.02 11:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Mini-ZZ\AppData\Roaming\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16552_none_dd2bf0ef82c7be83\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16593_none_dd01b18982e7479e\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20669_none_ddb1bfd49be72b9f\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.20713_none_dde1cf9a9bc40507\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys

[2009.10.13 12:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_3f3653f13a033ed4\iaStor.sys

[2009.10.13 12:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.07.29 02:22:39 | 000,332,168 | ---- | M] (Intel Corporation) MD5=2D2918606673C46769FB516A5ACE958E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_aed9db9de9265a3a\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

[2010.07.29 02:22:39 | 000,332,160 | ---- | M] (Intel Corporation) MD5=FE8186428F0AB44F0E500C7AA33E9B51 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_afb9f9af020317a3\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2010.07.29 02:22:39 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=1D8B6A440DFF2BDEAA4EB209FCBA21BF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_39a34c4d205d0412\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[2010.07.29 02:22:39 | 000,143,752 | ---- | M] (NVIDIA Corporation) MD5=F3596C8A63D3871890B0D3A0DFFEF0D0 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_3a836a5e3939c17b\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.07.29 02:09:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2010.07.29 02:09:30 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKU\S-1-5-21-3045748316-1306930101-2035370094-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell - "" = AutoRun

O33 - MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\Shell\AutoRun\command - "" = F:\AutoRun.exe

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe

[2012.04.08 08:58:48 | 000,000,160 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPvr

[2012.04.08 08:58:48 | 000,000,000 | ---- | M] () -- C:\ProgramData\-g7wwMXfWUQJwPv

[2012.04.07 20:13:52 | 000,000,256 | ---- | M] () -- C:\ProgramData\g7wwMXfWUQJwPv

[2012.04.07 18:45:19 | 000,000,647 | ---- | M] () -- C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk

[2012.03.28 22:15:04 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

ähm - habe da noch ne Frage: wie lange sollte dieser OTL Fix denn so dauern? Ich habe es versucht und 4 Stunden lang keinerlei Reaktion mehr am Rechner gehabt. Es wurde in OTL immer die Staus Meldung "Killing processes - Do not interrupt...." angezeigt. Keinerlei Funktion bei Tastatur oder Touchpad - auch ging der Rechner nicht mehr in den Energiesparmodus, Bildschirm permannent an... Ist das so normal?

Wiederhol den Fix im abgesicherten Modus bitte

Habe ich so gemacht - ging jetzt. Ergebnis

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.

C:\Programme\Microsoft\BingBar\BingExt.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.

File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.

Registry value HKEY_USERS\S-1-5-21-3045748316-1306930101-2035370094-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c45-c385-11e0-9cd7-68b599d8f993}\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fb9b1c55-c385-11e0-9cd7-68b599d8f993}\ not found.

File F:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.

File E:\AutoRun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\AutoRun.exe not found.

C:\ProgramData\-g7wwMXfWUQJwPvr moved successfully.

C:\ProgramData\-g7wwMXfWUQJwPv moved successfully.

C:\ProgramData\g7wwMXfWUQJwPv moved successfully.

C:\Users\Mini-ZZ\Desktop\SMART_HDD.lnk moved successfully.

C:\Windows\System32\shortcut_ex.dat moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Mini-ZZ

->Temp folder emptied: 263746661 bytes

->Temporary Internet Files folder emptied: 53593443 bytes

->Java cache emptied: 26516239 bytes

->FireFox cache emptied: 49396472 bytes

->Flash cache emptied: 479 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 116349957 bytes

RecycleBin emptied: 12770889 bytes

 

Total Files Cleaned = 498,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Mini-ZZ

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.39.2 log created on 04122012_133935
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

So hier ist das log:

Code:

19:10:25.0899 5932        TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05

19:10:26.0289 5932        ============================================================

19:10:26.0289 5932        Current date / time: 2012/04/12 19:10:26.0289

19:10:26.0289 5932        SystemInfo:

19:10:26.0289 5932        

19:10:26.0289 5932        OS Version: 6.1.7601 ServicePack: 1.0

19:10:26.0289 5932        Product type: Workstation

19:10:26.0289 5932        ComputerName: HP-MINI-ZZ

19:10:26.0289 5932        UserName: Mini-ZZ

19:10:26.0289 5932        Windows directory: C:\Windows

19:10:26.0289 5932        System windows directory: C:\Windows

19:10:26.0289 5932        Processor architecture: Intel x86

19:10:26.0289 5932        Number of processors: 2

19:10:26.0289 5932        Page size: 0x1000

19:10:26.0289 5932        Boot type: Normal boot

19:10:26.0289 5932        ============================================================

19:10:27.0209 5932        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

19:10:27.0209 5932        \Device\Harddisk0\DR0:

19:10:27.0209 5932        MBR used

19:10:27.0209 5932        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:10:27.0209 5932        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1AF48800

19:10:27.0209 5932        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1AFAC800, BlocksNum 0x21E5000

19:10:27.0209 5932        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970

19:10:27.0287 5932        Initialize success

19:10:27.0287 5932        ============================================================

19:11:47.0690 5708        ============================================================

19:11:47.0690 5708        Scan started

19:11:47.0690 5708        Mode: Manual; SigCheck; TDLFS; 

19:11:47.0690 5708        ============================================================

19:11:48.0361 5708        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

19:11:48.0595 5708        1394ohci - ok

19:11:49.0000 5708        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

19:11:49.0078 5708        ACPI - ok

19:11:49.0484 5708        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

19:11:49.0562 5708        AcpiPmi - ok

19:11:49.0983 5708        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

19:11:50.0077 5708        adp94xx - ok

19:11:50.0482 5708        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

19:11:50.0545 5708        adpahci - ok

19:11:50.0935 5708        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

19:11:50.0997 5708        adpu320 - ok

19:11:51.0294 5708        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

19:11:51.0372 5708        AeLookupSvc - ok

19:11:51.0512 5708        AESTFilters     (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe

19:11:51.0637 5708        AESTFilters - ok

19:11:52.0042 5708        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

19:11:52.0136 5708        AFD - ok

19:11:52.0510 5708        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

19:11:52.0557 5708        agp440 - ok

19:11:52.0978 5708        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

19:11:53.0041 5708        aic78xx - ok

19:11:53.0337 5708        ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

19:11:53.0415 5708        ALG - ok

19:11:53.0790 5708        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

19:11:53.0836 5708        aliide - ok

19:11:54.0226 5708        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

19:11:54.0273 5708        amdagp - ok

19:11:54.0679 5708        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

19:11:54.0726 5708        amdide - ok

19:11:55.0131 5708        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

19:11:55.0194 5708        AmdK8 - ok

19:11:55.0599 5708        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

19:11:55.0693 5708        AmdPPM - ok

19:11:56.0098 5708        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

19:11:56.0145 5708        amdsata - ok

19:11:56.0551 5708        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

19:11:56.0598 5708        amdsbs - ok

19:11:57.0003 5708        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

19:11:57.0050 5708        amdxata - ok

19:11:57.0440 5708        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

19:11:57.0565 5708        AppID - ok

19:11:57.0861 5708        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

19:11:57.0970 5708        AppIDSvc - ok

19:11:58.0282 5708        Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

19:11:58.0407 5708        Appinfo - ok

19:11:58.0813 5708        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

19:11:58.0844 5708        arc - ok

19:11:59.0296 5708        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

19:11:59.0343 5708        arcsas - ok

19:11:59.0796 5708        aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys

19:11:59.0889 5708        aswFsBlk - ok

19:12:00.0342 5708        aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys

19:12:00.0388 5708        aswMonFlt - ok

19:12:00.0825 5708        aswRdr          (225013c16fe096714d71649ad7a20e8b) C:\Windows\System32\Drivers\aswrdr2.sys

19:12:00.0872 5708        aswRdr - ok

19:12:01.0340 5708        aswSnx          (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys

19:12:01.0387 5708        aswSnx - ok

19:12:01.0839 5708        aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys

19:12:01.0886 5708        aswSP - ok

19:12:02.0323 5708        aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys

19:12:02.0354 5708        aswTdi - ok

19:12:02.0760 5708        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

19:12:02.0869 5708        AsyncMac - ok

19:12:03.0243 5708        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

19:12:03.0290 5708        atapi - ok

19:12:03.0618 5708        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

19:12:03.0758 5708        AudioEndpointBuilder - ok

19:12:03.0774 5708        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

19:12:03.0852 5708        Audiosrv - ok

19:12:03.0961 5708        avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

19:12:04.0008 5708        avast! Antivirus - ok

19:12:04.0304 5708        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

19:12:04.0398 5708        AxInstSV - ok

19:12:04.0803 5708        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

19:12:04.0881 5708        b06bdrv - ok

19:12:05.0302 5708        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

19:12:05.0396 5708        b57nd60x - ok

19:12:05.0630 5708        BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

19:12:05.0692 5708        BBSvc - ok

19:12:05.0739 5708        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

19:12:05.0802 5708        BBUpdate - ok

19:12:06.0285 5708        BCM43XX         (36a47e6ab1f0967c97722183e21adb1a) C:\Windows\system32\DRIVERS\bcmwl6.sys

19:12:06.0426 5708        BCM43XX - ok

19:12:06.0753 5708        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

19:12:06.0847 5708        BDESVC - ok

19:12:07.0252 5708        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

19:12:07.0377 5708        Beep - ok

19:12:07.0705 5708        BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll

19:12:07.0830 5708        BFE - ok

19:12:08.0173 5708        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

19:12:08.0344 5708        BITS - ok

19:12:08.0750 5708        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

19:12:08.0812 5708        blbdrive - ok

19:12:09.0218 5708        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

19:12:09.0296 5708        bowser - ok

19:12:09.0655 5708        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:12:09.0733 5708        BrFiltLo - ok

19:12:10.0123 5708        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:12:10.0248 5708        BrFiltUp - ok

19:12:10.0544 5708        Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

19:12:10.0669 5708        Browser - ok

19:12:11.0059 5708        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

19:12:11.0152 5708        Brserid - ok

19:12:11.0558 5708        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

19:12:11.0636 5708        BrSerWdm - ok

19:12:12.0026 5708        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

19:12:12.0104 5708        BrUsbMdm - ok

19:12:12.0494 5708        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

19:12:12.0572 5708        BrUsbSer - ok

19:12:12.0946 5708        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

19:12:13.0040 5708        BTHMODEM - ok

19:12:13.0336 5708        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

19:12:13.0461 5708        bthserv - ok

19:12:13.0836 5708        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

19:12:13.0929 5708        cdfs - ok

19:12:14.0350 5708        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

19:12:14.0413 5708        cdrom - ok

19:12:14.0709 5708        CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

19:12:14.0834 5708        CertPropSvc - ok

19:12:15.0224 5708        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

19:12:15.0302 5708        circlass - ok

19:12:15.0614 5708        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

19:12:15.0676 5708        CLFS - ok

19:12:15.0879 5708        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:12:15.0926 5708        clr_optimization_v2.0.50727_32 - ok

19:12:16.0269 5708        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:12:16.0316 5708        clr_optimization_v4.0.30319_32 - ok

19:12:16.0706 5708        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

19:12:16.0768 5708        CmBatt - ok

19:12:17.0143 5708        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

19:12:17.0190 5708        cmdide - ok

19:12:17.0595 5708        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys

19:12:17.0673 5708        CNG - ok

19:12:18.0048 5708        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

19:12:18.0110 5708        Compbatt - ok

19:12:18.0516 5708        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

19:12:18.0594 5708        CompositeBus - ok

19:12:18.0874 5708        COMSysApp - ok

19:12:19.0264 5708        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

19:12:19.0311 5708        crcdisk - ok

19:12:19.0639 5708        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll

19:12:19.0764 5708        CryptSvc - ok

19:12:19.0951 5708        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

19:12:20.0029 5708        cvhsvc - ok

19:12:20.0356 5708        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

19:12:20.0497 5708        DcomLaunch - ok

19:12:20.0653 5708        DCService.exe   (cc8b5c964b777f4ec3e89f13b4b5ff0f) C:\ProgramData\DatacardService\DCService.exe

19:12:20.0700 5708        DCService.exe ( UnsignedFile.Multi.Generic ) - warning

19:12:20.0700 5708        DCService.exe - detected UnsignedFile.Multi.Generic (1)

19:12:20.0996 5708        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

19:12:21.0090 5708        defragsvc - ok

19:12:21.0480 5708        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

19:12:21.0604 5708        DfsC - ok

19:12:21.0916 5708        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

19:12:22.0057 5708        Dhcp - ok

19:12:22.0447 5708        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

19:12:22.0540 5708        discache - ok

19:12:22.0946 5708        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

19:12:22.0993 5708        Disk - ok

19:12:23.0289 5708        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

19:12:23.0383 5708        Dnscache - ok

19:12:23.0695 5708        dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

19:12:23.0820 5708        dot3svc - ok

19:12:24.0132 5708        DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

19:12:24.0256 5708        DPS - ok

19:12:24.0662 5708        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

19:12:24.0756 5708        drmkaud - ok

19:12:25.0177 5708        DVMIO           (ff7a7a1e0f9a0ab892a454ffb9d14bbe) C:\Windows\system32\DRIVERS\dvmio.sys

19:12:25.0224 5708        DVMIO - ok

19:12:25.0364 5708        DvmMDES         (489c4ec8baa2a458615f3248ff2ace7e) C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

19:12:25.0426 5708        DvmMDES - ok

19:12:25.0832 5708        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

19:12:25.0910 5708        DXGKrnl - ok

19:12:26.0206 5708        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

19:12:26.0331 5708        EapHost - ok

19:12:26.0815 5708        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

19:12:26.0986 5708        ebdrv - ok

19:12:27.0283 5708        EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

19:12:27.0376 5708        EFS - ok

19:12:27.0782 5708        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

19:12:27.0860 5708        elxstor - ok

19:12:28.0250 5708        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

19:12:28.0328 5708        ErrDev - ok

19:12:28.0640 5708        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

19:12:28.0780 5708        EventSystem - ok

19:12:29.0217 5708        ewusbnet        (5b250a1be34d4fde35287eec297104a7) C:\Windows\system32\DRIVERS\ewusbnet.sys

19:12:29.0326 5708        ewusbnet - ok

19:12:29.0748 5708        ew_hwusbdev     (e98a64c7f106740a38fb2b78197816f8) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys

19:12:29.0810 5708        ew_hwusbdev - ok

19:12:30.0216 5708        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

19:12:30.0325 5708        exfat - ok

19:12:30.0730 5708        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

19:12:30.0840 5708        fastfat - ok

19:12:31.0136 5708        Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

19:12:31.0276 5708        Fax - ok

19:12:31.0651 5708        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

19:12:31.0729 5708        fdc - ok

19:12:32.0010 5708        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

19:12:32.0119 5708        fdPHost - ok

19:12:32.0431 5708        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

19:12:32.0571 5708        FDResPub - ok

19:12:32.0977 5708        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

19:12:33.0024 5708        FileInfo - ok

19:12:33.0414 5708        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

19:12:33.0538 5708        Filetrace - ok

19:12:33.0928 5708        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

19:12:34.0006 5708        flpydisk - ok

19:12:34.0412 5708        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

19:12:34.0459 5708        FltMgr - ok

19:12:34.0771 5708        FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

19:12:34.0880 5708        FontCache - ok

19:12:35.0052 5708        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

19:12:35.0098 5708        FontCache3.0.0.0 - ok

19:12:35.0410 5708        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

19:12:35.0457 5708        FsDepends - ok

19:12:35.0878 5708        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

19:12:35.0910 5708        Fs_Rec - ok

19:12:36.0315 5708        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

19:12:36.0378 5708        fvevol - ok

19:12:36.0783 5708        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

19:12:36.0846 5708        gagp30kx - ok

19:12:36.0986 5708        GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe

19:12:37.0033 5708        GameConsoleService - ok

19:12:37.0345 5708        gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

19:12:37.0485 5708        gpsvc - ok

19:12:37.0891 5708        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

19:12:37.0953 5708        hcw85cir - ok

19:12:38.0374 5708        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

19:12:38.0484 5708        HdAudAddService - ok

19:12:38.0889 5708        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

19:12:38.0983 5708        HDAudBus - ok

19:12:39.0388 5708        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

19:12:39.0451 5708        HidBatt - ok

19:12:39.0856 5708        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

19:12:39.0934 5708        HidBth - ok

19:12:40.0340 5708        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

19:12:40.0434 5708        HidIr - ok

19:12:40.0730 5708        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

19:12:40.0839 5708        hidserv - ok

19:12:41.0260 5708        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys

19:12:41.0307 5708        HidUsb - ok

19:12:41.0619 5708        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

19:12:41.0744 5708        hkmsvc - ok

19:12:42.0040 5708        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

19:12:42.0118 5708        HomeGroupListener - ok

19:12:42.0430 5708        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

19:12:42.0555 5708        HomeGroupProvider - ok

19:12:42.0711 5708        HP Health Check Service (3f4add4196e2b860019539837be305f9) C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

19:12:42.0742 5708        HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning

19:12:42.0742 5708        HP Health Check Service - detected UnsignedFile.Multi.Generic (1)

19:12:42.0867 5708        HP Wireless Assistant Service (3a09322a8aa8b0c79036686a0ebe7b4c) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

19:12:42.0914 5708        HP Wireless Assistant Service - ok

19:12:42.0976 5708        HPDrvMntSvc.exe (881f74074963cdad8c475d09dc3a0bb6) C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

19:12:43.0023 5708        HPDrvMntSvc.exe - ok

19:12:43.0117 5708        hpqwmiex        (fe51b163a618b1cbf015485d21c1bc68) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

19:12:43.0195 5708        hpqwmiex - ok

19:12:43.0632 5708        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

19:12:43.0694 5708        HpSAMD - ok

19:12:43.0897 5708        HPWMISVC        (9df9cf7840a3a99f2ffd614f0a13f2f9) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

19:12:43.0928 5708        HPWMISVC - ok

19:12:44.0599 5708        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

19:12:44.0724 5708        HTTP - ok

19:12:45.0114 5708        huawei_enumerator (22a4b14530194fc57c1c849fb5afee17) C:\Windows\system32\DRIVERS\ew_jubusenum.sys

19:12:45.0192 5708        huawei_enumerator - ok

19:12:45.0582 5708        hwdatacard      (0b3957226ec94b1ecb7b9348bb535a23) C:\Windows\system32\DRIVERS\ewusbmdm.sys

19:12:45.0691 5708        hwdatacard - ok

19:12:46.0096 5708        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

19:12:46.0143 5708        hwpolicy - ok

19:12:46.0596 5708        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

19:12:46.0674 5708        i8042prt - ok

19:12:46.0798 5708        IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

19:12:46.0845 5708        IAANTMON - ok

19:12:47.0251 5708        iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys

19:12:47.0298 5708        iaStor - ok

19:12:47.0719 5708        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

19:12:47.0781 5708        iaStorV - ok

19:12:48.0000 5708        idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

19:12:48.0093 5708        idsvc - ok

19:12:48.0702 5708        igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys

19:12:48.0982 5708        igfx - ok

19:12:49.0388 5708        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

19:12:49.0450 5708        iirsp - ok

19:12:49.0778 5708        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

19:12:50.0012 5708        IKEEXT - ok

19:12:50.0402 5708        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

19:12:50.0464 5708        intelide - ok

19:12:51.0198 5708        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

19:12:51.0322 5708        intelppm - ok

19:12:51.0588 5708        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

19:12:51.0728 5708        IPBusEnum - ok

19:12:51.0915 5708        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:12:52.0056 5708        IpFilterDriver - ok

19:12:52.0399 5708        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll

19:12:52.0586 5708        iphlpsvc - ok

19:12:52.0992 5708        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

19:12:53.0054 5708        IPMIDRV - ok

19:12:53.0444 5708        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

19:12:53.0600 5708        IPNAT - ok

19:12:53.0990 5708        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

19:12:54.0052 5708        IRENUM - ok

19:12:54.0442 5708        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

19:12:54.0474 5708        isapnp - ok

19:12:54.0895 5708        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

19:12:54.0942 5708        iScsiPrt - ok

19:12:55.0332 5708        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

19:12:55.0378 5708        kbdclass - ok

19:12:55.0800 5708        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

19:12:55.0878 5708        kbdhid - ok

19:12:56.0143 5708        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

19:12:56.0190 5708        KeyIso - ok

19:12:56.0580 5708        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys

19:12:56.0642 5708        KSecDD - ok

19:12:57.0048 5708        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys

19:12:57.0094 5708        KSecPkg - ok

19:12:57.0391 5708        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

19:12:57.0547 5708        KtmRm - ok

19:12:57.0874 5708        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

19:12:58.0046 5708        LanmanServer - ok

19:12:58.0358 5708        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

19:12:58.0467 5708        LanmanWorkstation - ok

19:12:58.0888 5708        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

19:12:58.0998 5708        lltdio - ok

19:12:59.0278 5708        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

19:12:59.0388 5708        lltdsvc - ok

19:12:59.0668 5708        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

19:12:59.0793 5708        lmhosts - ok

19:13:00.0199 5708        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

19:13:00.0261 5708        LSI_FC - ok

19:13:00.0651 5708        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

19:13:00.0714 5708        LSI_SAS - ok

19:13:01.0104 5708        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:13:01.0150 5708        LSI_SAS2 - ok

19:13:01.0556 5708        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:13:01.0603 5708        LSI_SCSI - ok

19:13:02.0008 5708        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

19:13:02.0102 5708        luafv - ok

19:13:02.0508 5708        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

19:13:02.0570 5708        megasas - ok

19:13:02.0991 5708        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

19:13:03.0038 5708        MegaSR - ok

19:13:03.0506 5708        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

19:13:03.0646 5708        MMCSS - ok

19:13:04.0052 5708        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

19:13:04.0177 5708        Modem - ok

19:13:04.0598 5708        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

19:13:04.0676 5708        monitor - ok

19:13:05.0097 5708        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys

19:13:05.0128 5708        mouclass - ok

19:13:05.0659 5708        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

19:13:05.0737 5708        mouhid - ok

19:13:06.0142 5708        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

19:13:06.0205 5708        mountmgr - ok

19:13:06.0595 5708        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

19:13:06.0657 5708        mpio - ok

19:13:07.0047 5708        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

19:13:07.0156 5708        mpsdrv - ok

19:13:07.0468 5708        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll

19:13:07.0656 5708        MpsSvc - ok

19:13:08.0046 5708        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

19:13:08.0155 5708        MRxDAV - ok

19:13:08.0545 5708        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

19:13:08.0638 5708        mrxsmb - ok

19:13:09.0044 5708        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:13:09.0122 5708        mrxsmb10 - ok

19:13:09.0496 5708        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:13:09.0590 5708        mrxsmb20 - ok

19:13:09.0980 5708        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

19:13:10.0011 5708        msahci - ok

19:13:10.0417 5708        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

19:13:10.0479 5708        msdsm - ok

19:13:10.0791 5708        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

19:13:10.0854 5708        MSDTC - ok

19:13:11.0259 5708        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

19:13:11.0353 5708        Msfs - ok

19:13:11.0743 5708        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

19:13:11.0821 5708        mshidkmdf - ok

19:13:12.0195 5708        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

19:13:12.0242 5708        msisadrv - ok

19:13:12.0538 5708        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

19:13:12.0663 5708        MSiSCSI - ok

19:13:12.0928 5708        msiserver - ok

19:13:13.0334 5708        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

19:13:13.0474 5708        MSKSSRV - ok

19:13:13.0880 5708        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

19:13:13.0989 5708        MSPCLOCK - ok

19:13:14.0410 5708        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

19:13:14.0520 5708        MSPQM - ok

19:13:14.0925 5708        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

19:13:14.0972 5708        MsRPC - ok

19:13:15.0378 5708        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

19:13:15.0424 5708        mssmbios - ok

19:13:15.0830 5708        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

19:13:15.0955 5708        MSTEE - ok

19:13:16.0345 5708        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

19:13:16.0423 5708        MTConfig - ok

19:13:16.0797 5708        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

19:13:16.0844 5708        Mup - ok

19:13:17.0156 5708        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

19:13:17.0312 5708        napagent - ok

19:13:17.0702 5708        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

19:13:17.0780 5708        NativeWifiP - ok

19:13:18.0217 5708        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

19:13:18.0310 5708        NDIS - ok

19:13:18.0700 5708        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

19:13:18.0825 5708        NdisCap - ok

19:13:19.0246 5708        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

19:13:19.0356 5708        NdisTapi - ok

19:13:19.0761 5708        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

19:13:19.0886 5708        Ndisuio - ok

19:13:20.0276 5708        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

19:13:20.0385 5708        NdisWan - ok

19:13:20.0791 5708        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

19:13:20.0900 5708        NDProxy - ok

19:13:21.0306 5708        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

19:13:21.0430 5708        NetBIOS - ok

19:13:21.0836 5708        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

19:13:21.0930 5708        NetBT - ok

19:13:22.0226 5708        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

19:13:22.0288 5708        Netlogon - ok

19:13:22.0600 5708        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

19:13:22.0741 5708        Netman - ok

19:13:23.0037 5708        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

19:13:23.0193 5708        netprofm - ok

19:13:23.0396 5708        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:13:23.0443 5708        NetTcpPortSharing - ok

19:13:23.0926 5708        netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys

19:13:24.0176 5708        netw5v32 - ok

19:13:24.0597 5708        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

19:13:24.0644 5708        nfrd960 - ok

19:13:24.0940 5708        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

19:13:25.0096 5708        NlaSvc - ok

19:13:25.0518 5708        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

19:13:25.0658 5708        Npfs - ok

19:13:25.0939 5708        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

19:13:26.0048 5708        nsi - ok

19:13:26.0422 5708        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

19:13:26.0547 5708        nsiproxy - ok

19:13:26.0984 5708        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

19:13:27.0109 5708        Ntfs - ok

19:13:27.0499 5708        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

19:13:27.0608 5708        Null - ok

19:13:28.0029 5708        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

19:13:28.0076 5708        nvraid - ok

19:13:28.0482 5708        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

19:13:28.0528 5708        nvstor - ok

19:13:28.0934 5708        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

19:13:28.0965 5708        nv_agp - ok

19:13:29.0371 5708        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

19:13:29.0449 5708        ohci1394 - ok

19:13:29.0574 5708        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

19:13:29.0620 5708        ose - ok

19:13:29.0808 5708        osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

19:13:30.0104 5708        osppsvc - ok

19:13:30.0432 5708        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

19:13:30.0541 5708        p2pimsvc - ok

19:13:30.0853 5708        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

19:13:30.0962 5708        p2psvc - ok

19:13:31.0383 5708        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

19:13:31.0446 5708        Parport - ok

19:13:31.0851 5708        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

19:13:31.0898 5708        partmgr - ok

19:13:32.0304 5708        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

19:13:32.0366 5708        Parvdm - ok

19:13:32.0678 5708        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

19:13:32.0756 5708        PcaSvc - ok

19:13:33.0130 5708        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

19:13:33.0193 5708        pci - ok

19:13:33.0598 5708        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

19:13:33.0645 5708        pciide - ok

19:13:34.0035 5708        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

19:13:34.0098 5708        pcmcia - ok

19:13:34.0472 5708        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

19:13:34.0519 5708        pcw - ok

19:13:34.0956 5708        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

19:13:35.0096 5708        PEAUTH - ok

19:13:35.0486 5708        pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

19:13:35.0689 5708        pla - ok

19:13:35.0985 5708        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

19:13:36.0063 5708        PlugPlay - ok

19:13:36.0360 5708        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

19:13:36.0453 5708        PNRPAutoReg - ok

19:13:36.0765 5708        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

19:13:36.0859 5708        PNRPsvc - ok

19:13:37.0171 5708        PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

19:13:37.0342 5708        PolicyAgent - ok

19:13:37.0654 5708        Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

19:13:37.0764 5708        Power - ok

19:13:38.0169 5708        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

19:13:38.0278 5708        PptpMiniport - ok

19:13:38.0684 5708        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

19:13:38.0762 5708        Processor - ok

19:13:39.0058 5708        ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll

19:13:39.0183 5708        ProfSvc - ok

19:13:39.0495 5708        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

19:13:39.0542 5708        ProtectedStorage - ok

19:13:39.0948 5708        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

19:13:40.0057 5708        Psched - ok

19:13:40.0494 5708        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

19:13:40.0650 5708        ql2300 - ok

19:13:41.0040 5708        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

19:13:41.0102 5708        ql40xx - ok

19:13:41.0398 5708        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

19:13:41.0492 5708        QWAVE - ok

19:13:41.0898 5708        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

19:13:41.0960 5708        QWAVEdrv - ok

19:13:42.0381 5708        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

19:13:42.0506 5708        RasAcd - ok

19:13:42.0912 5708        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

19:13:43.0005 5708        RasAgileVpn - ok

19:13:43.0302 5708        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

19:13:43.0411 5708        RasAuto - ok

19:13:43.0817 5708        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

19:13:43.0926 5708        Rasl2tp - ok

19:13:44.0253 5708        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

19:13:44.0409 5708        RasMan - ok

19:13:44.0815 5708        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

19:13:44.0909 5708        RasPppoe - ok

19:13:45.0299 5708        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

19:13:45.0408 5708        RasSstp - ok

19:13:45.0798 5708        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

19:13:45.0938 5708        rdbss - ok

19:13:46.0328 5708        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

19:13:46.0406 5708        rdpbus - ok

19:13:46.0827 5708        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

19:13:46.0937 5708        RDPCDD - ok

19:13:47.0451 5708        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

19:13:47.0576 5708        RDPENCDD - ok

19:13:48.0013 5708        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

19:13:48.0138 5708        RDPREFMP - ok

19:13:48.0543 5708        RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys

19:13:48.0621 5708        RDPWD - ok

19:13:49.0058 5708        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

19:13:49.0105 5708        rdyboost - ok

19:13:49.0417 5708        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

19:13:49.0542 5708        RemoteAccess - ok

19:13:49.0838 5708        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

19:13:49.0932 5708        RemoteRegistry - ok

19:13:50.0228 5708        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

19:13:50.0322 5708        RpcEptMapper - ok

19:13:50.0618 5708        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

19:13:50.0696 5708        RpcLocator - ok

19:13:51.0008 5708        RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

19:13:51.0102 5708        RpcSs - ok

19:13:51.0585 5708        RSPCIESTOR      (2ad7b2b3d7a10ae3d534877d543eed74) C:\Windows\system32\DRIVERS\RtsPStor.sys

19:13:51.0632 5708        RSPCIESTOR - ok

19:13:52.0038 5708        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

19:13:52.0163 5708        rspndr - ok

19:13:52.0584 5708        RTL8167         (0516998076ad894ae7e362c3110aa071) C:\Windows\system32\DRIVERS\Rt86win7.sys

19:13:52.0631 5708        RTL8167 - ok

19:13:52.0927 5708        SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

19:13:52.0989 5708        SamSs - ok

19:13:53.0411 5708        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

19:13:53.0457 5708        sbp2port - ok

19:13:53.0769 5708        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

19:13:53.0910 5708        SCardSvr - ok

19:13:54.0315 5708        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

19:13:54.0440 5708        scfilter - ok

19:13:54.0752 5708        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

19:13:54.0939 5708        Schedule - ok

19:13:55.0251 5708        SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

19:13:55.0361 5708        SCPolicySvc - ok

19:13:55.0782 5708        sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

19:13:55.0860 5708        sdbus - ok

19:13:56.0156 5708        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

19:13:56.0234 5708        SDRSVC - ok

19:13:56.0640 5708        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

19:13:56.0733 5708        secdrv - ok

19:13:57.0014 5708        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

19:13:57.0155 5708        seclogon - ok

19:13:57.0451 5708        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

19:13:57.0576 5708        SENS - ok

19:13:57.0981 5708        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

19:13:58.0028 5708        Serenum - ok

19:13:58.0449 5708        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

19:13:58.0527 5708        Serial - ok

19:13:58.0917 5708        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

19:13:58.0995 5708        sermouse - ok

19:13:59.0323 5708        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

19:13:59.0463 5708        SessionEnv - ok

19:13:59.0853 5708        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

19:13:59.0931 5708        sffdisk - ok

19:14:00.0337 5708        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

19:14:00.0431 5708        sffp_mmc - ok

19:14:00.0836 5708        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

19:14:00.0899 5708        sffp_sd - ok

19:14:01.0289 5708        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

19:14:01.0382 5708        sfloppy - ok

19:14:01.0835 5708        Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\Windows\system32\DRIVERS\Sftfslh.sys

19:14:01.0897 5708        Sftfs - ok

19:14:02.0022 5708        sftlist         (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

19:14:02.0100 5708        sftlist - ok

19:14:02.0490 5708        Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\Windows\system32\DRIVERS\Sftplaylh.sys

19:14:02.0537 5708        Sftplay - ok

19:14:02.0927 5708        Sftredir        (518bac0179f94304f422696b47c0ec12) C:\Windows\system32\DRIVERS\Sftredirlh.sys

19:14:02.0973 5708        Sftredir - ok

19:14:03.0379 5708        Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\Windows\system32\DRIVERS\Sftvollh.sys

19:14:03.0426 5708        Sftvol - ok

19:14:03.0551 5708        sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

19:14:03.0597 5708        sftvsa - ok

19:14:03.0909 5708        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

19:14:04.0050 5708        SharedAccess - ok

19:14:04.0377 5708        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

19:14:04.0533 5708        ShellHWDetection - ok

19:14:04.0955 5708        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

19:14:05.0001 5708        sisagp - ok

19:14:05.0423 5708        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:14:05.0469 5708        SiSRaid2 - ok

19:14:05.0859 5708        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

19:14:05.0906 5708        SiSRaid4 - ok

19:14:06.0312 5708        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

19:14:06.0405 5708        Smb - ok

19:14:06.0717 5708        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

19:14:06.0795 5708        SNMPTRAP - ok

19:14:07.0154 5708        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

19:14:07.0217 5708        spldr - ok

19:14:07.0544 5708        Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

19:14:07.0716 5708        Spooler - ok

19:14:08.0121 5708        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

19:14:08.0371 5708        sppsvc - ok

19:14:08.0714 5708        sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

19:14:08.0839 5708        sppuinotify - ok

19:14:09.0260 5708        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

19:14:09.0338 5708        srv - ok

19:14:09.0744 5708        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

19:14:09.0837 5708        srv2 - ok

19:14:10.0243 5708        SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS

19:14:10.0321 5708        SrvHsfHDA - ok

19:14:10.0742 5708        SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS

19:14:10.0851 5708        SrvHsfV92 - ok

19:14:11.0273 5708        SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS

19:14:11.0351 5708        SrvHsfWinac - ok

19:14:11.0756 5708        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

19:14:11.0819 5708        srvnet - ok

19:14:12.0115 5708        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

19:14:12.0224 5708        SSDPSRV - ok

19:14:12.0521 5708        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

19:14:12.0630 5708        SstpSvc - ok

19:14:12.0801 5708        STacSV          (f076ffe8af8398fdf2028f6eac5f1778) C:\Program Files\IDT\WDM\STacSV.exe

19:14:12.0879 5708        STacSV - ok

19:14:13.0254 5708        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

19:14:13.0301 5708        stexstor - ok

19:14:13.0737 5708        STHDA           (f71736dc79731c98698b93326e01a6bd) C:\Windows\system32\DRIVERS\stwrt.sys

19:14:13.0815 5708        STHDA - ok

19:14:14.0127 5708        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

19:14:14.0252 5708        StiSvc - ok

19:14:14.0627 5708        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

19:14:14.0673 5708        swenum - ok

19:14:14.0985 5708        swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

19:14:15.0141 5708        swprv - ok

19:14:15.0594 5708        SynTP           (0e8676fb3bb95aa40fdf7a4a31018c8b) C:\Windows\system32\DRIVERS\SynTP.sys

19:14:15.0672 5708        SynTP - ok

19:14:15.0999 5708        SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

19:14:16.0124 5708        SysMain - ok

19:14:16.0452 5708        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

19:14:16.0530 5708        TabletInputService - ok

19:14:16.0842 5708        TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

19:14:16.0998 5708        TapiSrv - ok

19:14:17.0294 5708        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

19:14:17.0419 5708        TBS - ok

19:14:17.0871 5708        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

19:14:17.0996 5708        Tcpip - ok

19:14:18.0433 5708        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

19:14:18.0511 5708        TCPIP6 - ok

19:14:18.0932 5708        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

19:14:19.0057 5708        tcpipreg - ok

19:14:19.0478 5708        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

19:14:19.0572 5708        TDPIPE - ok

19:14:19.0962 5708        TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

19:14:20.0040 5708        TDTCP - ok

19:14:20.0461 5708        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

19:14:20.0570 5708        tdx - ok

19:14:20.0976 5708        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

19:14:21.0023 5708        TermDD - ok

19:14:21.0319 5708        TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

19:14:21.0444 5708        TermService - ok

19:14:21.0725 5708        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

19:14:21.0834 5708        Themes - ok

19:14:22.0146 5708        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

19:14:22.0255 5708        THREADORDER - ok

19:14:22.0551 5708        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

19:14:22.0676 5708        TrkWks - ok

19:14:22.0817 5708        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

19:14:22.0941 5708        TrustedInstaller - ok

19:14:23.0285 5708        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

19:14:23.0363 5708        tssecsrv - ok

19:14:23.0831 5708        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

19:14:23.0893 5708        TsUsbFlt - ok

19:14:24.0330 5708        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

19:14:24.0455 5708        tunnel - ok

19:14:24.0845 5708        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

19:14:24.0891 5708        uagp35 - ok

19:14:25.0297 5708        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

19:14:25.0422 5708        udfs - ok

19:14:25.0718 5708        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

19:14:25.0827 5708        UI0Detect - ok

19:14:26.0217 5708        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

19:14:26.0264 5708        uliagpkx - ok

19:14:26.0654 5708        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

19:14:26.0717 5708        umbus - ok

19:14:27.0091 5708        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

19:14:27.0200 5708        UmPass - ok

19:14:27.0512 5708        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

19:14:27.0653 5708        upnphost - ok

19:14:28.0043 5708        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

19:14:28.0121 5708        usbccgp - ok

19:14:28.0511 5708        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

19:14:28.0604 5708        usbcir - ok

19:14:28.0994 5708        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys

19:14:29.0057 5708        usbehci - ok

19:14:29.0525 5708        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

19:14:29.0634 5708        usbhub - ok

19:14:30.0507 5708        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

19:14:30.0585 5708        usbohci - ok

19:14:31.0225 5708        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

19:14:31.0319 5708        usbprint - ok

19:14:31.0709 5708        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:14:31.0787 5708        USBSTOR - ok

19:14:32.0223 5708        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

19:14:32.0317 5708        usbuhci - ok

19:14:32.0769 5708        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys

19:14:32.0832 5708        usbvideo - ok

19:14:33.0128 5708        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

19:14:33.0269 5708        UxSms - ok

19:14:33.0581 5708        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

19:14:33.0659 5708        VaultSvc - ok

19:14:34.0080 5708        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

19:14:34.0127 5708        vdrvroot - ok

19:14:34.0454 5708        vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

19:14:34.0641 5708        vds - ok

19:14:35.0047 5708        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

19:14:35.0141 5708        vga - ok

19:14:35.0531 5708        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

19:14:35.0640 5708        VgaSave - ok

19:14:36.0045 5708        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

19:14:36.0108 5708        vhdmp - ok

19:14:36.0498 5708        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

19:14:36.0560 5708        viaagp - ok

19:14:36.0935 5708        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

19:14:37.0028 5708        ViaC7 - ok

19:14:37.0418 5708        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

19:14:37.0465 5708        viaide - ok

19:14:37.0855 5708        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

19:14:37.0902 5708        volmgr - ok

19:14:38.0292 5708        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

19:14:38.0354 5708        volmgrx - ok

19:14:38.0775 5708        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

19:14:38.0822 5708        volsnap - ok

19:14:39.0228 5708        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

19:14:39.0290 5708        vsmraid - ok

19:14:39.0633 5708        VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

19:14:39.0852 5708        VSS - ok

19:14:40.0242 5708        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys

19:14:40.0335 5708        vwifibus - ok

19:14:40.0725 5708        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys

19:14:40.0819 5708        vwififlt - ok

19:14:41.0209 5708        vwifimp         (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys

19:14:41.0256 5708        vwifimp - ok

19:14:41.0568 5708        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

19:14:41.0724 5708        W32Time - ok

19:14:42.0129 5708        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

19:14:42.0207 5708        WacomPen - ok

19:14:42.0613 5708        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

19:14:42.0738 5708        WANARP - ok

19:14:42.0738 5708        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

19:14:42.0816 5708        Wanarpv6 - ok

19:14:43.0143 5708        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

19:14:43.0299 5708        wbengine - ok

19:14:43.0611 5708        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

19:14:43.0689 5708        WbioSrvc - ok

19:14:43.0986 5708        wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

19:14:44.0079 5708        wcncsvc - ok

19:14:44.0391 5708        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

19:14:44.0485 5708        WcsPlugInService - ok

19:14:44.0891 5708        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

19:14:44.0937 5708        Wd - ok

19:14:45.0359 5708        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

19:14:45.0437 5708        Wdf01000 - ok

19:14:45.0733 5708        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

19:14:45.0827 5708        WdiServiceHost - ok

19:14:45.0842 5708        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

19:14:45.0889 5708        WdiSystemHost - ok

19:14:46.0217 5708        WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

19:14:46.0341 5708        WebClient - ok

19:14:46.0669 5708        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

19:14:46.0763 5708        Wecsvc - ok

19:14:47.0059 5708        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

19:14:47.0168 5708        wercplsupport - ok

19:14:47.0480 5708        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

19:14:47.0605 5708        WerSvc - ok

19:14:47.0995 5708        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

19:14:48.0104 5708        WfpLwf - ok

19:14:48.0494 5708        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

19:14:48.0541 5708        WIMMount - ok

19:14:48.0681 5708        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

19:14:48.0806 5708        WinDefend - ok

19:14:48.0822 5708        WinHttpAutoProxySvc - ok

19:14:49.0181 5708        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

19:14:49.0290 5708        Winmgmt - ok

19:14:49.0617 5708        WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

19:14:49.0820 5708        WinRM - ok

19:14:50.0163 5708        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

19:14:50.0304 5708        Wlansvc - ok

19:14:50.0709 5708        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

19:14:50.0756 5708        WmiAcpi - ok

19:14:51.0146 5708        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

19:14:51.0224 5708        wmiApSrv - ok

19:14:51.0365 5708        WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

19:14:51.0474 5708        WMPNetworkSvc - ok

19:14:51.0755 5708        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

19:14:51.0864 5708        WPCSvc - ok

19:14:52.0160 5708        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

19:14:52.0254 5708        WPDBusEnum - ok

19:14:52.0644 5708        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

19:14:52.0737 5708        ws2ifsl - ok

19:14:53.0049 5708        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll

19:14:53.0127 5708        wscsvc - ok

19:14:53.0393 5708        WSearch - ok

19:14:53.0783 5708        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll

19:14:54.0017 5708        wuauserv - ok

19:14:54.0438 5708        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

19:14:54.0531 5708        WudfPf - ok

19:14:54.0968 5708        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

19:14:55.0077 5708        WUDFRd - ok

19:14:55.0389 5708        wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

19:14:55.0499 5708        wudfsvc - ok

19:14:55.0811 5708        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

19:14:55.0951 5708        WwanSvc - ok

19:14:56.0388 5708        yukonw7         (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys

19:14:56.0450 5708        yukonw7 - ok

19:14:56.0575 5708        MBR (0x1B8)     (af16213c8d7c2ffd462507ceed3bfc6b) \Device\Harddisk0\DR0

19:14:56.0762 5708        \Device\Harddisk0\DR0 - ok

19:14:56.0809 5708        Boot (0x1200)   (40f9be7f944102b933f64f2ae778cadb) \Device\Harddisk0\DR0\Partition0

19:14:56.0809 5708        \Device\Harddisk0\DR0\Partition0 - ok

19:14:56.0840 5708        Boot (0x1200)   (9d2343a07d30c785f10ab0225b8bd6d4) \Device\Harddisk0\DR0\Partition1

19:14:56.0840 5708        \Device\Harddisk0\DR0\Partition1 - ok

19:14:56.0871 5708        Boot (0x1200)   (32fd8968b40ffe44064e01afa23ca67d) \Device\Harddisk0\DR0\Partition2

19:14:56.0887 5708        \Device\Harddisk0\DR0\Partition2 - ok

19:14:56.0918 5708        Boot (0x1200)   (ec57184e610e76e5c3ae4506d8a901b2) \Device\Harddisk0\DR0\Partition3

19:14:56.0918 5708        \Device\Harddisk0\DR0\Partition3 - ok

19:14:56.0918 5708        ============================================================

19:14:56.0918 5708        Scan finished

19:14:56.0918 5708        ============================================================

19:14:56.0965 3720        Detected object count: 2

19:14:56.0965 3720        Actual detected object count: 2

19:18:26.0505 3720        DCService.exe ( UnsignedFile.Multi.Generic ) - skipped by user

19:18:26.0505 3720        DCService.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:18:26.0505 3720        HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user

19:18:26.0505 3720        HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

19:20:01.0067 1700        Deinitialize success

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

ok - hier das nächste log:

Combofix Logfile:

Code:

ComboFix 12-04-12.03 - Mini-ZZ 13.04.2012   9:10.1.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.2036.1086 [GMT 2:00]

ausgeführt von:: c:\users\Mini-ZZ\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-13 bis 2012-04-13  ))))))))))))))))))))))))))))))

.

.

2012-04-13 07:25 . 2012-04-13 07:25        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-12 17:27 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{D29BCA23-4962-4118-BF1C-AAD9A27504D8}\mpengine.dll

2012-04-11 17:40 . 2012-04-11 17:40        --------        d-----w-        C:\_OTL

2012-04-08 19:55 . 2012-04-08 19:55        --------        d-----w-        c:\program files\ESET

2012-04-07 19:31 . 2012-04-07 19:31        --------        d-----w-        c:\users\Mini-ZZ\AppData\Roaming\Malwarebytes

2012-04-07 19:31 . 2012-04-07 19:31        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-07 19:31 . 2012-04-07 19:31        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-04-07 19:31 . 2011-12-10 13:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-03-19 21:59 . 2012-03-13 04:38        97208        ----a-w-        c:\program files\Mozilla Firefox\components\browsercomps.dll

2012-03-19 21:37 . 2012-03-13 04:36        44472        ----a-w-        c:\program files\Mozilla Firefox\mozglue.dll

2012-03-19 21:37 . 2012-03-13 04:36        592824        ----a-w-        c:\program files\Mozilla Firefox\gkmedias.dll

2012-03-18 10:30 . 2012-03-07 00:02        44376        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2012-03-18 09:46 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-03-18 09:45 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-03-17 08:45 . 2012-02-03 03:54        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-03-17 08:45 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\system32\DWrite.dll

2012-03-17 08:42 . 2012-01-25 05:27        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe

2012-03-17 08:42 . 2012-01-25 05:32        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll

2012-03-17 08:42 . 2012-01-25 05:32        58880        ----a-w-        c:\windows\system32\rdpwsx.dll

2012-03-17 08:42 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\system32\rdpcore.dll

2012-03-17 08:42 . 2012-02-17 04:13        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-03-17 08:42 . 2012-02-17 04:14        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-11 09:27 . 2011-06-02 17:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-07 00:15 . 2011-03-19 16:23        41184        ----a-w-        c:\windows\avastSS.scr

2012-03-07 00:15 . 2011-03-19 16:23        201352        ----a-w-        c:\windows\system32\aswBoot.exe

2012-03-07 00:03 . 2011-03-19 16:23        612184        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:03 . 2011-03-19 16:23        337880        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2012-03-07 00:01 . 2011-03-19 16:23        53848        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2012-03-07 00:01 . 2011-03-19 16:23        57688        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2012-03-07 00:01 . 2011-03-19 16:23        20696        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2012-02-23 08:18 . 2011-03-19 17:13        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-03-13 04:38 . 2012-03-19 21:59        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-07 00:15        123536        ----a-w-        c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]

@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"

[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]

2010-03-28 22:22        718848        ----a-w-        c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]

@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"

[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]

2010-03-28 22:22        718848        ----a-w-        c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]

@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"

[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]

2010-03-28 22:22        718848        ----a-w-        c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]

@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"

[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]

2010-03-28 22:22        718848        ----a-w-        c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]

@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"

[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]

2010-03-28 22:22        718848        ----a-w-        c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-06-09 495708]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]

"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-07-02 602680]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]

"ZumoDrive"="c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk" [2010-07-28 2038]

"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Media Suite.lnk - c:\program files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe [2010-4-1 91648]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-05-08 229376]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-03-20 101504]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2010-04-07 204800]

R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2009-11-11 18136]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-03 81920]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe [2010-07-01 338168]

S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-06-18 103992]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-25 92216]

S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-07-02 27192]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2010-04-09 63616]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-05-07 230944]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B}]

2010-06-23 17:47        687104        ----a-w-        c:\program files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B}]

2009-07-14 01:14        141824        ----a-w-        c:\windows\System32\wscript.exe

.

.

------- Zusätzlicher Suchlauf -------

.

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{88849F3B-7B3F-482D-B6D8-C3CAE3E55DD8}: NameServer = 193.189.244.225 193.189.244.206

FF - ProfilePath - c:\users\Mini-ZZ\AppData\Roaming\Mozilla\Firefox\Profiles\7af0eigr.default\

FF - prefs.js: browser.startup.homepage - www.google.de

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1380)

c:\program files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

.

Zeit der Fertigstellung: 2012-04-13  09:31:59

ComboFix-quarantined-files.txt  2012-04-13 07:31

.

Vor Suchlauf: 12 Verzeichnis(se), 190.523.564.032 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 190.446.522.368 Bytes frei

.

- - End Of File - - D378C32131BC01A9B33200AA07557A2D

--- --- ---

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

So, geschafft:

GMER
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-04-14 09:35:41

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0

Running: x2qt5p9s.exe; Driver: C:\Users\Mini-ZZ\AppData\Local\Temp\pxliyfoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwAddBootEntry [0x8B957DF8]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ZwAllocateVirtualMemory [0x8C443A5A]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwAssignProcessToJobObject [0x8B95885E]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateEvent [0x8B95D2E4]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateEventPair [0x8B95D330]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateIoCompletion [0x8B95D422]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateMutant [0x8B95D252]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateSection [0x8B95D374]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateSemaphore [0x8B95D29A]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwCreateTimer [0x8B95D3DC]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwDeleteBootEntry [0x8B957E44]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ZwFreeVirtualMemory [0x8C443B34]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwLoadDriver [0x8B957AD6]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwModifyBootEntry [0x8B957E90]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwNotifyChangeKey [0x8B95AD1C]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwNotifyChangeMultipleKeys [0x8B958B02]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenEvent [0x8B95D30E]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenEventPair [0x8B95D352]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenIoCompletion [0x8B95D446]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenMutant [0x8B95D278]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenSection [0x8B95D3AE]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenSemaphore [0x8B95D2C2]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwOpenTimer [0x8B95D400]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ZwProtectVirtualMemory [0x8C443CA0]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwQueryObject [0x8B9589CE]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwSetBootEntryOrder [0x8B957EDC]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwSetBootOptions [0x8B957F28]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwSetSystemInformation [0x8B957B46]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwSetSystemPowerState [0x8B957CEA]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwShutdownSystem [0x8B957C92]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwSystemDebugControl [0x8B957D5A]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ZwTerminateProcess [0x8C443D60]

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                ZwVdmControl [0x8B957F74]

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ZwWriteVirtualMemory [0x8C443BE0]
 

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ZwCreateProcessEx [0x8C459D92]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                ObMakeTemporaryObject
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!ZwSaveKey + 13C1                                                                                                        81C913D9 1 Byte  [06]

.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                               81CCAD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text           ntkrnlpa.exe!KeRemoveQueueEx + 10CB                                                                                                  81CD1DC0 4 Bytes  [F8, 7D, 95, 8B]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 10F3                                                                                                  81CD1DE8 4 Bytes  [5A, 3A, 44, 8C]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 1153                                                                                                  81CD1E48 4 Bytes  [5E, 88, 95, 8B]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11A7                                                                                                  81CD1E9C 8 Bytes  [E4, D2, 95, 8B, 30, D3, 95, ...]

.text           ntkrnlpa.exe!KeRemoveQueueEx + 11B3                                                                                                  81CD1EA8 4 Bytes  JMP 95D42281 

.text           ...                                                                                                                                  

.text           kernel32.dll!GetBinaryTypeW + 70                                                                                                     763969F4 1 Byte  [62]
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\ProgramData\DatacardService\DCService.exe[268] ntdll.dll!LdrUnloadDll                                                             7776C86E 5 Bytes  JMP 001603FC 

.text           C:\ProgramData\DatacardService\DCService.exe[268] ntdll.dll!LdrLoadDll                                                               7777223E 5 Bytes  JMP 001601F8 

.text           C:\ProgramData\DatacardService\DCService.exe[268] kernel32.dll!GetBinaryTypeW + 70                                                   763969F4 1 Byte  [62]

.text           C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!UnhookWindowsHookEx                                                     75EAADF9 5 Bytes  JMP 001F0A08 

.text           C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!UnhookWinEvent                                                          75EAB750 5 Bytes  JMP 001F03FC 

.text           C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWindowsHookExW                                                       75EAE30C 5 Bytes  JMP 001F0804 

.text           C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWinEventHook                                                         75EB24DC 5 Bytes  JMP 001F01F8 

.text           C:\ProgramData\DatacardService\DCService.exe[268] USER32.dll!SetWindowsHookExA                                                       75ED6D0C 5 Bytes  JMP 001F0600 

.text           C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70                                                                  763969F4 1 Byte  [62]

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] ntdll.dll!LdrUnloadDll                                            7776C86E 5 Bytes  JMP 001603FC 

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] ntdll.dll!LdrLoadDll                                              7777223E 5 Bytes  JMP 001601F8 

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] kernel32.dll!GetBinaryTypeW + 70                                  763969F4 1 Byte  [62]

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!UnhookWindowsHookEx                                    75EAADF9 5 Bytes  JMP 00180A08 

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!UnhookWinEvent                                         75EAB750 5 Bytes  JMP 001803FC 

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWindowsHookExW                                      75EAE30C 5 Bytes  JMP 00180804 

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWinEventHook                                        75EB24DC 5 Bytes  JMP 001801F8 

.text           C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe[464] USER32.dll!SetWindowsHookExA                                      75ED6D0C 5 Bytes  JMP 00180600 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[496] kernel32.dll!GetBinaryTypeW + 70                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrUnloadDll                                                                          7776C86E 5 Bytes  JMP 000303FC 

.text           C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll                                                                            7777223E 3 Bytes  JMP 000301F8 

.text           C:\Windows\system32\wininit.exe[504] ntdll.dll!LdrLoadDll + 4                                                                        77772242 1 Byte  [88]

.text           C:\Windows\system32\wininit.exe[504] kernel32.dll!GetBinaryTypeW + 70                                                                763969F4 1 Byte  [62]

.text           C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWindowsHookEx                                                                  75EAADF9 5 Bytes  JMP 000C0A08 

.text           C:\Windows\system32\wininit.exe[504] USER32.dll!UnhookWinEvent                                                                       75EAB750 5 Bytes  JMP 000C03FC 

.text           C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExW                                                                    75EAE30C 5 Bytes  JMP 000C0804 

.text           C:\Windows\system32\wininit.exe[504] USER32.dll!SetWinEventHook                                                                      75EB24DC 5 Bytes  JMP 000C01F8 

.text           C:\Windows\system32\wininit.exe[504] USER32.dll!SetWindowsHookExA                                                                    75ED6D0C 5 Bytes  JMP 000C0600 

.text           C:\Windows\system32\csrss.exe[512] kernel32.dll!GetBinaryTypeW + 70                                                                  763969F4 1 Byte  [62]

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] ntdll.dll!LdrUnloadDll                                                             7776C86E 5 Bytes  JMP 001603FC 

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] ntdll.dll!LdrLoadDll                                                               7777223E 5 Bytes  JMP 001601F8 

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] kernel32.dll!GetBinaryTypeW + 70                                                   763969F4 1 Byte  [62]

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!UnhookWindowsHookEx                                                     75EAADF9 5 Bytes  JMP 00200A08 

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!UnhookWinEvent                                                          75EAB750 5 Bytes  JMP 002003FC 

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWindowsHookExW                                                       75EAE30C 5 Bytes  JMP 00200804 

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWinEventHook                                                         75EB24DC 5 Bytes  JMP 002001F8 

.text           C:\ProgramData\DatacardService\DCSHelper.exe[552] USER32.dll!SetWindowsHookExA                                                       75ED6D0C 5 Bytes  JMP 00200600 

.text           C:\Windows\system32\services.exe[560] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\services.exe[560] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\services.exe[560] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll                                                                            7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll                                                                              7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70                                                                  763969F4 1 Byte  [62]

.text           C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrUnloadDll                                                                              7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrLoadDll                                                                                7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\lsm.exe[600] kernel32.dll!GetBinaryTypeW + 70                                                                    763969F4 1 Byte  [62]

.text           C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000303FC 

.text           C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll                                                                           7777223E 3 Bytes  JMP 000301F8 

.text           C:\Windows\system32\winlogon.exe[608] ntdll.dll!LdrLoadDll + 4                                                                       77772242 1 Byte  [88]

.text           C:\Windows\system32\winlogon.exe[608] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 00050A08 

.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 000503FC 

.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 00050804 

.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 000501F8 

.text           C:\Windows\system32\winlogon.exe[608] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 00050600 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] ntdll.dll!LdrUnloadDll                                                  7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] ntdll.dll!LdrLoadDll                                                    7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] kernel32.dll!GetBinaryTypeW + 70                                        763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!UnhookWindowsHookEx                                          75EAADF9 5 Bytes  JMP 00080A08 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!UnhookWinEvent                                               75EAB750 5 Bytes  JMP 000803FC 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWindowsHookExW                                            75EAE30C 5 Bytes  JMP 00080804 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWinEventHook                                              75EB24DC 5 Bytes  JMP 000801F8 

.text           C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe[672] USER32.dll!SetWindowsHookExA                                            75ED6D0C 5 Bytes  JMP 00080600 

.text           C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrUnloadDll                                                                          7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[744] ntdll.dll!LdrLoadDll                                                                            7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[744] kernel32.dll!GetBinaryTypeW + 70                                                                763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrUnloadDll                                                                          7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[840] ntdll.dll!LdrLoadDll                                                                            7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[840] kernel32.dll!GetBinaryTypeW + 70                                                                763969F4 1 Byte  [62]

.text           C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrUnloadDll                                                                          7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\System32\svchost.exe[892] ntdll.dll!LdrLoadDll                                                                            7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\System32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70                                                                763969F4 1 Byte  [62]

.text           C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWindowsHookEx                                                                  75EAADF9 5 Bytes  JMP 00180A08 

.text           C:\Windows\System32\svchost.exe[892] USER32.dll!UnhookWinEvent                                                                       75EAB750 5 Bytes  JMP 001803FC 

.text           C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExW                                                                    75EAE30C 5 Bytes  JMP 00180804 

.text           C:\Windows\System32\svchost.exe[892] USER32.dll!SetWinEventHook                                                                      75EB24DC 5 Bytes  JMP 001801F8 

.text           C:\Windows\System32\svchost.exe[892] USER32.dll!SetWindowsHookExA                                                                    75ED6D0C 5 Bytes  JMP 00180600 

.text           C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrUnloadDll                                                                          7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\System32\svchost.exe[972] ntdll.dll!LdrLoadDll                                                                            7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\System32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70                                                                763969F4 1 Byte  [62]

.text           C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx                                                                  75EAADF9 5 Bytes  JMP 00470A08 

.text           C:\Windows\System32\svchost.exe[972] USER32.dll!UnhookWinEvent                                                                       75EAB750 5 Bytes  JMP 004703FC 

.text           C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExW                                                                    75EAE30C 5 Bytes  JMP 00470804 

.text           C:\Windows\System32\svchost.exe[972] USER32.dll!SetWinEventHook                                                                      75EB24DC 5 Bytes  JMP 004701F8 

.text           C:\Windows\System32\svchost.exe[972] USER32.dll!SetWindowsHookExA                                                                    75ED6D0C 5 Bytes  JMP 00470600 

.text           C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[1000] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 00540A08 

.text           C:\Windows\system32\svchost.exe[1000] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 005403FC 

.text           C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 00540804 

.text           C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 005401F8 

.text           C:\Windows\system32\svchost.exe[1000] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 00540600 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] ntdll.dll!LdrUnloadDll                                           7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] ntdll.dll!LdrLoadDll                                             7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] kernel32.dll!GetBinaryTypeW + 70                                 763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!UnhookWindowsHookEx                                   75EAADF9 5 Bytes  JMP 000F0A08 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!UnhookWinEvent                                        75EAB750 5 Bytes  JMP 000F03FC 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWindowsHookExW                                     75EAE30C 5 Bytes  JMP 000F0804 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWinEventHook                                       75EB24DC 5 Bytes  JMP 000F01F8 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[1028] USER32.dll!SetWindowsHookExA                                     75ED6D0C 5 Bytes  JMP 000F0600 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] ntdll.dll!LdrUnloadDll                                                                     7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] ntdll.dll!LdrLoadDll                                                                       7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] kernel32.dll!GetBinaryTypeW + 70                                                           763969F4 1 Byte  [62]

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!UnhookWindowsHookEx                                                             75EAADF9 5 Bytes  JMP 00200A08 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!UnhookWinEvent                                                                  75EAB750 5 Bytes  JMP 002003FC 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWindowsHookExW                                                               75EAE30C 5 Bytes  JMP 00200804 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWinEventHook                                                                 75EB24DC 5 Bytes  JMP 002001F8 

.text           C:\Program Files\IDT\WDM\STacSV.exe[1060] USER32.dll!SetWindowsHookExA                                                               75ED6D0C 5 Bytes  JMP 00200600 

.text           C:\Windows\system32\AUDIODG.EXE[1156] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe[1248] KERNEL32.dll!GetBinaryTypeW + 70                       763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 001E0A08 

.text           C:\Windows\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 001E03FC 

.text           C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 001E0804 

.text           C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 001E01F8 

.text           C:\Windows\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 001E0600 

.text           C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1300] KERNEL32.dll!GetBinaryTypeW + 70                             763969F4 1 Byte  [62]

.text           C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrUnloadDll                                                                             7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\Dwm.exe[1444] ntdll.dll!LdrLoadDll                                                                               7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\Dwm.exe[1444] kernel32.dll!GetBinaryTypeW + 70                                                                   763969F4 1 Byte  [62]

.text           C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWindowsHookEx                                                                     75EAADF9 5 Bytes  JMP 000F0A08 

.text           C:\Windows\system32\Dwm.exe[1444] USER32.dll!UnhookWinEvent                                                                          75EAB750 5 Bytes  JMP 000F03FC 

.text           C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExW                                                                       75EAE30C 5 Bytes  JMP 000F0804 

.text           C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWinEventHook                                                                         75EB24DC 5 Bytes  JMP 000F01F8 

.text           C:\Windows\system32\Dwm.exe[1444] USER32.dll!SetWindowsHookExA                                                                       75ED6D0C 5 Bytes  JMP 000F0600 

.text           C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[1488] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 003E0A08 

.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 003E03FC 

.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 003E0804 

.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 003E01F8 

.text           C:\Windows\system32\svchost.exe[1488] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 003E0600 

.text           C:\Windows\Explorer.EXE[1532] ntdll.dll!LdrUnloadDll                                                                                 7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\Explorer.EXE[1532] ntdll.dll!LdrLoadDll                                                                                   7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\Explorer.EXE[1532] kernel32.dll!GetBinaryTypeW + 70                                                                       763969F4 1 Byte  [62]

.text           C:\Windows\Explorer.EXE[1532] USER32.dll!UnhookWindowsHookEx                                                                         75EAADF9 5 Bytes  JMP 00120A08 

.text           C:\Windows\Explorer.EXE[1532] USER32.dll!UnhookWinEvent                                                                              75EAB750 5 Bytes  JMP 001203FC 

.text           C:\Windows\Explorer.EXE[1532] USER32.dll!SetWindowsHookExW                                                                           75EAE30C 5 Bytes  JMP 00120804 

.text           C:\Windows\Explorer.EXE[1532] USER32.dll!SetWinEventHook                                                                             75EB24DC 5 Bytes  JMP 001201F8 

.text           C:\Windows\Explorer.EXE[1532] USER32.dll!SetWindowsHookExA                                                                           75ED6D0C 5 Bytes  JMP 00120600 

.text           C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[1588] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[1588] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 00310A08 

.text           C:\Windows\system32\svchost.exe[1588] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 003103FC 

.text           C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 00310804 

.text           C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 003101F8 

.text           C:\Windows\system32\svchost.exe[1588] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 00310600 

.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!SetUnhandledExceptionFilter                                    7637F4FB 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }

.text           C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] kernel32.dll!GetBinaryTypeW + 70                                            763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe[1684] KERNEL32.dll!GetBinaryTypeW + 70                                763969F4 1 Byte  [62]

.text           C:\Windows\System32\spoolsv.exe[1748] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\System32\spoolsv.exe[1748] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\System32\spoolsv.exe[1748] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\System32\spoolsv.exe[1748] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 00100A08 

.text           C:\Windows\System32\spoolsv.exe[1748] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 001003FC 

.text           C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 00100804 

.text           C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 001001F8 

.text           C:\Windows\System32\spoolsv.exe[1748] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 00100600 

.text           C:\Windows\system32\taskhost.exe[1760] ntdll.dll!LdrUnloadDll                                                                        7776C86E 5 Bytes  JMP 000503FC 

.text           C:\Windows\system32\taskhost.exe[1760] ntdll.dll!LdrLoadDll                                                                          7777223E 5 Bytes  JMP 000501F8 

.text           C:\Windows\system32\taskhost.exe[1760] kernel32.dll!GetBinaryTypeW + 70                                                              763969F4 1 Byte  [62]

.text           C:\Windows\system32\taskhost.exe[1760] USER32.dll!UnhookWindowsHookEx                                                                75EAADF9 5 Bytes  JMP 000E0A08 

.text           C:\Windows\system32\taskhost.exe[1760] USER32.dll!UnhookWinEvent                                                                     75EAB750 5 Bytes  JMP 000E03FC 

.text           C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWindowsHookExW                                                                  75EAE30C 5 Bytes  JMP 000E0804 

.text           C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWinEventHook                                                                    75EB24DC 5 Bytes  JMP 000E01F8 

.text           C:\Windows\system32\taskhost.exe[1760] USER32.dll!SetWindowsHookExA                                                                  75ED6D0C 5 Bytes  JMP 000E0600 

.text           C:\Program Files\IDT\WDM\aestsrv.exe[1888] ntdll.dll!LdrUnloadDll                                                                    7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\IDT\WDM\aestsrv.exe[1888] ntdll.dll!LdrLoadDll                                                                      7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\IDT\WDM\aestsrv.exe[1888] kernel32.dll!GetBinaryTypeW + 70                                                          763969F4 1 Byte  [62]

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] ntdll.dll!LdrUnloadDll                                                            7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] ntdll.dll!LdrLoadDll                                                              7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] kernel32.dll!GetBinaryTypeW + 70                                                  763969F4 1 Byte  [62]

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!UnhookWindowsHookEx                                                    75EAADF9 5 Bytes  JMP 00140A08 

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!UnhookWinEvent                                                         75EAB750 5 Bytes  JMP 001403FC 

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWindowsHookExW                                                      75EAE30C 5 Bytes  JMP 00140804 

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWinEventHook                                                        75EB24DC 5 Bytes  JMP 001401F8 

.text           C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1928] USER32.dll!SetWindowsHookExA                                                      75ED6D0C 5 Bytes  JMP 00140600 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] ntdll.dll!LdrUnloadDll                                                          7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] ntdll.dll!LdrLoadDll                                                            7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] kernel32.dll!GetBinaryTypeW + 70                                                763969F4 1 Byte  [62]

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!UnhookWindowsHookEx                                                  75EAADF9 5 Bytes  JMP 00100A08 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!UnhookWinEvent                                                       75EAB750 5 Bytes  JMP 001003FC 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWindowsHookExW                                                    75EAE30C 5 Bytes  JMP 00100804 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWinEventHook                                                      75EB24DC 5 Bytes  JMP 001001F8 

.text           C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1960] USER32.dll!SetWindowsHookExA                                                    75ED6D0C 5 Bytes  JMP 00100600 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] ntdll.dll!LdrUnloadDll                                 7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] ntdll.dll!LdrLoadDll                                   7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] kernel32.dll!GetBinaryTypeW + 70                       763969F4 1 Byte  [62]

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!UnhookWindowsHookEx                         75EAADF9 5 Bytes  JMP 00110A08 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!UnhookWinEvent                              75EAB750 5 Bytes  JMP 001103FC 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWindowsHookExW                           75EAE30C 5 Bytes  JMP 00110804 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWinEventHook                             75EB24DC 5 Bytes  JMP 001101F8 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2340] USER32.dll!SetWindowsHookExA                           75ED6D0C 5 Bytes  JMP 00110600 

.text           C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\System32\svchost.exe[2484] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\System32\svchost.exe[2484] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\System32\svchost.exe[2484] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\System32\svchost.exe[2484] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 00210A08 

.text           C:\Windows\System32\svchost.exe[2484] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 002103FC 

.text           C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 00210804 

.text           C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 002101F8 

.text           C:\Windows\System32\svchost.exe[2484] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 00210600 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] ntdll.dll!LdrUnloadDll                                7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] ntdll.dll!LdrLoadDll                                  7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] kernel32.dll!GetBinaryTypeW + 70                      763969F4 1 Byte  [62]

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!UnhookWindowsHookEx                        75EAADF9 5 Bytes  JMP 001A0A08 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!UnhookWinEvent                             75EAB750 5 Bytes  JMP 001A03FC 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWindowsHookExW                          75EAE30C 5 Bytes  JMP 001A0804 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWinEventHook                            75EB24DC 5 Bytes  JMP 001A01F8 

.text           C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2536] USER32.dll!SetWindowsHookExA                          75ED6D0C 5 Bytes  JMP 001A0600 

.text           C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe[2616] KERNEL32.dll!GetBinaryTypeW + 70                          763969F4 1 Byte  [62]

.text           C:\Windows\System32\igfxtray.exe[2724] ntdll.dll!LdrUnloadDll                                                                        7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Windows\System32\igfxtray.exe[2724] ntdll.dll!LdrLoadDll                                                                          7777223E 5 Bytes  JMP 001601F8 

.text           C:\Windows\System32\igfxtray.exe[2724] kernel32.dll!GetBinaryTypeW + 70                                                              763969F4 1 Byte  [62]

.text           C:\Windows\System32\igfxtray.exe[2724] USER32.dll!UnhookWindowsHookEx                                                                75EAADF9 5 Bytes  JMP 00200A08 

.text           C:\Windows\System32\igfxtray.exe[2724] USER32.dll!UnhookWinEvent                                                                     75EAB750 5 Bytes  JMP 002003FC 

.text           C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWindowsHookExW                                                                  75EAE30C 5 Bytes  JMP 00200804 

.text           C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWinEventHook                                                                    75EB24DC 5 Bytes  JMP 002001F8 

.text           C:\Windows\System32\igfxtray.exe[2724] USER32.dll!SetWindowsHookExA                                                                  75ED6D0C 5 Bytes  JMP 00200600 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] ntdll.dll!LdrUnloadDll                                        7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] ntdll.dll!LdrLoadDll                                          7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] kernel32.dll!GetBinaryTypeW + 70                              763969F4 1 Byte  [62]

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!UnhookWindowsHookEx                                75EAADF9 5 Bytes  JMP 001F0A08 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!UnhookWinEvent                                     75EAB750 5 Bytes  JMP 001F03FC 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWindowsHookExW                                  75EAE30C 5 Bytes  JMP 001F0804 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWinEventHook                                    75EB24DC 5 Bytes  JMP 001F01F8 

.text           C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[2744] USER32.dll!SetWindowsHookExA                                  75ED6D0C 5 Bytes  JMP 001F0600 

.text           C:\Windows\System32\hkcmd.exe[2836] ntdll.dll!LdrUnloadDll                                                                           7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Windows\System32\hkcmd.exe[2836] ntdll.dll!LdrLoadDll                                                                             7777223E 5 Bytes  JMP 001601F8 

.text           C:\Windows\System32\hkcmd.exe[2836] kernel32.dll!GetBinaryTypeW + 70                                                                 763969F4 1 Byte  [62]

.text           C:\Windows\System32\hkcmd.exe[2836] USER32.dll!UnhookWindowsHookEx                                                                   75EAADF9 5 Bytes  JMP 00190A08 

.text           C:\Windows\System32\hkcmd.exe[2836] USER32.dll!UnhookWinEvent                                                                        75EAB750 5 Bytes  JMP 001903FC 

.text           C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWindowsHookExW                                                                     75EAE30C 5 Bytes  JMP 00190804 

.text           C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWinEventHook                                                                       75EB24DC 5 Bytes  JMP 001901F8 

.text           C:\Windows\System32\hkcmd.exe[2836] USER32.dll!SetWindowsHookExA                                                                     75ED6D0C 5 Bytes  JMP 00190600 

.text           C:\Windows\System32\igfxpers.exe[2852] ntdll.dll!LdrUnloadDll                                                                        7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Windows\System32\igfxpers.exe[2852] ntdll.dll!LdrLoadDll                                                                          7777223E 5 Bytes  JMP 001601F8 

.text           C:\Windows\System32\igfxpers.exe[2852] kernel32.dll!GetBinaryTypeW + 70                                                              763969F4 1 Byte  [62]

.text           C:\Windows\System32\igfxpers.exe[2852] USER32.dll!UnhookWindowsHookEx                                                                75EAADF9 5 Bytes  JMP 00210A08 

.text           C:\Windows\System32\igfxpers.exe[2852] USER32.dll!UnhookWinEvent                                                                     75EAB750 5 Bytes  JMP 002103FC 

.text           C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWindowsHookExW                                                                  75EAE30C 5 Bytes  JMP 00210804 

.text           C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWinEventHook                                                                    75EB24DC 5 Bytes  JMP 002101F8 

.text           C:\Windows\System32\igfxpers.exe[2852] USER32.dll!SetWindowsHookExA                                                                  75ED6D0C 5 Bytes  JMP 00210600 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] ntdll.dll!LdrUnloadDll                                                                     7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] ntdll.dll!LdrLoadDll                                                                       7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] kernel32.dll!GetBinaryTypeW + 70                                                           763969F4 1 Byte  [62]

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!UnhookWindowsHookEx                                                             75EAADF9 5 Bytes  JMP 001F0A08 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!UnhookWinEvent                                                                  75EAB750 5 Bytes  JMP 001F03FC 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWindowsHookExW                                                               75EAE30C 5 Bytes  JMP 001F0804 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWinEventHook                                                                 75EB24DC 5 Bytes  JMP 001F01F8 

.text           C:\Program Files\IDT\WDM\sttray.exe[2896] USER32.dll!SetWindowsHookExA                                                               75ED6D0C 5 Bytes  JMP 001F0600 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrUnloadDll                                                           7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] ntdll.dll!LdrLoadDll                                                             7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] kernel32.dll!GetBinaryTypeW + 70                                                 763969F4 1 Byte  [62]

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWindowsHookEx                                                   75EAADF9 5 Bytes  JMP 001F0A08 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!UnhookWinEvent                                                        75EAB750 5 Bytes  JMP 001F03FC 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExW                                                     75EAE30C 5 Bytes  JMP 001F0804 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWinEventHook                                                       75EB24DC 5 Bytes  JMP 001F01F8 

.text           C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2944] USER32.dll!SetWindowsHookExA                                                     75ED6D0C 5 Bytes  JMP 001F0600 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] ntdll.dll!LdrUnloadDll                                           7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] ntdll.dll!LdrLoadDll                                             7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] kernel32.dll!GetBinaryTypeW + 70                                 763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!UnhookWindowsHookEx                                   75EAADF9 5 Bytes  JMP 001F0A08 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!UnhookWinEvent                                        75EAB750 5 Bytes  JMP 001F03FC 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWindowsHookExW                                     75EAE30C 5 Bytes  JMP 001F0804 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWinEventHook                                       75EB24DC 5 Bytes  JMP 001F01F8 

.text           C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[2952] USER32.dll!SetWindowsHookExA                                     75ED6D0C 5 Bytes  JMP 001F0600 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] ntdll.dll!LdrUnloadDll                                                        7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] ntdll.dll!LdrLoadDll                                                          7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] kernel32.dll!GetBinaryTypeW + 70                                              763969F4 1 Byte  [62]

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!UnhookWindowsHookEx                                                75EAADF9 5 Bytes  JMP 00180A08 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!UnhookWinEvent                                                     75EAB750 5 Bytes  JMP 001803FC 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWindowsHookExW                                                  75EAE30C 5 Bytes  JMP 00180804 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWinEventHook                                                    75EB24DC 5 Bytes  JMP 001801F8 

.text           C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3104] USER32.dll!SetWindowsHookExA                                                  75ED6D0C 5 Bytes  JMP 00180600 

.text           C:\Windows\system32\igfxsrvc.exe[3144] ntdll.dll!LdrUnloadDll                                                                        7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Windows\system32\igfxsrvc.exe[3144] ntdll.dll!LdrLoadDll                                                                          7777223E 5 Bytes  JMP 001601F8 

.text           C:\Windows\system32\igfxsrvc.exe[3144] kernel32.dll!GetBinaryTypeW + 70                                                              763969F4 1 Byte  [62]

.text           C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!UnhookWindowsHookEx                                                                75EAADF9 5 Bytes  JMP 00180A08 

.text           C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!UnhookWinEvent                                                                     75EAB750 5 Bytes  JMP 001803FC 

.text           C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWindowsHookExW                                                                  75EAE30C 5 Bytes  JMP 00180804 

.text           C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWinEventHook                                                                    75EB24DC 5 Bytes  JMP 001801F8 

.text           C:\Windows\system32\igfxsrvc.exe[3144] USER32.dll!SetWindowsHookExA                                                                  75ED6D0C 5 Bytes  JMP 00180600 

.text           C:\Users\Mini-ZZ\Downloads\x2qt5p9s.exe[3172] kernel32.dll!GetBinaryTypeW + 70                                                       763969F4 1 Byte  [62]

.text           C:\Program Files\AVAST Software\Avast\AvastUI.exe[3204] kernel32.dll!GetBinaryTypeW + 70                                             763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] ntdll.dll!LdrUnloadDll                                            7776C86E 5 Bytes  JMP 002603FC 

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] ntdll.dll!LdrLoadDll                                              7777223E 5 Bytes  JMP 002601F8 

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] kernel32.dll!GetBinaryTypeW + 70                                  763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!UnhookWindowsHookEx                                    75EAADF9 5 Bytes  JMP 00330A08 

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!UnhookWinEvent                                         75EAB750 5 Bytes  JMP 003303FC 

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWindowsHookExW                                      75EAE30C 5 Bytes  JMP 00330804 

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWinEventHook                                        75EB24DC 5 Bytes  JMP 003301F8 

.text           C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] USER32.dll!SetWindowsHookExA                                      75ED6D0C 5 Bytes  JMP 00330600 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ntdll.dll!LdrUnloadDll                                              7776C86E 5 Bytes  JMP 001703FC 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] ntdll.dll!LdrLoadDll                                                7777223E 5 Bytes  JMP 001701F8 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] kernel32.dll!GetBinaryTypeW + 70                                    763969F4 1 Byte  [62]

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!UnhookWindowsHookEx                                      75EAADF9 5 Bytes  JMP 00220A08 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!UnhookWinEvent                                           75EAB750 5 Bytes  JMP 002203FC 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWindowsHookExW                                        75EAE30C 5 Bytes  JMP 00220804 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWinEventHook                                          75EB24DC 5 Bytes  JMP 002201F8 

.text           C:\Program Files\Common Files\Java\Java Update\jusched.exe[3224] USER32.dll!SetWindowsHookExA                                        75ED6D0C 5 Bytes  JMP 00220600 

.text           C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000303FC 

.text           C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrLoadDll                                                                           7777223E 3 Bytes  JMP 000301F8 

.text           C:\Windows\system32\conhost.exe[3292] ntdll.dll!LdrLoadDll + 4                                                                       77772242 1 Byte  [88]

.text           C:\Windows\system32\conhost.exe[3292] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\conhost.exe[3292] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 000C0A08 

.text           C:\Windows\system32\conhost.exe[3292] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 000C03FC 

.text           C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 000C0804 

.text           C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 000C01F8 

.text           C:\Windows\system32\conhost.exe[3292] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 000C0600 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] ntdll.dll!LdrUnloadDll                        7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] ntdll.dll!LdrLoadDll                          7777223E 5 Bytes  JMP 000601F8 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] kernel32.dll!GetBinaryTypeW + 70              763969F4 1 Byte  [62]

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!UnhookWindowsHookEx                75EAADF9 5 Bytes  JMP 000A0A08 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!UnhookWinEvent                     75EAB750 5 Bytes  JMP 000A03FC 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWindowsHookExW                  75EAE30C 5 Bytes  JMP 000A0804 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWinEventHook                    75EB24DC 5 Bytes  JMP 000A01F8 

.text           C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3428] USER32.dll!SetWindowsHookExA                  75ED6D0C 5 Bytes  JMP 000A0600 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3584] kernel32.dll!GetBinaryTypeW + 70                                                         763969F4 1 Byte  [62]

.text           C:\Windows\system32\ctfmon.exe[3604] kernel32.dll!GetBinaryTypeW + 70                                                                763969F4 1 Byte  [62]

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrUnloadDll                                                                   7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] ntdll.dll!LdrLoadDll                                                                     7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] kernel32.dll!GetBinaryTypeW + 70                                                         763969F4 1 Byte  [62]

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWindowsHookEx                                                           75EAADF9 5 Bytes  JMP 00100A08 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!UnhookWinEvent                                                                75EAB750 5 Bytes  JMP 001003FC 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExW                                                             75EAE30C 5 Bytes  JMP 00100804 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWinEventHook                                                               75EB24DC 5 Bytes  JMP 001001F8 

.text           C:\Windows\system32\wbem\wmiprvse.exe[3704] USER32.dll!SetWindowsHookExA                                                             75ED6D0C 5 Bytes  JMP 00100600 

.text           C:\Windows\system32\SearchIndexer.exe[3760] ntdll.dll!LdrUnloadDll                                                                   7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\SearchIndexer.exe[3760] ntdll.dll!LdrLoadDll                                                                     7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\SearchIndexer.exe[3760] kernel32.dll!GetBinaryTypeW + 70                                                         763969F4 1 Byte  [62]

.text           C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!UnhookWindowsHookEx                                                           75EAADF9 5 Bytes  JMP 00090A08 

.text           C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!UnhookWinEvent                                                                75EAB750 5 Bytes  JMP 000903FC 

.text           C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWindowsHookExW                                                             75EAE30C 5 Bytes  JMP 00090804 

.text           C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWinEventHook                                                               75EB24DC 5 Bytes  JMP 000901F8 

.text           C:\Windows\system32\SearchIndexer.exe[3760] USER32.dll!SetWindowsHookExA                                                             75ED6D0C 5 Bytes  JMP 00090600 

.text           C:\Windows\system32\svchost.exe[3920] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000A03FC 

.text           C:\Windows\system32\svchost.exe[3920] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000A01F8 

.text           C:\Windows\system32\svchost.exe[3920] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[3972] ntdll.dll!LdrUnloadDll                                                                         7776C86E 5 Bytes  JMP 000603FC 

.text           C:\Windows\system32\svchost.exe[3972] ntdll.dll!LdrLoadDll                                                                           7777223E 5 Bytes  JMP 000601F8 

.text           C:\Windows\system32\svchost.exe[3972] kernel32.dll!GetBinaryTypeW + 70                                                               763969F4 1 Byte  [62]

.text           C:\Windows\system32\svchost.exe[3972] USER32.dll!UnhookWindowsHookEx                                                                 75EAADF9 5 Bytes  JMP 00230A08 

.text           C:\Windows\system32\svchost.exe[3972] USER32.dll!UnhookWinEvent                                                                      75EAB750 5 Bytes  JMP 002303FC 

.text           C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWindowsHookExW                                                                   75EAE30C 5 Bytes  JMP 00230804 

.text           C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWinEventHook                                                                     75EB24DC 5 Bytes  JMP 002301F8 

.text           C:\Windows\system32\svchost.exe[3972] USER32.dll!SetWindowsHookExA                                                                   75ED6D0C 5 Bytes  JMP 00230600 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] ntdll.dll!LdrUnloadDll                                                    7776C86E 5 Bytes  JMP 001603FC 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] ntdll.dll!LdrLoadDll                                                      7777223E 5 Bytes  JMP 001601F8 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] kernel32.dll!GetBinaryTypeW + 70                                          763969F4 1 Byte  [62]

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!UnhookWindowsHookEx                                            75EAADF9 5 Bytes  JMP 00190A08 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!UnhookWinEvent                                                 75EAB750 5 Bytes  JMP 001903FC 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWindowsHookExW                                              75EAE30C 5 Bytes  JMP 00190804 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWinEventHook                                                75EB24DC 5 Bytes  JMP 001901F8 

.text           C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[4004] USER32.dll!SetWindowsHookExA                                              75ED6D0C 5 Bytes  JMP 00190600 
 

---- User IAT/EAT - GMER 1.0.15 ----
 

IAT             C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1640] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]              [7136F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT             C:\Program Files\AVAST Software\Avast\AvastUI.exe[3204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]               [7136F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT             C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\ADVAPI32.DLL [KERNEL32.dll!GetProcAddress]  [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]   [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]     [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]    [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]   [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)

IAT             C:\Program Files\Hewlett-Packard\HP CloudDrive\zumodrive.exe[3216] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]   [7575FFF6] C:\Windows\system32\apphelp.dll (Clientbibliothek für Anwendungskompatibilität/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                               aswSP.SYS (avast! self protection module/AVAST Software)
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                              Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\00000050                                                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                               rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                               rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                               rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                               rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Udp                                                                                                              aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                             fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

und OSAM
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 11:27:35 on 14.04.2012
 

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Mozilla Corporation Firefox 11.0
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl

"HP Documentation.cpl" - "Hewlett-Packard" - C:\Windows\system32\HP Documentation.cpl

"HPWA.cpl" - "Hewlett-Packard" - C:\Windows\system32\HPWA.cpl

"QuickWebConfTool.cpl" - "DeviceVM, Inc." - C:\Windows\system32\QuickWebConfTool.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys

"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys

"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\System32\Drivers\aswrdr2.sys

"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys

"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys

"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys

"catchme" (catchme) - ? - C:\Users\Mini-ZZ\AppData\Local\Temp\catchme.sys  (File not found)

"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys

"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys

"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys

"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} "StubPath" - "ArcSoft Inc." - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\HPMediaSuite.exe "/installer"

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{5FCD4425-CA3A-48F4-A57C-B8A75C32ACB1} "NSE_WithSubFld" - ? - C:\Program Files\Hewlett-Packard\Recovery\Protect.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll

{622AFE52-33F6-4D9F-9966-E0BC52D7D69D} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

{855156F0-2A0F-11DE-8C30-0800200C9A66} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

{B3C78E40-6B64-47C3-AE34-60B770881EB8} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

{D25B32FE-CB96-491A-98FF-AD59DA382D69} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

{E032716F-2E0A-4CCB-9FEB-BF2090B035DF} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} "Zecter" - "Versionate Inc." - C:\Program Files\Hewlett-Packard\HP CloudDrive\ShellExt.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} "Add to Evernote" - "Evernote Corporation" - C:\Program Files\Evernote\Evernote3.5\enbar.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Mini-ZZ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"HP Media Suite.lnk" - "ArcSoft Inc." - C:\Program Files\Hewlett-Packard\HP Media Suite\Home\ArcStart.exe  (Shortcut exists | File exists)

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

"HP Quick Launch" - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

"HPWirelessAssistant" - ? - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden  (File found, but it contains no detailed information)

"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"ZumoDrive" - ? - "C:\Program Files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE

"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE

"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

"DCService.exe" (DCService.exe) - ? - C:\ProgramData\DatacardService\DCService.exe

"DeviceVM Meta Data Export Service" (DvmMDES) - "DeviceVM, Inc." - C:\SwSetup\HPQWMM\QuickWeb\QW.SYS\config\DVMExportService.exe

"GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe

"HP Health Check Service" (HP Health Check Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

"HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe

"HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

"HP Wireless Assistant Service" (HP Wireless Assistant Service) - "Hewlett-Packard Company" - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

"HPWMISVC" (HPWMISVC) - ? - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

und aswMBR

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-14 11:31:38

-----------------------------

11:31:38.618    OS Version: Windows 6.1.7601 Service Pack 1

11:31:38.618    Number of processors: 2 586 0x1C0A

11:31:38.618    ComputerName: HP-MINI-ZZ  UserName: Mini-ZZ

11:31:44.843    Initialize success

11:31:45.841    AVAST engine defs: 12041301

11:32:20.832    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

11:32:20.848    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

11:32:20.879    Disk 0 MBR read successfully

11:32:20.894    Disk 0 MBR scan

11:32:20.894    Disk 0 unknown MBR code

11:32:20.910    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048

11:32:20.941    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       220817 MB offset 409600

11:32:20.972    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17354 MB offset 452642816

11:32:21.004    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 488183808

11:32:21.035    Disk 0 scanning sectors +488395120

11:32:21.097    Disk 0 scanning C:\Windows\system32\drivers

11:32:42.890    Service scanning

11:33:24.152    Modules scanning

11:33:55.134    Disk 0 trace - called modules:

11:33:55.197    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 

11:33:55.212    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85575030]

11:33:55.243    3 CLASSPNP.SYS[887b359e] -> nt!IofCallDriver -> [0x84b46890]

11:33:55.259    5 ACPI.sys[8808c3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b35028]

11:33:59.346    AVAST engine scan C:\Windows

11:34:07.552    AVAST engine scan C:\Windows\system32

11:37:39.463    AVAST engine scan C:\Windows\system32\drivers

11:38:00.632    AVAST engine scan C:\Users\Mini-ZZ

11:39:11.097    AVAST engine scan C:\ProgramData

11:42:02.604    Scan finished successfully

11:44:09.323    Disk 0 MBR has been saved successfully to "C:\Users\Mini-ZZ\Desktop\MBR.dat"

11:44:09.338    The log file has been saved successfully to "C:\Users\Mini-ZZ\Desktop\aswMBR.txt"

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

o.k. wo sieht es nun nach dem Fix aus:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-04-18 15:49:38

-----------------------------

15:49:38.736    OS Version: Windows 6.1.7601 Service Pack 1

15:49:38.736    Number of processors: 2 586 0x1C0A

15:49:38.752    ComputerName: HP-MINI-ZZ  UserName: Mini-ZZ

15:50:07.315    Initialize success

15:50:07.612    AVAST engine defs: 12041800

15:50:18.454    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

15:50:18.454    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

15:50:18.516    Disk 0 MBR read successfully

15:50:18.532    Disk 0 MBR scan

15:50:18.547    Disk 0 Windows 7 default MBR code

15:50:18.579    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048

15:50:18.594    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       220817 MB offset 409600

15:50:18.641    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        17354 MB offset 452642816

15:50:18.688    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 488183808

15:50:18.750    Disk 0 scanning sectors +488395120

15:50:18.937    Disk 0 scanning C:\Windows\system32\drivers

15:50:43.913    Service scanning

15:51:21.447    Modules scanning

15:52:19.962    Disk 0 trace - called modules:

15:52:20.025    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 

15:52:20.056    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85575030]

15:52:20.072    3 CLASSPNP.SYS[887b159e] -> nt!IofCallDriver -> [0x84b45b90]

15:52:20.087    5 ACPI.sys[880af3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b35028]

15:52:24.034    AVAST engine scan C:\Windows

15:52:38.074    AVAST engine scan C:\Windows\system32

15:57:23.539    AVAST engine scan C:\Windows\system32\drivers

15:57:44.568    AVAST engine scan C:\Users\Mini-ZZ

15:58:52.631    AVAST engine scan C:\ProgramData

16:01:00.411    Scan finished successfully

16:05:37.748    Disk 0 MBR has been saved successfully to "C:\Users\Mini-ZZ\Desktop\MBR.dat"

16:05:37.779    The log file has been saved successfully to "C:\Users\Mini-ZZ\Desktop\aswMBR_2.txt"

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!